BOOL GetPrivilege(HANDLE TokenHandle, LPCSTR lpName, int flags) { BOOL bResult; DWORD dwBufferLength; LUID luid; TOKEN_PRIVILEGES tpPreviousState; TOKEN_PRIVILEGES tpNewState; dwBufferLength = 16; bResult = LookupPrivilegeValueA(0, lpName, &luid); if (bResult) { tpNewState.PrivilegeCount = 1; tpNewState.Privileges[0].Luid = luid; tpNewState.Privileges[0].Attributes = 0; bResult = AdjustTokenPrivileges(TokenHandle, 0, &tpNewState, (LPBYTE)&(tpNewState.Privileges[1]) - (LPBYTE)&tpNewState, &tpPreviousState, &dwBufferLength); if (bResult) { tpPreviousState.PrivilegeCount = 1; tpPreviousState.Privileges[0].Luid = luid; tpPreviousState.Privileges[0].Attributes = flags != 0 ? 2 : 0; bResult = AdjustTokenPrivileges(TokenHandle, 0, &tpPreviousState, dwBufferLength, 0, 0); } } return bResult; }
/******************************** Obtains the SeDebugPrivilege privilege to access other process memory. return Value ERROR_SUCCESS : no error ERROR_ACCESS_DENIED : cannot obtain the SeDebugPrivilege privilege ********************************/ DWORD elevate_access_rights() { TOKEN_PRIVILEGES priv; HANDLE n1; LUID luid; if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, &n1)) { #ifdef DEBUG printf("[!] elevate_access_rights :: OpenProcessToken() failed\n"); #endif return ERROR_ACCESS_DENIED; } if(!LookupPrivilegeValueA(NULL, "SeDebugPrivilege", &luid)) { #ifdef DEBUG printf("[!] elevate_access_rights :: LookupPrivilegeValueA() failed\n"); #endif return ERROR_ACCESS_DENIED; } priv.PrivilegeCount=1; priv.Privileges[0].Luid=luid; priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if(!AdjustTokenPrivileges(n1, FALSE, &priv, sizeof(priv), NULL, NULL)) { #ifdef DEBUG printf("[!] elevate_access_rights :: AdjustTokenPrivileges() failed\n"); #endif return ERROR_ACCESS_DENIED; } CloseHandle(n1); return ERROR_SUCCESS; }
void TestLookupPrivilegeValueA( PLUID lpLuid ) { // // LookupPrivilegeValueA test // BOOL Bool; LPSTR PrivName; LUID ReturnedValue; TestGetPrivNameA( &PrivName, lpLuid ); printf(" LookupA call . . . . . . . . . . . . . . . . . "); Bool = LookupPrivilegeValueA( NULL, PrivName, &ReturnedValue ); if ( !Bool ) { printf("** FAILED **\n"); printf(" Status: %d\n", GetLastError()); } else { if (ReturnedValue.LowPart != lpLuid->LowPart || ReturnedValue.HighPart != lpLuid->HighPart) { printf("** FAILED **\n"); printf(" Value mismatch.\n"); printf(" Passed Value: {0x%lx, 0x%lx}\n", lpLuid->HighPart,lpLuid->LowPart); printf(" Retrieved Value: {0x%lx, 0x%lx}\n", ReturnedValue.HighPart,ReturnedValue.LowPart); } else { printf("Succeeded\n"); } } printf("\n\n"); RtlFreeHeap( RtlProcessHeap(), 0, PrivName ); return; }
void AddDebugPrivileges() { HANDLE hToken; TOKEN_PRIVILEGES tP; if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken)) return; if(!LookupPrivilegeValueA(NULL,"SeDebugPrivilege",&tP.Privileges[0].Luid)) { CloseHandle(hToken); return; } tP.PrivilegeCount=1; tP.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hToken,FALSE,&tP,0,NULL,0); CloseHandle(hToken); }
unsigned long SetPrivilege( HANDLE hToken, LPCTSTR lpszPrivilege, BOOL bEnablePrivilege ) { TOKEN_PRIVILEGES tp; LUID luid; if ( !LookupPrivilegeValueA( NULL, lpszPrivilege, &luid ) ) { printf("LookupPrivilegeValue error: %u\n", GetLastError() ); return 0; } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; if (bEnablePrivilege) tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; else tp.Privileges[0].Attributes = 0; if ( !AdjustTokenPrivileges( hToken, 0, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL, (PDWORD) NULL) ) { printf("AdjustTokenPrivileges error: %u\n", GetLastError() ); return 0; } if (GetLastError() == ERROR_NOT_ALL_ASSIGNED) { printf("The token does not have the specified privilege. \n"); return 0; } return 1; }
JNIEXPORT jboolean JNICALL Java_keccs_hitTheHay_core_NativeInterface_isShutdownAvailable(JNIEnv *env, jclass c) { HANDLE token; OpenProcessToken(INVALID_HANDLE_VALUE, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &token); LUID luid; LookupPrivilegeValueA(NULL, SE_SHUTDOWN_NAME, &luid); LUID_AND_ATTRIBUTES lattr; lattr.Luid = luid; lattr.Attributes = SE_PRIVILEGE_ENABLED; TOKEN_PRIVILEGES tokenPrivileges; tokenPrivileges.PrivilegeCount = 1; tokenPrivileges.Privileges[0] = lattr; BOOL success = AdjustTokenPrivileges(token, FALSE, &tokenPrivileges, 0, NULL, 0); return success ? JNI_TRUE : JNI_FALSE; }
/************************************************************************* * ExitWindowsDialog [SHELL32.60] * * NOTES * exported by ordinal */ void WINAPI ExitWindowsDialog(HWND hWndOwner) { TRACE("(%p)\n", hWndOwner); if (ConfirmDialog(hWndOwner, IDS_SHUTDOWN_PROMPT, IDS_SHUTDOWN_TITLE)) { HANDLE hToken; TOKEN_PRIVILEGES npr; /* enable shutdown privilege for current process */ if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken)) { LookupPrivilegeValueA(0, "SeShutdownPrivilege", &npr.Privileges[0].Luid); npr.PrivilegeCount = 1; npr.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hToken, FALSE, &npr, 0, 0, 0); CloseHandle(hToken); } ExitWindowsEx(EWX_SHUTDOWN, 0); } }
//-------------------------------------------------------------------------------------- BOOL LoadPrivileges(char *lpszName) { HANDLE hToken = NULL; LUID Val; TOKEN_PRIVILEGES tp; BOOL bRet = FALSE; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { DbgMsg(__FILE__, __LINE__, "OpenProcessToken() fails: error %d\n", GetLastError()); goto end; } if (!LookupPrivilegeValueA(NULL, lpszName, &Val)) { DbgMsg(__FILE__, __LINE__, "LookupPrivilegeValue() fails: error %d\n", GetLastError()); goto end; } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = Val; tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof (tp), NULL, NULL)) { DbgMsg(__FILE__, __LINE__, "AdjustTokenPrivileges() fails: error %d\n", GetLastError()); goto end; } bRet = TRUE; end: if (hToken) { CloseHandle(hToken); } return bRet; }
BOOL WindowsDebugger::windowsdebugger_token_privilege( char * lpszPrivilegeName, BOOL bFlag ) { LUID sLuid; TOKEN_PRIVILEGES sTokenPrivileges; HANDLE hToken; if( OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken ) == FALSE ) { WinError::winerror_print_last_error( __FUNCTION__ ); return FALSE; } if( LookupPrivilegeValueA( NULL, lpszPrivilegeName, &sLuid ) == FALSE ) { dprintflvl( 2, "Privilege lookup error" ); CloseHandle( hToken ); return FALSE; } sTokenPrivileges.PrivilegeCount = 1; sTokenPrivileges.Privileges[0].Luid = sLuid; sTokenPrivileges.Privileges[0].Attributes = bFlag ? SE_PRIVILEGE_ENABLED : NULL; if( AdjustTokenPrivileges( (HANDLE)hToken, FALSE, (PTOKEN_PRIVILEGES)&sTokenPrivileges, (DWORD)sizeof( sTokenPrivileges ), (PTOKEN_PRIVILEGES)NULL, (PDWORD)NULL ) == FALSE ) { CloseHandle( hToken ); WinError::winerror_print_last_error( __FUNCTION__ ); dprintflvl( 2, "Error adjusting token" ); return FALSE; } CloseHandle( hToken ); return TRUE; }
int WINAPI RestartDialogEx(HWND hWndOwner, LPCWSTR lpwstrReason, DWORD uFlags, DWORD uReason) { TRACE("(%p)\n", hWndOwner); /* FIXME: use lpwstrReason */ if (ConfirmDialog(hWndOwner, IDS_RESTART_PROMPT, IDS_RESTART_TITLE)) { HANDLE hToken; TOKEN_PRIVILEGES npr; /* enable the shutdown privilege for the current process */ if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken)) { LookupPrivilegeValueA(0, "SeShutdownPrivilege", &npr.Privileges[0].Luid); npr.PrivilegeCount = 1; npr.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hToken, FALSE, &npr, 0, 0, 0); CloseHandle(hToken); } ExitWindowsEx(EWX_REBOOT, uReason); } return 0; }
// Function name : InitWinMemManagement // Description : Initialztion internal data and get DEBUG privilegies for Read & Write process memory // Return type : BOOL TRUE - if init was successful // Argument : DWORD dwPlatformID - see OsVersion structure... BOOL InitWinMemManagement(DWORD dwPlatformID, void* (*pfMemAlloc)(size_t), void (*pfMemFree)(void*)) { BOOL bResult = FALSE; BOOL bErr = FALSE; _Mem_Alloc = pfMemAlloc; _Mem_Free = pfMemFree; g_hMemManage = GetProcessHeap(); switch (dwPlatformID) { case VER_PLATFORM_WIN32_NT: { HMODULE hModNtDll; HANDLE hToken; LUID DebugValue; TOKEN_PRIVILEGES tkp; hModNtDll = GetModuleHandleA(NTDLL_NAME); if (hModNtDll != NULL) { if(!(pZwQuerySystemInformation=(_pZwQuerySystemInformation) GetProcAddress(hModNtDll, "ZwQuerySystemInformation"))) bErr = TRUE; if(!(pZwQueryInformationProcess=(_pZwQueryInformationProcess) GetProcAddress(hModNtDll, "ZwQueryInformationProcess"))) bErr = TRUE; if (!LookupPrivilegeValueA("", OWN_SE_DEBUG_NAME, &DebugValue)) bErr = TRUE; if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) bErr = TRUE; if (bErr == FALSE) { BOOL bNeedPriv = TRUE; DWORD dwLength; #define _TOKEN_BUFFER 0x500 char TokenBuffer[_TOKEN_BUFFER]; TOKEN_PRIVILEGES* ptkp; if (GetTokenInformation(hToken, TokenPrivileges, TokenBuffer, _TOKEN_BUFFER, &dwLength) != 0) { DWORD dwPrivCount = 0; ptkp = (TOKEN_PRIVILEGES*) TokenBuffer; for (; (dwPrivCount < ptkp->PrivilegeCount - 1) && (bNeedPriv == TRUE); dwPrivCount++) { if ((ptkp->Privileges[dwPrivCount].Luid.HighPart == DebugValue.HighPart) && (ptkp->Privileges[dwPrivCount].Luid.LowPart == DebugValue.LowPart)) bNeedPriv = FALSE; } } if (bNeedPriv == TRUE) { tkp.PrivilegeCount = 1; tkp.Privileges[0].Luid = DebugValue; tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if(AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, NULL, NULL)) bResult = TRUE; } else bResult = TRUE; CloseHandle(hToken); } } } break; case VER_PLATFORM_WIN32_WINDOWS: { HMODULE hModKrnl32; hModKrnl32 = GetModuleHandleA(_KRNL32); if(!(pCreateToolhelp32Snapshot = (_pCreateToolhelp32Snapshot) GetProcAddress(hModKrnl32, "CreateToolhelp32Snapshot"))) bErr = TRUE; if(!(pProcess32First = (_pProcess32First) GetProcAddress(hModKrnl32,"Process32First"))) bErr = TRUE; if(!(pProcess32Next = (_pProcess32Next)GetProcAddress(hModKrnl32,"Process32Next"))) bErr = TRUE; if(!(pThread32First = (_pThread32First)GetProcAddress(hModKrnl32,"Thread32First"))) bErr = TRUE; if(!(pThread32Next = (_pThread32Next)GetProcAddress(hModKrnl32,"Thread32Next"))) bErr = TRUE; if(!(pModule32First = (_pModule32First)GetProcAddress(hModKrnl32,"Module32First"))) bErr = TRUE; if(!(pModule32Next = (_pModule32Next)GetProcAddress(hModKrnl32,"Module32Next"))) bErr = TRUE; if (bErr == FALSE) bResult = TRUE; } break; default: { OutputDebugStringA("MemManagment: Unsupported OS.\n"); } } return bResult; }