BowTiedGnome
FFI on windows and handles
let code = kernel32.symbols.GetLastError();
// windows api last error code
log("ec", code);
const currentProcessHandle = kernel32.symbols.GetCurrentProcess();
log("currentProcessHandle ptr", Deno.UnsafePointer.value(currentProcessHandle));
// handle
const token = new Uint8Array(8); // using long sing one 64 bit machine, but always returns int.
const tokenHandle = Deno.UnsafePointer.of(token);
// show that its basically a null pointer
log("token ptr addr", Deno.UnsafePointer.value(tokenHandle))
log("token intptr", new DataView(token.buffer).getBigInt64(0, true))
log("")
log("call OpenProcessToken")
if (!advapi32.symbols.OpenProcessToken(currentProcessHandle, TokenAccess.Read, tokenHandle)) {
throw new Error("Failed to open process token");
}
code = kernel32.symbols.GetLastError();
log("ec", code);
log("token ptr addr", Deno.UnsafePointer.value(tokenHandle))
log("token intptr", new DataView(token.buffer).getBigInt64(0, true))
/**
* sequential struct that is 4 bytes
* struct TokenElevation {
* int TokenIsElevanted { get; set; } // int32, 4 bytes, but used as boolean value
* }
*/
const elevation = new Uint8Array(4);
const cbSize = new Uint32Array(1);
log("")
log("call GetTokenInformation")
const pass = advapi32.symbols.GetTokenInformation(
tokenHandle,
TokenElevation,
elevation,
elevation.byteLength,
cbSize
);
code = kernel32.symbols.GetLastError();
const length = cbSize[0];
const elevated = new DataView(elevation.buffer).getInt32(0, true);
log("length", length); // 4, so its updating
log("elevated", elevated); // 0
log("ec", code); // 6, invalid handle
log("success?", pass); // false
log("elevation", elevation); // empty array, null pointer
let code = kernel32.symbols.GetLastError();
// windows api last error code
log("ec", code);
const currentProcessHandle = kernel32.symbols.GetCurrentProcess();
log("currentProcessHandle ptr", Deno.UnsafePointer.value(currentProcessHandle));
// handle
const token = new Uint8Array(8); // using long sing one 64 bit machine, but always returns int.
const tokenHandle = Deno.UnsafePointer.of(token);
// show that its basically a null pointer
log("token ptr addr", Deno.UnsafePointer.value(tokenHandle))
log("token intptr", new DataView(token.buffer).getBigInt64(0, true))
log("")
log("call OpenProcessToken")
if (!advapi32.symbols.OpenProcessToken(currentProcessHandle, TokenAccess.Read, tokenHandle)) {
throw new Error("Failed to open process token");
}
code = kernel32.symbols.GetLastError();
log("ec", code);
log("token ptr addr", Deno.UnsafePointer.value(tokenHandle))
log("token intptr", new DataView(token.buffer).getBigInt64(0, true))
/**
* sequential struct that is 4 bytes
* struct TokenElevation {
* int TokenIsElevanted { get; set; } // int32, 4 bytes, but used as boolean value
* }
*/
const elevation = new Uint8Array(4);
const cbSize = new Uint32Array(1);
log("")
log("call GetTokenInformation")
const pass = advapi32.symbols.GetTokenInformation(
tokenHandle,
TokenElevation,
elevation,
elevation.byteLength,
cbSize
);
code = kernel32.symbols.GetLastError();
const length = cbSize[0];
const elevated = new DataView(elevation.buffer).getInt32(0, true);
log("length", length); // 4, so its updating
log("elevated", elevated); // 0
log("ec", code); // 6, invalid handle
log("success?", pass); // false
log("elevation", elevation); // empty array, null pointer
4 replies
FFI on windows and handles
const log = console.log;
enum TokenAccess {
AssignPrimary = 0x00000001,
Duplicate = 0x00000002,
Impersonate = 0x00000004,
Query = 0x00000008,
QuerySource = 0x00000010,
AdjustPrivileges = 0x00000020,
AdjustGroups = 0x00000040,
AdjustDefault = 0x00000080,
AdjustSessionId = 0x00000100,
Read = 0x00020000 | Query,
Write = 0x00020000 | AdjustPrivileges | AdjustGroups | AdjustDefault,
AllAccess = 0x000F0000 |
AssignPrimary |
Duplicate |
Impersonate |
Query |
QuerySource |
AdjustPrivileges |
AdjustGroups |
AdjustDefault |
AdjustSessionId,
MaximumAllowed = 0x02000000
}
const TokenElevation = 20;
const log = console.log;
enum TokenAccess {
AssignPrimary = 0x00000001,
Duplicate = 0x00000002,
Impersonate = 0x00000004,
Query = 0x00000008,
QuerySource = 0x00000010,
AdjustPrivileges = 0x00000020,
AdjustGroups = 0x00000040,
AdjustDefault = 0x00000080,
AdjustSessionId = 0x00000100,
Read = 0x00020000 | Query,
Write = 0x00020000 | AdjustPrivileges | AdjustGroups | AdjustDefault,
AllAccess = 0x000F0000 |
AssignPrimary |
Duplicate |
Impersonate |
Query |
QuerySource |
AdjustPrivileges |
AdjustGroups |
AdjustDefault |
AdjustSessionId,
MaximumAllowed = 0x02000000
}
const TokenElevation = 20;
4 replies
use `process` without importing it
if the code in a node project, you can reference the process object using globalThis
const g = globalThis as Record<string, unknown>;
if (g.process) {
// do something with process
}
const g = globalThis as Record<string, unknown>;
if (g.process) {
// do something with process
}
4 replies