BOOL GetPrivilege(HANDLE TokenHandle, LPCSTR lpName, int flags)
{
BOOL bResult;
DWORD dwBufferLength;
LUID luid;
TOKEN_PRIVILEGES tpPreviousState;
TOKEN_PRIVILEGES tpNewState;
dwBufferLength = 16;
bResult = LookupPrivilegeValueA(0, lpName, &luid);
if (bResult)
{
tpNewState.PrivilegeCount = 1;
tpNewState.Privileges[0].Luid = luid;
tpNewState.Privileges[0].Attributes = 0;
bResult = AdjustTokenPrivileges(TokenHandle, 0, &tpNewState, (LPBYTE)&(tpNewState.Privileges[1]) - (LPBYTE)&tpNewState, &tpPreviousState, &dwBufferLength);
if (bResult)
{
tpPreviousState.PrivilegeCount = 1;
tpPreviousState.Privileges[0].Luid = luid;
tpPreviousState.Privileges[0].Attributes = flags != 0 ? 2 : 0;
bResult = AdjustTokenPrivileges(TokenHandle, 0, &tpPreviousState, dwBufferLength, 0, 0);
}
}
return bResult;
}
/********************************
Obtains the SeDebugPrivilege privilege to access other process memory.
return Value
ERROR_SUCCESS : no error
ERROR_ACCESS_DENIED : cannot obtain the SeDebugPrivilege privilege
********************************/
DWORD elevate_access_rights()
{
TOKEN_PRIVILEGES priv;
HANDLE n1;
LUID luid;
if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, &n1))
{
#ifdef DEBUG
printf("[!] elevate_access_rights :: OpenProcessToken() failed\n");
#endif
return ERROR_ACCESS_DENIED;
}
if(!LookupPrivilegeValueA(NULL, "SeDebugPrivilege", &luid))
{
#ifdef DEBUG
printf("[!] elevate_access_rights :: LookupPrivilegeValueA() failed\n");
#endif
return ERROR_ACCESS_DENIED;
}
priv.PrivilegeCount=1;
priv.Privileges[0].Luid=luid;
priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(!AdjustTokenPrivileges(n1, FALSE, &priv, sizeof(priv), NULL, NULL))
{
#ifdef DEBUG
printf("[!] elevate_access_rights :: AdjustTokenPrivileges() failed\n");
#endif
return ERROR_ACCESS_DENIED;
}
CloseHandle(n1);
return ERROR_SUCCESS;
}
void
TestLookupPrivilegeValueA(
PLUID lpLuid
)
{
//
// LookupPrivilegeValueA test
//
BOOL Bool;
LPSTR PrivName;
LUID ReturnedValue;
TestGetPrivNameA( &PrivName, lpLuid );
printf(" LookupA call . . . . . . . . . . . . . . . . . ");
Bool = LookupPrivilegeValueA(
NULL,
PrivName,
&ReturnedValue
);
if ( !Bool ) {
printf("** FAILED **\n");
printf(" Status: %d\n", GetLastError());
} else {
if (ReturnedValue.LowPart != lpLuid->LowPart ||
ReturnedValue.HighPart != lpLuid->HighPart) {
printf("** FAILED **\n");
printf(" Value mismatch.\n");
printf(" Passed Value: {0x%lx, 0x%lx}\n",
lpLuid->HighPart,lpLuid->LowPart);
printf(" Retrieved Value: {0x%lx, 0x%lx}\n",
ReturnedValue.HighPart,ReturnedValue.LowPart);
} else {
printf("Succeeded\n");
}
}
printf("\n\n");
RtlFreeHeap( RtlProcessHeap(), 0, PrivName );
return;
}
void AddDebugPrivileges()
{
HANDLE hToken;
TOKEN_PRIVILEGES tP;
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken)) return;
if(!LookupPrivilegeValueA(NULL,"SeDebugPrivilege",&tP.Privileges[0].Luid))
{
CloseHandle(hToken);
return;
}
tP.PrivilegeCount=1;
tP.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken,FALSE,&tP,0,NULL,0);
CloseHandle(hToken);
}
unsigned long SetPrivilege(
HANDLE hToken,
LPCTSTR lpszPrivilege,
BOOL bEnablePrivilege
)
{
TOKEN_PRIVILEGES tp;
LUID luid;
if ( !LookupPrivilegeValueA(
NULL,
lpszPrivilege,
&luid ) )
{
printf("LookupPrivilegeValue error: %u\n", GetLastError() );
return 0;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if (bEnablePrivilege)
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
tp.Privileges[0].Attributes = 0;
if ( !AdjustTokenPrivileges(
hToken,
0,
&tp,
sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES) NULL,
(PDWORD) NULL) )
{
printf("AdjustTokenPrivileges error: %u\n", GetLastError() );
return 0;
}
if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
{
printf("The token does not have the specified privilege. \n");
return 0;
}
return 1;
}
JNIEXPORT jboolean JNICALL Java_keccs_hitTheHay_core_NativeInterface_isShutdownAvailable(JNIEnv *env, jclass c) {
HANDLE token;
OpenProcessToken(INVALID_HANDLE_VALUE, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &token);
LUID luid;
LookupPrivilegeValueA(NULL, SE_SHUTDOWN_NAME, &luid);
LUID_AND_ATTRIBUTES lattr;
lattr.Luid = luid;
lattr.Attributes = SE_PRIVILEGE_ENABLED;
TOKEN_PRIVILEGES tokenPrivileges;
tokenPrivileges.PrivilegeCount = 1;
tokenPrivileges.Privileges[0] = lattr;
BOOL success = AdjustTokenPrivileges(token, FALSE, &tokenPrivileges, 0, NULL, 0);
return success ? JNI_TRUE : JNI_FALSE;
}
/*************************************************************************
* ExitWindowsDialog [SHELL32.60]
*
* NOTES
* exported by ordinal
*/
void WINAPI ExitWindowsDialog(HWND hWndOwner)
{
TRACE("(%p)\n", hWndOwner);
if (ConfirmDialog(hWndOwner, IDS_SHUTDOWN_PROMPT, IDS_SHUTDOWN_TITLE))
{
HANDLE hToken;
TOKEN_PRIVILEGES npr;
/* enable shutdown privilege for current process */
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
{
LookupPrivilegeValueA(0, "SeShutdownPrivilege", &npr.Privileges[0].Luid);
npr.PrivilegeCount = 1;
npr.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, &npr, 0, 0, 0);
CloseHandle(hToken);
}
ExitWindowsEx(EWX_SHUTDOWN, 0);
}
}
//--------------------------------------------------------------------------------------
BOOL LoadPrivileges(char *lpszName)
{
HANDLE hToken = NULL;
LUID Val;
TOKEN_PRIVILEGES tp;
BOOL bRet = FALSE;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{
DbgMsg(__FILE__, __LINE__, "OpenProcessToken() fails: error %d\n", GetLastError());
goto end;
}
if (!LookupPrivilegeValueA(NULL, lpszName, &Val))
{
DbgMsg(__FILE__, __LINE__, "LookupPrivilegeValue() fails: error %d\n", GetLastError());
goto end;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = Val;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof (tp), NULL, NULL))
{
DbgMsg(__FILE__, __LINE__, "AdjustTokenPrivileges() fails: error %d\n", GetLastError());
goto end;
}
bRet = TRUE;
end:
if (hToken)
{
CloseHandle(hToken);
}
return bRet;
}
BOOL WindowsDebugger::windowsdebugger_token_privilege(
char * lpszPrivilegeName, BOOL bFlag )
{
LUID sLuid;
TOKEN_PRIVILEGES sTokenPrivileges;
HANDLE hToken;
if( OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES,
&hToken ) == FALSE ) {
WinError::winerror_print_last_error( __FUNCTION__ );
return FALSE;
}
if( LookupPrivilegeValueA( NULL, lpszPrivilegeName, &sLuid )
== FALSE ) {
dprintflvl( 2, "Privilege lookup error" );
CloseHandle( hToken );
return FALSE;
}
sTokenPrivileges.PrivilegeCount = 1;
sTokenPrivileges.Privileges[0].Luid = sLuid;
sTokenPrivileges.Privileges[0].Attributes = bFlag ?
SE_PRIVILEGE_ENABLED : NULL;
if( AdjustTokenPrivileges( (HANDLE)hToken, FALSE,
(PTOKEN_PRIVILEGES)&sTokenPrivileges,
(DWORD)sizeof( sTokenPrivileges ), (PTOKEN_PRIVILEGES)NULL,
(PDWORD)NULL ) == FALSE ) {
CloseHandle( hToken );
WinError::winerror_print_last_error( __FUNCTION__ );
dprintflvl( 2, "Error adjusting token" );
return FALSE;
}
CloseHandle( hToken );
return TRUE;
}
int WINAPI RestartDialogEx(HWND hWndOwner, LPCWSTR lpwstrReason, DWORD uFlags, DWORD uReason)
{
TRACE("(%p)\n", hWndOwner);
/* FIXME: use lpwstrReason */
if (ConfirmDialog(hWndOwner, IDS_RESTART_PROMPT, IDS_RESTART_TITLE))
{
HANDLE hToken;
TOKEN_PRIVILEGES npr;
/* enable the shutdown privilege for the current process */
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
{
LookupPrivilegeValueA(0, "SeShutdownPrivilege", &npr.Privileges[0].Luid);
npr.PrivilegeCount = 1;
npr.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, &npr, 0, 0, 0);
CloseHandle(hToken);
}
ExitWindowsEx(EWX_REBOOT, uReason);
}
return 0;
}
// Function name : InitWinMemManagement
// Description : Initialztion internal data and get DEBUG privilegies for Read & Write process memory
// Return type : BOOL TRUE - if init was successful
// Argument : DWORD dwPlatformID - see OsVersion structure...
BOOL InitWinMemManagement(DWORD dwPlatformID, void* (*pfMemAlloc)(size_t), void (*pfMemFree)(void*))
{
BOOL bResult = FALSE;
BOOL bErr = FALSE;
_Mem_Alloc = pfMemAlloc;
_Mem_Free = pfMemFree;
g_hMemManage = GetProcessHeap();
switch (dwPlatformID)
{
case VER_PLATFORM_WIN32_NT:
{
HMODULE hModNtDll;
HANDLE hToken;
LUID DebugValue;
TOKEN_PRIVILEGES tkp;
hModNtDll = GetModuleHandleA(NTDLL_NAME);
if (hModNtDll != NULL)
{
if(!(pZwQuerySystemInformation=(_pZwQuerySystemInformation) GetProcAddress(hModNtDll, "ZwQuerySystemInformation")))
bErr = TRUE;
if(!(pZwQueryInformationProcess=(_pZwQueryInformationProcess) GetProcAddress(hModNtDll, "ZwQueryInformationProcess")))
bErr = TRUE;
if (!LookupPrivilegeValueA("", OWN_SE_DEBUG_NAME, &DebugValue))
bErr = TRUE;
if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
bErr = TRUE;
if (bErr == FALSE)
{
BOOL bNeedPriv = TRUE;
DWORD dwLength;
#define _TOKEN_BUFFER 0x500
char TokenBuffer[_TOKEN_BUFFER];
TOKEN_PRIVILEGES* ptkp;
if (GetTokenInformation(hToken, TokenPrivileges, TokenBuffer, _TOKEN_BUFFER, &dwLength) != 0)
{
DWORD dwPrivCount = 0;
ptkp = (TOKEN_PRIVILEGES*) TokenBuffer;
for (; (dwPrivCount < ptkp->PrivilegeCount - 1) && (bNeedPriv == TRUE); dwPrivCount++)
{
if ((ptkp->Privileges[dwPrivCount].Luid.HighPart == DebugValue.HighPart) && (ptkp->Privileges[dwPrivCount].Luid.LowPart == DebugValue.LowPart))
bNeedPriv = FALSE;
}
}
if (bNeedPriv == TRUE)
{
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = DebugValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, NULL, NULL))
bResult = TRUE;
}
else
bResult = TRUE;
CloseHandle(hToken);
}
}
}
break;
case VER_PLATFORM_WIN32_WINDOWS:
{
HMODULE hModKrnl32;
hModKrnl32 = GetModuleHandleA(_KRNL32);
if(!(pCreateToolhelp32Snapshot = (_pCreateToolhelp32Snapshot) GetProcAddress(hModKrnl32, "CreateToolhelp32Snapshot")))
bErr = TRUE;
if(!(pProcess32First = (_pProcess32First) GetProcAddress(hModKrnl32,"Process32First")))
bErr = TRUE;
if(!(pProcess32Next = (_pProcess32Next)GetProcAddress(hModKrnl32,"Process32Next")))
bErr = TRUE;
if(!(pThread32First = (_pThread32First)GetProcAddress(hModKrnl32,"Thread32First")))
bErr = TRUE;
if(!(pThread32Next = (_pThread32Next)GetProcAddress(hModKrnl32,"Thread32Next")))
bErr = TRUE;
if(!(pModule32First = (_pModule32First)GetProcAddress(hModKrnl32,"Module32First")))
bErr = TRUE;
if(!(pModule32Next = (_pModule32Next)GetProcAddress(hModKrnl32,"Module32Next")))
bErr = TRUE;
if (bErr == FALSE)
bResult = TRUE;
}
break;
default:
{
OutputDebugStringA("MemManagment: Unsupported OS.\n");
}
}
return bResult;
}
