Jump to content

Recommended Posts

Posted (edited)

Hi

I wanted to know reason why I'm not getting debug privilege for avp.exe file ? even im using fDebugPriv = True in _WinAPI_OpenProcess

#include <WinAPI.au3>
#include <array.au3>


_GetPrivilege_SEDEBUG()

Global $output[1][1]
$var = ProcessList("avp.exe") ;"notepad.exe"

ReDim $output[UBound($var)][2]

For $i = 1 To UBound($var) - 1
    $output[$i][0] = $var[$i][0]
    $output[$i][1] = $var[$i][1]
    $handle = _WinAPI_OpenProcess(0x1f0fff, 0, $output[$i][1], True)    
Next


_ArrayDisplay($output)


Func _GetPrivilege_SEDEBUG()

    Local $tagLUIDANDATTRIB = "int64 Luid;dword Attributes"
    Local $count = 1
    Local $tagTOKENPRIVILEGES = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]"; count of LUID structs * sizeof LUID struct
    ;   Local $sTOKEN_ADJUST_PRIVILEGES = 0x20
    Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "ptr", _WinAPI_GetCurrentProcess(), "dword", 0x20, "ptr*", "")
    Local $hToken = $call[3]
    $call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", Chr(0), "str", "SeDebugPrivilege", "int64*", "")
    Local $iLuid = $call[3]
    Local $TP = DllStructCreate($tagTOKENPRIVILEGES)
    Local $LUID = DllStructCreate($tagLUIDANDATTRIB, DllStructGetPtr($TP, "LUIDandATTRIB"))
    DllStructSetData($TP, "PrivilegeCount", $count)
    DllStructSetData($LUID, "Luid", $iLuid)
    DllStructSetData($LUID, "Attributes", $SE_PRIVILEGE_ENABLED)
    $call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "ptr", $hToken, "int", 0, "ptr", DllStructGetPtr($TP), "dword", 0, "ptr", Chr(0), "ptr", Chr(0))
    If ($call[0] <> 0) = True Then
        ConsoleWrite("Debug Privilege = " & ($call[0] <> 0))
        Return SetError(1) ; $call[0] <> 0 is success
    EndIf
    If ($call[0] <> 0) = False Then
        ConsoleWrite("Debug Privilege = " & ($call[0] <> 0))
        Return SetError(0)
    EndIf
EndFunc   ;==>_GetPrivilege_SEDEBUG
Edited by autoitxp
Posted

Did yo verify that $hToken is defined and not 0? Try specifying 'int*' in the OpenProcessToken function instead of 'ptr*', always check the return value and the error macro to see the state of the variables before passing them to the next function.

Posted

Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "ptr", _WinAPI_GetCurrentProcess(), "dword", 0x20, "'int*", "")

now it returns 0

Posted

#include <WinAPI.au3>


_GetPrivilege_SEDEBUG()
ConsoleWrite(@error & @CRLF)


Func _GetPrivilege_SEDEBUG()

    Local $tagLUIDANDATTRIB = "int64 Luid;dword Attributes"
    Local $count = 1
    Local $tagTOKENPRIVILEGES = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]"; count of LUID structs * sizeof LUID struct
    ;   Local $sTOKEN_ADJUST_PRIVILEGES = 0x20
    Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", _WinAPI_GetCurrentProcess(), "dword", 0x20, "int*", "")
    Local $hToken = $call[3]
    
    $call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", "SeDebugPrivilege", "int64*", "")

    Local $iLuid = $call[3]
    Local $TP = DllStructCreate($tagTOKENPRIVILEGES)
    Local $LUID = DllStructCreate($tagLUIDANDATTRIB, DllStructGetPtr($TP, "LUIDandATTRIB"))
    DllStructSetData($TP, "PrivilegeCount", $count)
    DllStructSetData($LUID, "Luid", $iLuid)
    DllStructSetData($LUID, "Attributes", $SE_PRIVILEGE_ENABLED)
    
    $call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $hToken, "int", 0, "ptr", DllStructGetPtr($TP), "dword", 0, "ptr", "", "ptr", "")
    
    If ($call[0] <> 0) Then
        ConsoleWrite("Debug Privilege = " & ($call[0] <> 0) & @LF)
        Return SetError(0) ; $call[0] <> 0 is success
    Else
        ConsoleWrite("Debug Privilege = " & ($call[0] <> 0) & @LF)
        Return SetError(1)
    EndIf
EndFunc   ;==>_GetPrivilege_SEDEBUG

It seems it worked but the return SetError(1) on success make it confusing.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...