DXRW4E

Hi DigDeep, I do not understand why so much confusion, is simple, the function does not return BOOL (TRUE or FALSE), but return Array, so to check return (TRUE or FALSE) need to use IsArray(), or use @Error for more info #RequireAdmin #include <_RegEnumKeyValEx.au3> Local $KeyPath = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion" Local $KBname = "*Uninstall*" Local $aKeyPath $aKeyPath = _RegEnumKeyEx($KeyPath, 0, $KBname) If @Error Then ; Return values .: Success - Return Array List (See Remarks) ; Failure - @Error ; |1 = Invalid $sFilter ; |2 = No Key-SubKey(s) Found ; |3 = Invalid $vFilter ; |4 = No Value-Name(s) Found MsgBox(0, "", "Registry Key does not exists") Else MsgBox(0, "", "Registry Key Exists") EndIf ;Or $aKeyPath = _RegEnumKeyEx($KeyPath, 0, $KBname) If IsArray($aKeyPath) Then MsgBox(0, "", "Registry Key Exists") Else MsgBox(0, "", "Registry Key does not exists") EndIf $KeyPath = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersionXXXXXX" $aKeyPath = _RegEnumKeyEx($KeyPath, 0, $KBname) If @Error Then ; Return values .: Success - Return Array List (See Remarks) ; Failure - @Error ; |1 = Invalid $sFilter ; |2 = No Key-SubKey(s) Found ; |3 = Invalid $vFilter ; |4 = No Value-Name(s) Found MsgBox(0, "", "Registry Key does not exists") Else MsgBox(0, "", "Registry Key Exists") EndIf ;Or $aKeyPath = _RegEnumKeyEx($KeyPath, 0, $KBname) If IsArray($aKeyPath) Then MsgBox(0, "", "Registry Key Exists") Else MsgBox(0, "", "Registry Key does not exists") EndIf Ciao.

#include <_RegEnumKeyValEx.au3> Local $KeyPath = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" Local $KBname = "*2d851484*" Local $aKeyPath $aKeyPath = _RegEnumKeyEx($KeyPath, 0, $KBname) If @Error Then ; Return values .: Success - Return Array List (See Remarks) ; Failure - @Error ; |1 = Invalid $sFilter ; |2 = No Key-SubKey(s) Found ; |3 = Invalid $vFilter ; |4 = No Value-Name(s) Found MsgBox(0, "", "Registry Key does not exists") Else MsgBox(0, "", "Registry Key Exists") EndIf ;Or $aKeyPath = _RegEnumKeyEx($KeyPath, 0, $KBname) If IsArray($aKeyPath) Then MsgBox(0, "", "Registry Key Exists") Else MsgBox(0, "", "Registry Key does not exists") EndIf Ciao.

see _SHA1ForFile() and https://msdn.microsoft.com/en-us/library/windows/desktop/aa375549(v=vs.85).aspx use CALG_SHA_512 0x0000800e $arDllCall = DllCall($hAdvapi32Dll, "int", "CryptCreateHash", "ULONG_PTR", $hContext, "dword", 0x0000800e, "ptr", 0, "dword", 0, "ULONG_PTR*", 0) Ciao.

Hi DigDeep, I wrote those lines quickly to give a simple example, but obviously the code will have to be ; Return values .: Success - Return Array List (See Remarks) ; Failure - @Error ; |1 = Invalid $sFilter ; |2 = No Key-SubKey(s) Found ; |3 = Invalid $vFilter ; |4 = No Value-Name(s) Found ;Return 2D array all Keys\Subkes\Values ect ect $aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*") If IsArray($aKeyValList) Then For $i = 1 To $aKeyValList[0][0] ; $aKeyValList[i][0] -> Key\SubKeys Path ; $aKeyValList[i][1] -> Value name ; $aKeyValList[i][2] -> Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect) ; $aKeyValList[i][3] -> Value Data (If is set $iFlag = 256 Else Value Data = "") Next EndIf ;Or ;Return 2D array all Keys\Subkes\Values ect ect $aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*") If Not @Error Then For $i = 1 To $aKeyValList[0][0] ; $aKeyValList[i][0] -> Key\SubKeys Path ; $aKeyValList[i][1] -> Value name ; $aKeyValList[i][2] -> Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect) ; $aKeyValList[i][3] -> Value Data (If is set $iFlag = 256 Else Value Data = "") Next EndIf Ciao.

You will need\should use _FileReadToArrayEx , It must be faster and it will have to do exactly All what you want them to do #include <Array.au3> #include "_FileReadToArrayEx.au3" Local $aArray $fTimerDiff = TimerInit() $aArray = _FileReadToArrayEx(@DesktopDir & '\ZZj2_Test.Won.Two.csv', ",", $FRTA_ARRAYFIELD + 0 + $FRTA_STRIPALL + $FRTA_CHECKSINGEQUOTE) ;$aArray = _FileReadToArrayEx(@DesktopDir & '\Test.inf', ",", 0 + 1 + 16 + 12) $fTimerDiff = TimerDiff($fTimerDiff) ConsoleWrite("_FileReadToArrayEx() : " & $fTimerDiff & @CRLF) _ArrayDisplay($aArray) _ArrayDisplay(($aArray[1])) _ArrayDisplay(($aArray[6])) #include <Array.au3> #include "_FileReadToArrayEx.au3" Local $aArray, $sData $aArray = _FileReadToArrayEx(@DesktopDir & '\ZZj2_Test.Won.Two.csv', ",", BitOR($FRTA_NOCOUNT, $FRTA_ARRAYFIELD, $FRTA_STRIPALL)) If Not @Error Then ;;Local $iaArray = UBound($aArray) - 1 ; or $iaArray = @Extended For $i = 0 To UBound($aArray) - 1 For $y = 0 To UBound($aArray[$i]) - 1 $sData &= ($aArray[$i])[$y] & "," Next $sData = StringTrimRight($sData, 1) & @CRLF Next EndIf ConsoleWrite($sData & @LF) ;Or $aArray = _FileReadToArrayEx(@DesktopDir & '\ZZj2_Test.Won.Two.csv', ",", BitOR($FRTA_ARRAYFIELD, $FRTA_STRIPALL, $FRTA_CHECKSINGEQUOTE)) If Not @Error Then ;;Local $iaArray = UBound($aArray) - 1 ; or $iaArray = @Extended For $i = 1 To ($aArray)[0] For $y = 1 To ($aArray[$i])[0] $sData &= ($aArray[$i])[$y] & "," Next $sData = StringTrimRight($sData, 1) & @CRLF Next EndIf ConsoleWrite($sData & @LF) Ciao.

$aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*") ;or $aKeyValList = _RegEnumKeyEx($KeyName, 128 + 256, $KB) Ciao.

I still do not understand why you must first write everything in the text file ????, you already have the full array, what else is needed For $i = 1 To $aKeyValList[0][0] If $aKeyValList[$i][2] == "REG_SZ" Then ConsoleWrite($aKeyValList[$i][3] & @LF) EndIf Next Ciao.

Hi DigDeep, It is impossible for me to help you because you are completely out of context ??? ; #FUNCTION# ======================================================================================================================== ; Name...........: _RegEnumKeyEx ; Description ...: Lists all subkeys in a specified registry key ; Syntax.........: _RegEnumKeyEx($KeyName[, $iFlag = 0[, $sFilter = "*"]]) ; Parameters ....: $KeyName - The registry key to read. ; $iFlag - Optional specifies Recursion (add the flags together for multiple operations): ; |$iFlag = 0 (Default) All Key-SubKeys Recursive Mod ; |$iFlag = 1 All SubKeys Not Recursive Mod ; |$iFlag = 2 Include in ArrayList in the first element $KeyName ; |$iFlag = 16 $sFilter do Case-Sensitive matching (By Default $sFilter do Case-Insensitive matching) ; |$iFlag = 32 Disable the return the count in the first element - effectively makes the array 0-based (must use UBound() to get the size in this case). ; By Default the first element ($array[0]) contains the number of strings returned, the remaining elements ($array[1], $array[2], etc.) ; |$iFlag = 64 $sFilter is REGEXP Mod, See Pattern Parameters in StringRegExp ; |$iFlag = 128 Enum value's name (_RegEnumKeyEx Return a 2D array, maximum Array Size limit is 3999744 Key\Value) ; |$iFlag = 256 Reads a value data, this flag will be ignored if the $iFlag = 128 is not set ; $sFilter - Optional the filter to use, default is *. (Multiple filter groups such as "All "*.XXx|*.YYY|*.ZZZ") ; Search the Autoit3 helpfile for the word "WildCards" For details. ; $vFilter - Optional the filter to use for ValueName, $vFilter will be ignored if the $iFlag = 128 is not set ; default is *. (Multiple filter groups such as "All "*.XXx|*.YYY|*.ZZZ") Search the Autoit3 helpfile for the word "WildCards" For details. ; $iValueTypes - Optional, set Value Types to search (Default $iValueTypes = 0 Read All), $iValueTypes will be ignored if the $iFlag = 128 is not set ; (add the flags together for multiple operations): ; 1 = REG_SZ ; 2 = REG_EXPAND_SZ ; 3 = REG_BINARY ; 4 = REG_DWORD ; 5 = REG_DWORD_BIG_ENDIAN ; 6 = REG_LINK ; 7 = REG_MULTI_SZ ; 8 = REG_RESOURCE_LIST ; 9 = REG_FULL_RESOURCE_DESCRIPTOR ; 10 = REG_RESOURCE_REQUIREMENTS_LIST ; 11 = REG_QWORD ; Return values .: Success - Return Array List (See Remarks) ; Failure - @Error ; |1 = Invalid $sFilter ; |2 = No Key-SubKey(s) Found ; |3 = Invalid $vFilter ; |4 = No Value-Name(s) Found ; Author ........: DXRW4E ; Modified.......: ; Remarks .......: The array returned is one-dimensional and is made up as follows: ; $array[0] = Number of Key-SubKeys returned ; $array[1] = 1st Key\SubKeys ; $array[2] = 2nd Key\SubKeys ; $array[3] = 3rd Key\SubKeys ; $array[n] = nth Key\SubKeys ; ; If is set the $iFlag = 128 The array returned is 2D array and is made up as follows: ; $array[0][0] = Number of Key-SubKeys returned ; $array[1][0] = 1st Key\SubKeys ; $array[1][1] = 1st Value name ; $array[1][2] = 1st Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect) ; $array[1][3] = 1st Value Data (If is set $iFlag = 256 Else Value Data = "") ; $array[2][0] = 2nd Key\SubKeys ; $array[2][1] = 2nd Value name ; $array[2][2] = 2nd Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect) ; $array[2][3] = 2nd Value Data (If is set $iFlag = 256 Else Value Data = "") ; $array[n][0] = nth Key\SubKeys ; Related .......: _RegEnumValEx() ; Link ..........: ; Example .......: _RegEnumKeyEx("HKEY_CURRENT_USER\Software\AutoIt v3") ; Note ..........: ; =================================================================================================================================== What do not understand here ???? Function return array ????, Said that because it must be all very very very simple ;Return 2D array all Keys\Subkes\Values ect ect $aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*") _ArrayDisplay($aKeyValList) ;Return 2D array all Keys\Subkes\Values ect ect $aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*") _ArrayDisplay($aKeyValList) For $i = 1 To $aKeyValList[0][0] ; $aKeyValList[i][0] -> Key\SubKeys Path ; $aKeyValList[i][1] -> Value name ; $aKeyValList[i][2] -> Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect) ; $aKeyValList[i][3] -> Value Data (If is set $iFlag = 256 Else Value Data = "") Next so you have the FULL array, after you do whatever you want ect ect ect Ciao.

??????

Hi Docfxit, use\try\include the PrivilegesEx, to be sure you have (Always) all the Privileges #include-once #RequireAdmin Opt("MustDeclareVars",1) ;;Global $aOle32 = DllCall("ole32.dll", "long", "OleInitialize", "PTR", 0) If Not IsDeclared("arDllCall") Then Global Static $arDllCall #Region ;**** Token Privileges **** Global Const $hKernel32DLL = DllOpen("Kernel32.dll") Global Const $hAdvapi32Dll = DllOpen("AdvApi32.dll") ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; ;; ;; NT Defined Privileges ;; ;; ;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Global Const $SE_CREATE_TOKEN_NAME = "SeCreateTokenPrivilege" Global Const $SE_ASSIGNPRIMARYTOKEN_NAME = "SeAssignPrimaryTokenPrivilege" Global Const $SE_LOCK_MEMORY_NAME = "SeLockMemoryPrivilege" Global Const $SE_INCREASE_QUOTA_NAME = "SeIncreaseQuotaPrivilege" Global Const $SE_UNSOLICITED_INPUT_NAME = "SeUnsolicitedInputPrivilege" Global Const $SE_MACHINE_ACCOUNT_NAME = "SeMachineAccountPrivilege" Global Const $SE_TCB_NAME = "SeTcbPrivilege" Global Const $SE_SECURITY_NAME = "SeSecurityPrivilege" Global Const $SE_TAKE_OWNERSHIP_NAME = "SeTakeOwnershipPrivilege" Global Const $SE_LOAD_DRIVER_NAME = "SeLoadDriverPrivilege" Global Const $SE_SYSTEM_PROFILE_NAME = "SeSystemProfilePrivilege" Global Const $SE_SYSTEMTIME_NAME = "SeSystemtimePrivilege" Global Const $SE_PROF_SINGLE_PROCESS_NAME = "SeProfileSingleProcessPrivilege" Global Const $SE_INC_BASE_PRIORITY_NAME = "SeIncreaseBasePriorityPrivilege" Global Const $SE_CREATE_PAGEFILE_NAME = "SeCreatePagefilePrivilege" Global Const $SE_CREATE_PERMANENT_NAME = "SeCreatePermanentPrivilege" Global Const $SE_BACKUP_NAME = "SeBackupPrivilege" Global Const $SE_RESTORE_NAME = "SeRestorePrivilege" Global Const $SE_SHUTDOWN_NAME = "SeShutdownPrivilege" Global Const $SE_DEBUG_NAME = "SeDebugPrivilege" Global Const $SE_AUDIT_NAME = "SeAuditPrivilege" Global Const $SE_SYSTEM_ENVIRONMENT_NAME = "SeSystemEnvironmentPrivilege" Global Const $SE_CHANGE_NOTIFY_NAME = "SeChangeNotifyPrivilege" Global Const $SE_REMOTE_SHUTDOWN_NAME = "SeRemoteShutdownPrivilege" Global Const $SE_UNDOCK_NAME = "SeUndockPrivilege" Global Const $SE_SYNC_AGENT_NAME = "SeSyncAgentPrivilege" Global Const $SE_ENABLE_DELEGATION_NAME = "SeEnableDelegationPrivilege" Global Const $SE_MANAGE_VOLUME_NAME = "SeManageVolumePrivilege" Global Const $SE_IMPERSONATE_NAME = "SeImpersonatePrivilege" Global Const $SE_CREATE_GLOBAL_NAME = "SeCreateGlobalPrivilege" Global Const $SE_TRUSTED_CREDMAN_ACCESS_NAME = "SeTrustedCredManAccessPrivilege" Global Const $SE_RELABEL_NAME = "SeRelabelPrivilege" Global Const $SE_INC_WORKING_SET_NAME = "SeIncreaseWorkingSetPrivilege" Global Const $SE_TIME_ZONE_NAME = "SeTimeZonePrivilege" Global Const $SE_CREATE_SYMBOLIC_LINK_NAME = "SeCreateSymbolicLinkPrivilege" ;Global Const $SE_ASSIGNPRIMARYTOKEN_NAME = "SeAssignPrimaryTokenPrivilege" ;; Required to assign the primary token of a process. ;; User Right: Replace a process-level token. ;Global Const $SE_AUDIT_NAME = "SeAuditPrivilege" ;; Required to generate audit-log entries. Give this privilege to secure servers. ;; User Right: Generate security audits. ;Global Const $SE_BACKUP_NAME = "SeBackupPrivilege" ;; Required to perform backup operations. This privilege causes the system to grant all read access control to any file, regardless ;; of the access control list (ACL) specified for the file. Any access request other than read is still evaluated with the ACL. ;; This privilege is required by the RegSaveKey and RegSaveKeyExfunctions. ;; The following access rights are granted if this privilege is held: ;; READ_CONTROL ;; ACCESS_SYSTEM_SECURITY ;; FILE_GENERIC_READ ;; FILE_TRAVERSE ;; User Right: Back up files and directories. ;Global Const $SE_CHANGE_NOTIFY_NAME = "SeChangeNotifyPrivilege" ;; Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all ;; traversal access checks. It is enabled by default for all users. ;; User Right: Bypass traverse checking. ;Global Const $SE_CREATE_GLOBAL_NAME = "SeCreateGlobalPrivilege" ;; Required to create named file mapping objects in the global namespace during Terminal Services sessions. This privilege ;; is enabled by default for administrators, services, and the local system account. ;; User Right: Create global objects. ;Global Const $SE_CREATE_PAGEFILE_NAME = "SeCreatePagefilePrivilege" ;; Required to create a paging file. ;; User Right: Create a pagefile. ;Global Const $SE_CREATE_PERMANENT_NAME = "SeCreatePermanentPrivilege" ;; Required to create a permanent object. ;; User Right: Create permanent shared objects. ;Global Const $SE_CREATE_SYMBOLIC_LINK_NAME = "SeCreateSymbolicLinkPrivilege" ;; Required to create a symbolic link. ;; User Right: Create symbolic links. ;Global Const $SE_CREATE_TOKEN_NAME = "SeCreateTokenPrivilege" ;; Required to create a primary token. ;; User Right: Create a token object. ;; You cannot add this privilege to a user account with the "Create a token object" policy. Additionally, you cannot ;; add this privilege to an owned process using Windows APIs.Windows Server 2003 and Windows XP with SP1 and earlier: ;; Windows APIs can add this privilege to an owned process. ;Global Const $SE_DEBUG_NAME = "SeDebugPrivilege" ;; Required to debug and adjust the memory of a process owned by another account. ;; User Right: Debug programs. ;Global Const $SE_ENABLE_DELEGATION_NAME = "SeEnableDelegationPrivilege" ;; Required to mark user and computer accounts as trusted for delegation. ;; User Right: Enable computer and user accounts to be trusted for delegation. ;Global Const $SE_IMPERSONATE_NAME = "SeImpersonatePrivilege" ;; Required to impersonate. ;; User Right: Impersonate a client after authentication. ;Global Const $SE_INC_BASE_PRIORITY_NAME = "SeIncreaseBasePriorityPrivilege" ;; Required to increase the base priority of a process. ;; User Right: Increase scheduling priority. ;Global Const $SE_INCREASE_QUOTA_NAME = "SeIncreaseQuotaPrivilege" ;; Required to increase the quota assigned to a process. ;; User Right: Adjust memory quotas for a process. ;Global Const $SE_INC_WORKING_SET_NAME = "SeIncreaseWorkingSetPrivilege" ;; Required to allocate more memory for applications that run in the context of users. ;; User Right: Increase a process working set. ;Global Const $SE_LOAD_DRIVER_NAME = "SeLoadDriverPrivilege" ;; Required to load or unload a device driver. ;; User Right: Load and unload device drivers. ;Global Const $SE_LOCK_MEMORY_NAME = "SeLockMemoryPrivilege" ;; Required to lock physical pages in memory. ;; User Right: Lock pages in memory. ;Global Const $SE_MACHINE_ACCOUNT_NAME = "SeMachineAccountPrivilege" ;; Required to create a computer account. ;; User Right: Add workstations to domain. ;Global Const $SE_MANAGE_VOLUME_NAME = "SeManageVolumePrivilege" ;; Required to enable volume management privileges. ;; User Right: Manage the files on a volume. ;Global Const $SE_PROF_SINGLE_PROCESS_NAME = "SeProfileSingleProcessPrivilege" ;; Required to gather profiling information for a single process. ;; User Right: Profile single process. ;Global Const $SE_RELABEL_NAME = "SeRelabelPrivilege" ;; Required to modify the mandatory integrity level of an object. ;; User Right: Modify an object label. ;Global Const $SE_REMOTE_SHUTDOWN_NAME = "SeRemoteShutdownPrivilege" ;; Required to shut down a system using a network request. ;; User Right: Force shutdown from a remote system. ;Global Const $SE_RESTORE_NAME = "SeRestorePrivilege" ;; Required to perform restore operations. This privilege causes the system to grant all write access control to any file, ;; regardless of the ACL specified for the file. Any access request other than write is still evaluated with the ACL. Additionally, ;; this privilege enables you to set any valid user or group SID as the owner of a rights are granted if this privilege is held: ;; WRITE_DAC ;; WRITE_OWNER ;; ACCESS_SYSTEM_SECURITY ;; FILE_GENERIC_WRITE ;; FILE_ADD_FILE ;; FILE_ADD_SUBDIRECTORY ;; DELETE ;; User Right: Restore files and directories. ;Global Const $SE_SECURITY_NAME = "SeSecurityPrivilege" ;; Required to perform a number of security-related functions, such as controlling and ;; viewing audit messages. This privilege identifies its holder as a security operator. ;; User Right: Manage auditing and security log. ;Global Const $SE_SHUTDOWN_NAME = "SeShutdownPrivilege" ;; Required to shut down a local system. ;; User Right: Shut down the system. ;Global Const $SE_SYNC_AGENT_NAME = "SeSyncAgentPrivilege" ;; Required for a domain controller to use the Lightweight Directory Access Protocol directory synchronization services. ;; This privilege enables the holder to read all objects and properties in the directory, regardless of the protection on ;; and properties. By default, it is assigned to the Administrator and LocalSystem ;; the objects accounts on domain controllers. ;; User Right: Synchronize directory service data. ;Global Const $SE_SYSTEM_ENVIRONMENT_NAME = "SeSystemEnvironmentPrivilege" ;; Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information. ;; User Right: Modify firmware environment values. ;Global Const $SE_SYSTEM_PROFILE_NAME = "SeSystemProfilePrivilege" ;; Required to gather profiling information for the entire system. ;; User Right: Profile system performance. ;Global Const $SE_SYSTEMTIME_NAME = "SeSystemtimePrivilege" ;; Required to modify the system time. ;; User Right: Change the system time. ;Global Const $SE_TAKE_OWNERSHIP_NAME = "SeTakeOwnershipPrivilege" ;; Required to take ownership of an object without being granted discretionary access. This privilege allows the owner ;; value to be set only to those values that the holder may legitimately assign as the owner of an object. ;; User Right: Take ownership of files or other objects. ;Global Const $SE_TCB_NAME = "SeTcbPrivilege" ;; This privilege identifies its holder as part of the trusted computer base. Some trusted protected subsystems are granted this privilege. ;; User Right: Act as part of the operating system. ;Global Const $SE_TIME_ZONE_NAME = "SeTimeZonePrivilege" ;; Required to adjust the time zone associated with the computer's internal clock. ;; User Right: Change the time zone. ;Global Const $SE_TRUSTED_CREDMAN_ACCESS_NAME = "SeTrustedCredManAccessPrivilege" ;; Required to access Credential Manager as a trusted caller. ;; User Right: Access Credential Manager as a trusted caller. ;Global Const $SE_UNDOCK_NAME = "SeUndockPrivilege" ;; Required to undock a laptop. ;; User Right: Remove computer from docking station. ;Global Const $SE_UNSOLICITED_INPUT_NAME = "SeUnsolicitedInputPrivilege" ;; Required to read unsolicited input from a terminal device. ;; User Right: Not applicable. ; ;;;;Global Static $aTokenPrivilegesNewState[35][2] = [[$SE_CREATE_TOKEN_NAME,2], [$SE_ASSIGNPRIMARYTOKEN_NAME,2], [$SE_LOCK_MEMORY_NAME,2], [$SE_INCREASE_QUOTA_NAME,2], [$SE_UNSOLICITED_INPUT_NAME,2], [$SE_MACHINE_ACCOUNT_NAME,2], [$SE_TCB_NAME,2], [$SE_SECURITY_NAME,2], [$SE_TAKE_OWNERSHIP_NAME,2], [$SE_LOAD_DRIVER_NAME,2], [$SE_SYSTEM_PROFILE_NAME,2], [$SE_SYSTEMTIME_NAME,2], [$SE_PROF_SINGLE_PROCESS_NAME,2], [$SE_INC_BASE_PRIORITY_NAME,2], [$SE_CREATE_PAGEFILE_NAME,2], [$SE_CREATE_PERMANENT_NAME,2], [$SE_BACKUP_NAME,2], [$SE_RESTORE_NAME,2], [$SE_SHUTDOWN_NAME,2], [$SE_DEBUG_NAME,2], [$SE_AUDIT_NAME,2], [$SE_SYSTEM_ENVIRONMENT_NAME,2], [$SE_CHANGE_NOTIFY_NAME,2], [$SE_REMOTE_SHUTDOWN_NAME,2], [$SE_UNDOCK_NAME,2], [$SE_SYNC_AGENT_NAME,2], [$SE_ENABLE_DELEGATION_NAME,2], [$SE_MANAGE_VOLUME_NAME,2], [$SE_IMPERSONATE_NAME,2], [$SE_CREATE_GLOBAL_NAME,2], [$SE_TRUSTED_CREDMAN_ACCESS_NAME,2], [$SE_RELABEL_NAME,2], [$SE_INC_WORKING_SET_NAME,2], [$SE_TIME_ZONE_NAME,2], [$SE_CREATE_SYMBOLIC_LINK_NAME,2]] Global Static $aTokenPrivilegesNewState[6][2] = [[$SE_RESTORE_NAME,2],[$SE_BACKUP_NAME,2],[$SE_SECURITY_NAME,2],[$SE_TAKE_OWNERSHIP_NAME,2],[$SE_DEBUG_NAME,2],[$SE_CREATE_SYMBOLIC_LINK_NAME,2]] Global Static $iTokenPrivilegesState Global Static $aTokenPrivilegesPreviousState = _WinAPI_SetPrivilegeEx($aTokenPrivilegesNewState) ;;;;Global Const $OWNER_SECURITY_INFORMATION = 0x00000001 ;;;;Global Const $SE_REGISTRY_WOW64_32KEY = 12 ;Indicates an object for a registry entry under WOW64. Global Const $PSIDADMIN = _WinAPI_GetWellKnownSidEx("BA") Global Const $PSIDUSER = _WinAPI_GetWellKnownSidEx(@UserName) Global Const $SZSIDUSER = _WinAPI_GetWellKnownSidEx(@UserName, 2) ;;;;Local $asSDDL = StringSplit("DA|DG|DU|ED|DD|DC|BA|BG|BU|LA|LG|AO|BO|PO|SO|AU|PS|CO|CG|SY|PU|WD|RE|IU|NU|SU|RC|WR|AN|SA|CA|RS|EA|PA|RU|LS|NS|RD|NO|MU|LU|IS|CY|OW|ER|RO|CD|AC|RA|ES|MS|UD|HA|CN|AA|RM|AS|SS|AP|LW|ME|MP|HI|SI", "|") ;;;;Local $aWKS = StringSplit("$WinNullSid|$WinWorldSid|$WinLocalSid|$WinCreatorOwnerSid|$WinCreatorGroupSid|$WinCreatorOwnerServerSid|$WinCreatorGroupServerSid|$WinNtAuthoritySid|$WinDialupSid|$WinNetworkSid|$WinBatchSid|$WinInteractiveSid|$WinServiceSid|$WinAnonymousSid|$WinProxySid|$WinEnterpriseControllersSid|$WinSelfSid|$WinAuthenticatedUserSid|$WinRestrictedCodeSid|$WinTerminalServerSid|$WinRemoteLogonIdSid|$WinLogonIdsSid|$WinLocalSystemSid|$WinLocalServiceSid|$WinNetworkServiceSid|$WinBuiltinDomainSid|$WinBuiltinAdministratorsSid|$WinBuiltinUsersSid|$WinBuiltinGuestsSid|$WinBuiltinPowerUsersSid|$WinBuiltinAccountOperatorsSid|$WinBuiltinSystemOperatorsSid|$WinBuiltinPrintOperatorsSid|$WinBuiltinBackupOperatorsSid|$WinBuiltinReplicatorSid|$WinBuiltinPreWindows2000CompatibleAccessSid|$WinBuiltinRemoteDesktopUsersSid|$WinBuiltinNetworkConfigurationOperatorsSid|$WinAccountAdministratorSid|$WinAccountGuestSid|$WinAccountKrbtgtSid|$WinAccountDomainAdminsSid|$WinAccountDomainUsersSid|$WinAccountDomainGuestsSid|$WinAccountComputersSid|$WinAccountControllersSid|$WinAccountCertAdminsSid|$WinAccountSchemaAdminsSid|$WinAccountEnterpriseAdminsSid|$WinAccountPolicyAdminsSid|$WinAccountRasAndIasServersSid|$WinNTLMAuthenticationSid|$WinDigestAuthenticationSid|$WinSChannelAuthenticationSid|$WinThisOrganizationSid|$WinOtherOrganizationSid|$WinBuiltinIncomingForestTrustBuildersSid|$WinBuiltinPerfMonitoringUsersSid|$WinBuiltinPerfLoggingUsersSid|$WinBuiltinAuthorizationAccessSid|$WinBuiltinTerminalServerLicenseServersSid|$WinBuiltinDCOMUsersSid|$WinBuiltinIUsersSid|$WinIUserSid|$WinBuiltinCryptoOperatorsSid|$WinUntrustedLabelSid|$WinLowLabelSid|$WinMediumLabelSid|$WinHighLabelSid|$WinSystemLabelSid|$WinWriteRestrictedCodeSid|$WinCreatorOwnerRightsSid|$WinCacheablePrincipalsGroupSid|$WinNonCacheablePrincipalsGroupSid|$WinEnterpriseReadonlyControllersSid|$WinAccountReadonlyControllersSid|$WinBuiltinEventLogReadersGroup|$WinNewEnterpriseReadonlyControllersSid|$WinBuiltinCertSvcDComAccessGroup|$WinMediumPlusLabelSid|$WinLocalLogonSid|$WinConsoleLogonSid|$WinThisOrganizationCertificateSid|$WinApplicationPackageAuthoritySid|$WinBuiltinAnyPackageSid|$WinCapabilityInternetClientSid|$WinCapabilityInternetClientServerSid|$WinCapabilityPrivateNetworkClientServerSid|$WinCapabilityPicturesLibrarySid|$WinCapabilityVideosLibrarySid|$WinCapabilityMusicLibrarySid|$WinCapabilityDocumentsLibrarySid|$WinCapabilitySharedUserCertificatesSid|$WinCapabilityEnterpriseAuthenticationSid|$WinCapabilityRemovableStorageSid|$WinBuiltinRDSRemoteAccessServersSid|$WinBuiltinRDSEndpointServersSid|$WinBuiltinRDSManagementServersSid|$WinUserModeDriversSid|$WinBuiltinHyperVAdminsSid|$WinAccountCloneableControllersSid|$WinBuiltinAccessControlAssistanceOperatorsSid|$WinBuiltinRemoteManagementUsersSid|$WinAuthenticationAuthorityAssertedSid|$WinAuthenticationServiceAssertedSid|$WinLocalAccountSid|$WinLocalAccountAndAdministratorSid|$WinAccountProtectedUsersSid", "|", 2) ;; ;; Well known SID definitions for lookup. ;; Global Enum _ ;; $WELL_KNOWN_SID_TYPE $WinNullSid = 0, _ ;; Indicates a null SID. $WinWorldSid = 1, _ ;; "WD" - $SDDL_EVERYONE - Indicates a SID that matches everyone. $WinLocalSid = 2, _ ;; Indicates a local SID. $WinCreatorOwnerSid = 3, _ ;; "CO" - $SDDL_CREATOR_OWNER - Indicates a SID that matches the owner or creator of an object. $WinCreatorGroupSid = 4, _ ;; "CG" - $SDDL_CREATOR_GROUP - Indicates a SID that matches the creator group of an object. $WinCreatorOwnerServerSid = 5, _ ;; Indicates a creator owner server SID. $WinCreatorGroupServerSid = 6, _ ;; Indicates a creator group server SID. $WinNtAuthoritySid = 7, _ ;; Indicates a SID for the Windows NT authority account. $WinDialupSid = 8, _ ;; Indicates a SID for a dial-up account. $WinNetworkSid = 9, _ ;; "NU" - $SDDL_NETWORK - Indicates a SID for a network account. This SID is added to the process of a token when it logs on across a network. The corresponding logon type is LOGON32_LOGON_NETWORK. $WinBatchSid = 10, _ ;; Indicates a SID for a batch process. This SID is added to the process of a token when it logs on as a batch job. The corresponding logon type is LOGON32_LOGON_BATCH. $WinInteractiveSid = 11, _ ;; "IU" - $SDDL_INTERACTIVE - Indicates a SID for an interactive account. This SID is added to the process of a token when it logs on interactively. The corresponding logon type is LOGON32_LOGON_INTERACTIVE. $WinServiceSid = 12, _ ;; "SU" - $SDDL_SERVICE - Indicates a SID for a service. This SID is added to the process of a token when it logs on as a service. The corresponding logon type is LOGON32_LOGON_SERVICE. $WinAnonymousSid = 13, _ ;; "AN" - $SDDL_ANONYMOUS - Indicates a SID for the anonymous account. $WinProxySid = 14, _ ;; Indicates a proxy SID. $WinEnterpriseControllersSid = 15, _ ;; "ED" - $SDDL_ENTERPRISE_DOMAIN_CONTROLLERS - Indicates a SID for an enterprise controller. $WinSelfSid = 16, _ ;; "PS" - $SDDL_PERSONAL_SELF - Indicates a SID for self. $WinAuthenticatedUserSid = 17, _ ;; "AU" - $SDDL_AUTHENTICATED_USERS - Indicates a SID that matches any authenticated user. $WinRestrictedCodeSid = 18, _ ;; "RC" - $SDDL_RESTRICTED_CODE - Indicates a SID for restricted code. $WinTerminalServerSid = 19, _ ;; Indicates a SID that matches a terminal server account. $WinRemoteLogonIdSid = 20, _ ;; Indicates a SID that matches remote logons. $WinLogonIdsSid = 21, _ ;; Indicates a SID that matches logon IDs. $WinLocalSystemSid = 22, _ ;; "SY" - $SDDL_LOCAL_SYSTEM - Indicates a SID that matches the local system. $WinLocalServiceSid = 23, _ ;; "LS" - $SDDL_LOCAL_SERVICE - Indicates a SID that matches a local service. $WinNetworkServiceSid = 24, _ ;; "NS" - $SDDL_NETWORK_SERVICE - Indicates a SID that matches a network service. $WinBuiltinDomainSid = 25, _ ;; Indicates a SID that matches the domain account. $WinBuiltinAdministratorsSid = 26, _ ;; "BA" - $SDDL_BUILTIN_ADMINISTRATORS - Indicates a SID that matches the administrator group. $WinBuiltinUsersSid = 27, _ ;; "BU" - $SDDL_BUILTIN_USERS - Indicates a SID that matches built-in user accounts. $WinBuiltinGuestsSid = 28, _ ;; "BG" - $SDDL_BUILTIN_GUESTS - Indicates a SID that matches the guest account. $WinBuiltinPowerUsersSid = 29, _ ;; "PU" - $SDDL_POWER_USERS - Indicates a SID that matches the power users group. $WinBuiltinAccountOperatorsSid = 30, _ ;; "AO" - $SDDL_ACCOUNT_OPERATORS - Indicates a SID that matches the account operators account. $WinBuiltinSystemOperatorsSid = 31, _ ;; "SO" - $SDDL_SERVER_OPERATORS - Indicates a SID that matches the system operators group. $WinBuiltinPrintOperatorsSid = 32, _ ;; "PO" - $SDDL_PRINTER_OPERATORS - Indicates a SID that matches the print operators group. $WinBuiltinBackupOperatorsSid = 33, _ ;; "BO" - $SDDL_BACKUP_OPERATORS - Indicates a SID that matches the backup operators group. $WinBuiltinReplicatorSid = 34, _ ;; "RE" - $SDDL_REPLICATOR - Indicates a SID that matches the replicator account. $WinBuiltinPreWindows2000CompatibleAccessSid = 35, _ ;; "RU" - $SDDL_ALIAS_PREW2KCOMPACC - Indicates a SID that matches pre-Windows 2000 compatible accounts. $WinBuiltinRemoteDesktopUsersSid = 36, _ ;; "RD" - $SDDL_REMOTE_DESKTOP - Indicates a SID that matches remote desktop users. $WinBuiltinNetworkConfigurationOperatorsSid = 37, _ ;; "NO" - $SDDL_NETWORK_CONFIGURATION_OPS - Indicates a SID that matches the network operators group. $WinAccountAdministratorSid = 38, _ ;; Indicates a SID that matches the account administrator's account. $WinAccountGuestSid = 39, _ ;; Indicates a SID that matches the account guest group. $WinAccountKrbtgtSid = 40, _ ;; Indicates a SID that matches account Kerberos target group. $WinAccountDomainAdminsSid = 41, _ ;; Indicates a SID that matches the account domain administrator group. $WinAccountDomainUsersSid = 42, _ ;; Indicates a SID that matches the account domain users group. $WinAccountDomainGuestsSid = 43, _ ;; Indicates a SID that matches the account domain guests group. $WinAccountComputersSid = 44, _ ;; Indicates a SID that matches the account computer group. $WinAccountControllersSid = 45, _ ;; Indicates a SID that matches the account controller group. $WinAccountCertAdminsSid = 46, _ ;; Indicates a SID that matches the certificate administrators group. $WinAccountSchemaAdminsSid = 47, _ ;; Indicates a SID that matches the schema administrators group. $WinAccountEnterpriseAdminsSid = 48, _ ;; Indicates a SID that matches the enterprise administrators group. $WinAccountPolicyAdminsSid = 49, _ ;; Indicates a SID that matches the policy administrators group. $WinAccountRasAndIasServersSid = 50, _ ;; Indicates a SID that matches the RAS and IAS server account. $WinNTLMAuthenticationSid = 51, _ ;; Indicates a SID present when the Microsoft NTLM authentication package authenticated the client. $WinDigestAuthenticationSid = 52, _ ;; Indicates a SID present when the Microsoft Digest authentication package authenticated the client. $WinSChannelAuthenticationSid = 53, _ ;; Indicates a SID present when the Secure Channel (SSL/TLS) authentication package authenticated the client. $WinThisOrganizationSid = 54, _ ;; Indicates a SID present when the user authenticated from within the forest or across a trust that does not have the selective authentication option enabled. If this SID is present, then WinOtherOrganizationSid cannot be present. $WinOtherOrganizationSid = 55, _ ;; Indicates a SID present when the user authenticated across a forest with the selective authentication option enabled. If this SID is present, then WinThisOrganizationSid cannot be present. $WinBuiltinIncomingForestTrustBuildersSid = 56, _ ;; Indicates a SID that allows a user to create incoming forest trusts. It is added to the token of users who are a member of the Incoming Forest Trust Builders built-in group in the root domain of the forest. $WinBuiltinPerfMonitoringUsersSid = 57, _ ;; "MU" - $SDDL_PERFMON_USERS - Indicates a SID that matches the performance monitor user group. $WinBuiltinPerfLoggingUsersSid = 58, _ ;; "LU" - $SDDL_PERFLOG_USERS - Indicates a SID that matches the performance log user group. $WinBuiltinAuthorizationAccessSid = 59, _ ;; Indicates a SID that matches the Windows Authorization Access group. $WinBuiltinTerminalServerLicenseServersSid = 60, _ ;; Indicates a SID is present in a server that can issue terminal server licenses. $WinBuiltinDCOMUsersSid = 61, _ ;; Indicates a SID that matches the distributed COM user group. $WinBuiltinIUsersSid = 62, _ ;; "IS" - $SDDL_IIS_USERS - Indicates a SID that matches the Internet built-in user group. $WinIUserSid = 63, _ ;; Indicates a SID that matches the Internet user group. $WinBuiltinCryptoOperatorsSid = 64, _ ;; "CY" - $SDDL_CRYPTO_OPERATORS - Indicates a SID that allows a user to use cryptographic operations. It is added to the token of users who are a member of the CryptoOperators built-in group. $WinUntrustedLabelSid = 65, _ ;; Indicates a SID that matches an untrusted label. $WinLowLabelSid = 66, _ ;; "LW" - $SDDL_ML_LOW - Indicates a SID that matches an low level of trust label. $WinMediumLabelSid = 67, _ ;; "ME" - $SDDL_ML_MEDIUM - Indicates a SID that matches an medium level of trust label. $WinHighLabelSid = 68, _ ;; "HI" - $SDDL_ML_HIGH - Indicates a SID that matches a high level of trust label. $WinSystemLabelSid = 69, _ ;; "SI" - $SDDL_ML_SYSTEM - Indicates a SID that matches a system label. $WinWriteRestrictedCodeSid = 70, _ ;; "WR" - $SDDL_WRITE_RESTRICTED_CODE - Indicates a SID that matches a write restricted code group. $WinCreatorOwnerRightsSid = 71, _ ;; "OW" - $SDDL_OWNER_RIGHTS - Indicates a SID that matches a creator and owner rights group. $WinCacheablePrincipalsGroupSid = 72, _ ;; Indicates a SID that matches a cacheable principals group. $WinNonCacheablePrincipalsGroupSid = 73, _ ;; Indicates a SID that matches a non-cacheable principals group. $WinEnterpriseReadonlyControllersSid = 74, _ ;; Indicates a SID that matches an enterprise wide read-only controllers group. $WinAccountReadonlyControllersSid = 75, _ ;; Indicates a SID that matches an account read-only controllers group. $WinBuiltinEventLogReadersGroup = 76, _ ;; "ER" - $SDDL_EVENT_LOG_READERS - Indicates a SID that matches an event log readers group. $WinNewEnterpriseReadonlyControllersSid = 77, _ ;; Indicates a SID that matches a read-only enterprise domain controller. $WinBuiltinCertSvcDComAccessGroup = 78 ;; "CD" - $SDDL_CERTSVC_DCOM_ACCESS - Indicates a SID that matches the built-in DCOM certification services access group. Global Enum _ ;; $WELL_KNOWN_SID_TYPE - Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP: This value is not available. $WinMediumPlusLabelSid = 79, _ ;; "MP" - $SDDL_ML_MEDIUM_PLUS - Indicates a SID that matches the medium plus integrity label. $WinLocalLogonSid = 80, _ ;; Indicates a SID that matches a local logon group. $WinConsoleLogonSid = 81, _ ;; Indicates a SID that matches a console logon group. $WinThisOrganizationCertificateSid = 82, _ ;; Indicates a SID that matches a certificate for the given organization. $WinApplicationPackageAuthoritySid = 83, _ ;; Indicates a SID that matches the application package authority. $WinBuiltinAnyPackageSid = 84, _ ;; "AC" - $SDDL_ALL_APP_PACKAGES - Indicates a SID that applies to all app containers. $WinCapabilityInternetClientSid = 85, _ ;; Indicates a SID of Internet client capability for app containers. $WinCapabilityInternetClientServerSid = 86, _ ;; Indicates a SID of Internet client and server capability for app containers. $WinCapabilityPrivateNetworkClientServerSid = 87, _ ;; Indicates a SID of private network client and server capability for app containers. $WinCapabilityPicturesLibrarySid = 88, _ ;; Indicates a SID for pictures library capability for app containers. $WinCapabilityVideosLibrarySid = 89, _ ;; Indicates a SID for videos library capability for app containers. $WinCapabilityMusicLibrarySid = 90, _ ;; Indicates a SID for music library capability for app containers. $WinCapabilityDocumentsLibrarySid = 91, _ ;; Indicates a SID for documents library capability for app containers. $WinCapabilitySharedUserCertificatesSid = 92, _ ;; Indicates a SID for shared user certificates capability for app containers. $WinCapabilityEnterpriseAuthenticationSid = 93, _ ;; Indicates a SID for Windows credentials capability for app containers. $WinCapabilityRemovableStorageSid = 94, _ ;; Indicates a SID for removable storage capability for app containers. $WinBuiltinRDSRemoteAccessServersSid = 95, _ ;; "RA" - $SDDL_RDS_REMOTE_ACCESS_SERVERS $WinBuiltinRDSEndpointServersSid = 96, _ ;; "ES" - $SDDL_RDS_ENDPOINT_SERVERS $WinBuiltinRDSManagementServersSid = 97, _ ;; "MS" - $SDDL_RDS_MANAGEMENT_SERVERS $WinUserModeDriversSid = 98, _ ;; "UD" - $SDDL_USER_MODE_DRIVERS $WinBuiltinHyperVAdminsSid = 99, _ ;; "HA" - $SDDL_HYPER_V_ADMINS $WinAccountCloneableControllersSid = 100, _ ;; $WinBuiltinAccessControlAssistanceOperatorsSid = 101, _ ;; "AA" - $SDDL_ACCESS_CONTROL_ASSISTANCE_OPS $WinBuiltinRemoteManagementUsersSid = 102, _ ;; "RM" - $SDDL_REMOTE_MANAGEMENT_USERS $WinAuthenticationAuthorityAssertedSid = 103, _ ;; "AS" - $SDDL_AUTHORITY_ASSERTED $WinAuthenticationServiceAssertedSid = 104, _ ;; "SS" - $SDDL_SERVICE_ASSERTED $WinLocalAccountSid = 105, _ ;; $WinLocalAccountAndAdministratorSid = 106, _ ;; $WinAccountProtectedUsersSid = 107 ;; Global Const $WELL_KNOWN_SID_TYPE = "INT" ; #FUNCTION# ==================================================================================================================================== ; Name...........: _WinAPI_SetPrivilegeEx ; Description ...: Enables or disables special privileges as required by some DllCalls ; Syntax.........: _WinAPI_SetPrivilegeEx($avPrivilege) ; Parameters ....: $avPrivilege - An array of privileges and respective attributes ; $SE_PRIVILEGE_ENABLED - The function enables the privilege ; $SE_PRIVILEGE_REMOVED - The privilege is removed from the list of privileges in the token ; 0 - The function disables the privilege ; Requirement(s).: None ; Return values .: Success - An array of modified privileges and their respective previous attribute state ; Failure - An empty array ; Sets @Error ; Author ........: engine ; Modified.......: FredAI, DXRW4E ; Remarks .......: ; Related .......: ; Link ..........; ; Example .......; ; =============================================================================================================================================== Func _WinAPI_SetPrivilegeEx($avPrivilege) $iTokenPrivilegesState = $iTokenPrivilegesState ? 0 : 1 If Not UBound($avPrivilege) Then Return SetError(1, 0, 0) Local $tagTP = "DWORD", $iTokens = UBound($avPrivilege), $iError = 0, $iCount For $i = 1 To $iTokens $tagTP &= ";DWORD;LONG;DWORD" Next Local $tCurrState = DLLStructCreate($tagTP), $tPrevState = DllStructCreate($tagTP), $tLUID = DllStructCreate("DWORD;LONG") DLLStructSetData($tCurrState, 1, $iTokens) For $i = 0 To $iTokens - 1 DllCall($hAdvapi32Dll, "BOOL", "LookupPrivilegeValueW", "WSTR", Null, "WSTR", $avPrivilege[$i][0], "STRUCT*", $tLUID) DLLStructSetData($tCurrState, 3 * $i + 2, DllStructGetData($tLUID, 1)) DLLStructSetData($tCurrState, 3 * $i + 3, DllStructGetData($tLUID, 2)) DLLStructSetData($tCurrState, 3 * $i + 4, $avPrivilege[$i][1]) Next Local $hToken = DllCall($hAdvapi32Dll, "BOOL", "OpenProcessToken", "HANDLE", DllCall($hKernel32DLL, "HANDLE", "GetCurrentProcess")[0], "DWORD", 40, "HANDLE*", 0)[3] ;; TOKEN_ADJUST_PRIVILEGES + TOKEN_QUERY = 40 DllCall($hAdvapi32Dll, "BOOL", "AdjustTokenPrivileges", "HANDLE", $hToken, "BOOL", False, "STRUCT*", $tCurrState, "DWORD", DllStructGetSize($tCurrState), "STRUCT*", $tPrevState, "DWORD*", 0) $iError = DllCall($hKernel32DLL, "DWORD", "GetLastError")[0] DllCall($hKernel32DLL, "BOOL", "CloseHandle", "HANDLE", $hToken) $iCount = DllStructGetData($tPrevState, 1) If $iCount < 1 Then Return SetError($iError, 0, 0) Local $pLUID, $tName, $avPrevState[$iCount][2], $pPrevState = DllStructGetPtr($tPrevState) For $i = 0 To $iCount - 1 $pLUID = $pPrevState + 12 * $i + 4 $tName = DllStructCreate("WCHAR[" & DllCall($hAdvapi32Dll, "BOOL", "LookupPrivilegeNameW", "WSTR", Null, "PTR", $pLUID, "PTR", 0, "DWORD*", 0)[4] & "]") DllCall($hAdvapi32Dll, "BOOL", "LookupPrivilegeNameW", "WSTR", Null, "PTR", $pLUID, "STRUCT*", $tName, "DWORD*", DllStructGetSize($tName)) $avPrevState[$i][0] = DllStructGetData($tName, 1) $avPrevState[$i][1] = DllStructGetData($tPrevState, 3 * $i + 4) Next Return SetError($iError, 1, $avPrevState) EndFunc ;==> _WinAPI_SetPrivilegeEx ; #FUNCTION# ==================================================================================================================== ; Name...........: _WinAPI_GetWellKnownSidEx ; Description ...: Get\Create SID ; Syntax.........: _WinAPI_GetWellKnownSidEx($sWellKnownSid) ; Parameters ....: $sWellKnownSid - A member of the WELL_KNOWN_SID_TYPE enumeration that specifies what the SID will identify ; Or a string containing the string-format SID. The SID string can use either the standard ; S-R-I-S-S… format for SID strings, or the SID string constant format, such as "BA" for built-in ; administrators. For more information about SID string notation, see SDDL User aliases ($SDDL_*) and ; SID Components http://msdn.microsoft.com/en-us/library/windows/desktop/aa379597%28v=vs.85%29.aspx ; Or set NULL thi parameter to clean everything, to delete all SID Structure\pointer in $aWellKnownSid ; $iFlags - Optional ; |0 - (Default) Return pointer of the SID Structure ; |1 - Return SID Structure (the SID in a byte structure) ; |2 - Return the standard S-R-I-S-S… format for SID strings ; |3 - Return SID SDDL User aliases (example BA or BU etc etc) ; |4 - Return SID WELL_KNOWN_SID_TYPE (0 to 107) ; |8 - Return Array2D ($aWellKnownSid) of SID ; Return values .: Success - A pointer to a SID structure that identifies the object Or see $iFlags option ; Author ........: DXRW4E ; Modified.......: ; Remarks .......: ; Related .......: ; Link ..........: ; Example .......: ; =============================================================================================================================== Func _WinAPI_GetWellKnownSidEx($sWellKnownSid, $iFlags = 0) Local Static $aWellKnownSid[5][5] = [[0,4,@LF, @CR & "0" & @LF]] If BitAND($iFlags, 8) Then Return $aWellKnownSid If $sWellKnownSid == Null Then Local $_aWellKnownSid[5][5] = [[0,4,@LF, @CR & "0" & @LF]] $aWellKnownSid = $_aWellKnownSid Return EndIf Local $iType = BitAND($iFlags, ($iFlags > 4 ? 3 : 7)), $iSid = Int(StringRegExp($aWellKnownSid[0][2] & $sWellKnownSid & $aWellKnownSid[0][3], "(?i)\n\K\Q" & $sWellKnownSid & "\E\r(\d+)\n", 1)[0]) If $iSid Then Return SetError(0, $aWellKnownSid[$iSid][0], $aWellKnownSid[$iSid][$iType]) If $aWellKnownSid[0][0] = $aWellKnownSid[0][1] Then $aWellKnownSid[0][1] *= 2 ReDim $aWellKnownSid[$aWellKnownSid[0][1] + 1][5] EndIf $iSid = $aWellKnownSid[0][0] + 1 If String($sWellKnownSid) = @UserName Then $sWellKnownSid = DllStructCreate("Byte SID[256]") $arDllCall = DllCall($hAdvapi32Dll, "BOOL", "LookupAccountNameW", "WSTR", Null, "WSTR", @UserName, "STRUCT*", $sWellKnownSid, "DWORD*", DllStructGetSize($sWellKnownSid), "WSTR", "", "DWORD*", DllStructGetSize($sWellKnownSid), "INT*", 0) If @Error Or Not $arDllCall[0] Then Return SetError((@Error ? @Error : _WinAPI_GetLastErrorEx()), 1, 0) $arDllCall = DllCall($hAdvapi32Dll, "INT", "ConvertSidToStringSidW", "STRUCT*", $sWellKnownSid, "PTR*", 0) If @Error Or Not $arDllCall[0] Then Return SetError((@Error ? @Error : _WinAPI_GetLastErrorEx()), 2, 0) $sWellKnownSid = DllStructGetData(DllStructCreate("WCHAR[256]", $arDllCall[2]), 1) DllCall($hKernel32DLL, "PTR", "LocalFree", "PTR", $arDllCall[2]) $aWellKnownSid[0][2] &= @UserName & @CR & $iSid & @LF EndIf If StringIsDigit($sWellKnownSid) Then $arDllCall = DllCall($hAdvapi32Dll, "BOOL", "CreateWellKnownSid", "INT", Int($sWellKnownSid), "PTR", Null, "PTR", Null, "DWORD*", 0) If @Error Or Not $arDllCall[4] Then Return SetError((@Error ? @Error : _WinAPI_GetLastErrorEx()), 3, 0) $aWellKnownSid[$iSid][1] = DllStructCreate("Byte SID[" & $arDllCall[4] & "]") $arDllCall = DllCall($hAdvapi32Dll, "BOOL", "CreateWellKnownSid", "INT", $arDllCall[1], "PTR", Null, "STRUCT*", $aWellKnownSid[$iSid][1], "DWORD*", $arDllCall[4]) If Not $arDllCall[0] Then Return SetError(_WinAPI_GetLastErrorEx(), 4, 0) $aWellKnownSid[$iSid][4] = $arDllCall[1] Else $arDllCall = DllCall($hAdvapi32Dll, "BOOL", "ConvertStringSidToSidW", "WSTR", $sWellKnownSid, "PTR*", 0) If @Error Or Not $arDllCall[0] Then If $sWellKnownSid <> "BA" Then Return SetError((@Error ? @Error : _WinAPI_GetLastErrorEx()), 5, 0) $aWellKnownSid[$iSid][1] = DllStructCreate("Byte Data[16]") DllStructSetData($aWellKnownSid[$iSid][1], "Data", "0x01020000000000052000000020020000") Else $arDllCall = DllCall($hAdvapi32Dll, "DWORD", "GetLengthSid", "PTR", $arDllCall[2]) $aWellKnownSid[$iSid][1] = DllStructCreate("Byte Data[" & $arDllCall[0] & "]") DllStructSetData($aWellKnownSid[$iSid][1], "Data", DllStructGetData(DllStructCreate("Byte Data[" & $arDllCall[0] & "]", $arDllCall[1]), "Data")) DllCall($hKernel32DLL, "PTR", "LocalFree", "PTR", $arDllCall[1]) EndIf $aWellKnownSid[$iSid][3] = $sWellKnownSid EndIf $aWellKnownSid[$iSid][2] = DllCall($hAdvapi32Dll, "BOOL", "ConvertSidToStringSidW", "STRUCT*", $aWellKnownSid[$iSid][1], "WSTR*", 0)[2] If Not $aWellKnownSid[$iSid][3] Then $aWellKnownSid[$iSid][3] = $aWellKnownSid[$iSid][2] If StringRegExp($aWellKnownSid[0][2], "(?i)\n\K\Q" & $aWellKnownSid[$iSid][2] & "\E\r\d+\n") Then $iSid = StringRegExp($aWellKnownSid[0][2], "(?i)\n\K\Q" & $aWellKnownSid[$iSid][2] & "\E\r(\d+)\n", 1)[0] $aWellKnownSid[0][2] &= $sWellKnownSid & @CR & $iSid & @LF $aWellKnownSid[$iSid][(StringIsDigit($sWellKnownSid) ? 4 : 3)] = $sWellKnownSid Return SetError(0, $aWellKnownSid[$iSid][0], $aWellKnownSid[$iSid][$iType]) EndIf $aWellKnownSid[0][0] = $iSid $aWellKnownSid[$iSid][0] = DllStructGetPtr($aWellKnownSid[$iSid][1]) $aWellKnownSid[0][2] &= $sWellKnownSid & @CR & $iSid & @LF & $aWellKnownSid[$iSid][2] & @CR & $iSid & @LF Return SetError(0, $aWellKnownSid[$iSid][0], $aWellKnownSid[$iSid][$iType]) EndFunc Func _WinAPI_GetLastErrorEx() $arDllCall = DllCall($hKernel32DLL, "LONG", "GetLastError") Return (@Error ? @Error : $arDllCall[0]) EndFunc ;==>_WinAPI_GetLastErrorEx ;~ Func _WinAPI_CreateWellKnownSid($iWellKnownSidType = 26, $iFlags = 0) ;~ $arDllCall = DllCall($hAdvapi32Dll, "BOOL", "CreateWellKnownSid", "INT", $iWellKnownSidType, "PTR", Null, "PTR", Null, "DWORD*", 0) ;~ If @Error Or Not $arDllCall[4] Then Return SetError((@Error ? @Error : _WinAPI_GetLastErrorEx()), 1, 0) ;~ Local $TheSID = DllStructCreate("Byte SID[" & $arDllCall[4] & "]") ;~ $arDllCall = DllCall($hAdvapi32Dll, "BOOL", "CreateWellKnownSid", "INT", $iWellKnownSidType, "PTR", Null, "STRUCT*", $TheSID, "DWORD*", $arDllCall[4]) ;~ If Not $arDllCall[0] Then Return SetError(_WinAPI_GetLastErrorEx(), 2, 0) ;~ If $iFlags Then Return DllCall($hAdvapi32Dll, "BOOL", "ConvertSidToStringSidW", "STRUCT*", $TheSID, "WSTR*", 0)[2] ;~ Return $TheSID ;~ EndFunc #Endregion ;**** Token Privileges **** Ciao. PrivilegesEx.au3

Native API never wrong, if they are wrong after ehhhhh (how to say a catastrophe happens in system) Ciao.

what read every day?, read only that microsoft dismisses people from work, so what makes you think that? that microsoft has money to burn, do you really think that microsoft does not have to do all day and spends money to write 20 Gb library?

I have no idea what you're talking about, is first time I feel that issues of Microsoft Windows are discussed in facebook or other community like this (where you publish photos and sms etc etc), I personally do not have facebook or twitter or Windows Phone or iPhone or other, I always refer to the websites that deal with things series, however why you seem so strange, a few years ago (2008-2009 when facebook and Windows Phone not exist) 75% of web knew that there was only internet explorer browser ehhhh

but 80% of user in the web are ignorant (do not get me wrong, I do not say that they are idiots, but are ignorant about software), think with what will have to deal microsoft ?? with users who judge an OS (15-20 GB) because of the start menu ???? ah lately that a bigger concern (problem) trash icon in Windows 10, hundreds of thousands of programmers writes from 10 years millions of line of code, instead users judge the program from color of the setup icon ehhhhhhhh

Another trivial trivial example, to delete the Registry recursively, just use RegDeleteTree https://msdn.microsoft.com/en-us/library/windows/desktop/aa379776(v=vs.85).aspx ah yesss you can not, because it is not supported in WindowsXP, so you will need (to use SHDeleteKey https://msdn.microsoft.com/en-us/library/windows/desktop/bb773486(v=vs.85).aspx just read the comments of msdn user ehhhh) to write your own code, which is not so dificult in the end ehhhh, but still will be a code that will have to be checked and maintained and which may be the cause of many bugs, so at the end is a thing that costs, so multiply this example to a thousand and thousand and that's what happens in a code that today will support Windows XP (as said above this is a really trivial example, but think that happens with something really serious) Ciao.