NTSTATUS PhRunAsServiceStart( _In_ PPH_STRING ServiceName ) { HANDLE tokenHandle; SERVICE_TABLE_ENTRY entry; // Enable some required privileges. if (NT_SUCCESS(NtOpenProcessToken( NtCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &tokenHandle ))) { PhSetTokenPrivilege(tokenHandle, L"SeAssignPrimaryTokenPrivilege", NULL, SE_PRIVILEGE_ENABLED); PhSetTokenPrivilege(tokenHandle, L"SeBackupPrivilege", NULL, SE_PRIVILEGE_ENABLED); PhSetTokenPrivilege(tokenHandle, L"SeImpersonatePrivilege", NULL, SE_PRIVILEGE_ENABLED); PhSetTokenPrivilege(tokenHandle, L"SeIncreaseQuotaPrivilege", NULL, SE_PRIVILEGE_ENABLED); PhSetTokenPrivilege(tokenHandle, L"SeRestorePrivilege", NULL, SE_PRIVILEGE_ENABLED); NtClose(tokenHandle); } RunAsServiceName = ServiceName; entry.lpServiceName = ServiceName->Buffer; entry.lpServiceProc = RunAsServiceMain; StartServiceCtrlDispatcher(&entry); return STATUS_SUCCESS; }
VOID NTAPI LoadCallback( _In_opt_ PVOID Parameter, _In_opt_ PVOID Context ) { HANDLE tokenHandle; if (NT_SUCCESS(NtOpenProcessToken(NtCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &tokenHandle))) { PhSetTokenPrivilege(tokenHandle, SE_SYSTEM_ENVIRONMENT_NAME, NULL, SE_PRIVILEGE_ENABLED); NtClose(tokenHandle); } }