autoitxp Posted August 7, 2009 Posted August 7, 2009 (edited) Hi I wanted to know reason why I'm not getting debug privilege for avp.exe file ? even im using fDebugPriv = True in _WinAPI_OpenProcess expandcollapse popup#include <WinAPI.au3> #include <array.au3> _GetPrivilege_SEDEBUG() Global $output[1][1] $var = ProcessList("avp.exe") ;"notepad.exe" ReDim $output[UBound($var)][2] For $i = 1 To UBound($var) - 1 $output[$i][0] = $var[$i][0] $output[$i][1] = $var[$i][1] $handle = _WinAPI_OpenProcess(0x1f0fff, 0, $output[$i][1], True) Next _ArrayDisplay($output) Func _GetPrivilege_SEDEBUG() Local $tagLUIDANDATTRIB = "int64 Luid;dword Attributes" Local $count = 1 Local $tagTOKENPRIVILEGES = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]"; count of LUID structs * sizeof LUID struct ; Local $sTOKEN_ADJUST_PRIVILEGES = 0x20 Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "ptr", _WinAPI_GetCurrentProcess(), "dword", 0x20, "ptr*", "") Local $hToken = $call[3] $call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", Chr(0), "str", "SeDebugPrivilege", "int64*", "") Local $iLuid = $call[3] Local $TP = DllStructCreate($tagTOKENPRIVILEGES) Local $LUID = DllStructCreate($tagLUIDANDATTRIB, DllStructGetPtr($TP, "LUIDandATTRIB")) DllStructSetData($TP, "PrivilegeCount", $count) DllStructSetData($LUID, "Luid", $iLuid) DllStructSetData($LUID, "Attributes", $SE_PRIVILEGE_ENABLED) $call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "ptr", $hToken, "int", 0, "ptr", DllStructGetPtr($TP), "dword", 0, "ptr", Chr(0), "ptr", Chr(0)) If ($call[0] <> 0) = True Then ConsoleWrite("Debug Privilege = " & ($call[0] <> 0)) Return SetError(1) ; $call[0] <> 0 is success EndIf If ($call[0] <> 0) = False Then ConsoleWrite("Debug Privilege = " & ($call[0] <> 0)) Return SetError(0) EndIf EndFunc ;==>_GetPrivilege_SEDEBUG Edited August 7, 2009 by autoitxp
Authenticity Posted August 7, 2009 Posted August 7, 2009 Did yo verify that $hToken is defined and not 0? Try specifying 'int*' in the OpenProcessToken function instead of 'ptr*', always check the return value and the error macro to see the state of the variables before passing them to the next function.
autoitxp Posted August 7, 2009 Author Posted August 7, 2009 Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "ptr", _WinAPI_GetCurrentProcess(), "dword", 0x20, "'int*", "") now it returns 0
Authenticity Posted August 7, 2009 Posted August 7, 2009 #include <WinAPI.au3> _GetPrivilege_SEDEBUG() ConsoleWrite(@error & @CRLF) Func _GetPrivilege_SEDEBUG() Local $tagLUIDANDATTRIB = "int64 Luid;dword Attributes" Local $count = 1 Local $tagTOKENPRIVILEGES = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]"; count of LUID structs * sizeof LUID struct ; Local $sTOKEN_ADJUST_PRIVILEGES = 0x20 Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", _WinAPI_GetCurrentProcess(), "dword", 0x20, "int*", "") Local $hToken = $call[3] $call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", "SeDebugPrivilege", "int64*", "") Local $iLuid = $call[3] Local $TP = DllStructCreate($tagTOKENPRIVILEGES) Local $LUID = DllStructCreate($tagLUIDANDATTRIB, DllStructGetPtr($TP, "LUIDandATTRIB")) DllStructSetData($TP, "PrivilegeCount", $count) DllStructSetData($LUID, "Luid", $iLuid) DllStructSetData($LUID, "Attributes", $SE_PRIVILEGE_ENABLED) $call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $hToken, "int", 0, "ptr", DllStructGetPtr($TP), "dword", 0, "ptr", "", "ptr", "") If ($call[0] <> 0) Then ConsoleWrite("Debug Privilege = " & ($call[0] <> 0) & @LF) Return SetError(0) ; $call[0] <> 0 is success Else ConsoleWrite("Debug Privilege = " & ($call[0] <> 0) & @LF) Return SetError(1) EndIf EndFunc ;==>_GetPrivilege_SEDEBUG It seems it worked but the return SetError(1) on success make it confusing.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now