#include #include void errorprint(char *szFormatString, ...) { DWORD dwGLE = GetLastError(); char szBuffer1[(MAX_PATH * 2) + 1], szBuffer2[(MAX_PATH * 2) + 1]; va_list marker; _snprintf(szBuffer1, (MAX_PATH * 2), "ERROR: %s (GLE: %d/0x%X)\n", szFormatString, dwGLE, dwGLE); va_start(marker, szFormatString); _vsnprintf(szBuffer2, (MAX_PATH * 2), szBuffer1, marker); va_end(marker); // just to be thorough szBuffer2[(MAX_PATH * 2)] = 0; printf(szBuffer2); } BOOL SetPrivilege( HANDLE hToken, // access token handle LPCTSTR lpszPrivilege, // name of privilege to enable/disable BOOL bEnablePrivilege // to enable or disable privilege ) { TOKEN_PRIVILEGES tp; LUID luid; if ( !LookupPrivilegeValue( NULL, // lookup privilege on local system lpszPrivilege, // privilege to lookup &luid ) ) { // receives LUID of privilege printf("LookupPrivilegeValue error: %u\n", GetLastError() ); return FALSE; } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; if (bEnablePrivilege) tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; else tp.Privileges[0].Attributes = 0; // Enable the privilege or disable all privileges. AdjustTokenPrivileges( hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL, (PDWORD) NULL); // Call GetLastError to determine whether the function succeeded. if (GetLastError() != ERROR_SUCCESS) { printf("AdjustTokenPrivileges failed: %u\n", GetLastError() ); return FALSE; } return TRUE; } BOOL ListPrivileges(HANDLE hToken) { BOOL fSuccess; TOKEN_PRIVILEGES *pBuffer = NULL; DWORD dwBufSize = 0, dwSecondBufSize = 0; DWORD dwGLE; fSuccess = GetTokenInformation( hToken, TokenPrivileges, pBuffer, 0, &dwBufSize); if (!fSuccess) { dwGLE = GetLastError(); if (dwGLE != 122 || !dwBufSize) { errorprint("couldn't get current token privileges"); return FALSE; } } else { errorprint("uhhh... something's wrong; we shouldn't be able to GTI with a null buffer"); return FALSE; } // theoretically, we now have the needed buffer size in dwBufSize pBuffer = (TOKEN_PRIVILEGES *)malloc(dwBufSize); if (!pBuffer) { errorprint("couldn't allocate %d byte buffer", dwBufSize); return FALSE; } fSuccess = GetTokenInformation( hToken, TokenPrivileges, pBuffer, dwBufSize, &dwSecondBufSize); if (!fSuccess) { errorprint("GetTokenInformation (second call) failed (bufsize: %d)", dwBufSize); free(pBuffer); return FALSE; } else if (dwSecondBufSize != dwBufSize) { errorprint("GetTokenInformation returned wrong number of bytes read (was %d, should be %d)", dwSecondBufSize, dwBufSize); free(pBuffer); return FALSE; } // ok, now we (theoretically) have an array of TOKEN_PRIVILEGES structures in pvBuffer int nPrivCount = dwBufSize / sizeof(TOKEN_PRIVILEGES); for (int i = 0; i < nPrivCount; ++i) { char szBuffer[MAX_PATH + 1]; LUID *pPrivLuid = &pBuffer->Privileges[i].Luid; DWORD dwPrivAttributes = pBuffer->Privileges[i].Attributes, cbName = MAX_PATH; fSuccess = LookupPrivilegeName(NULL, pPrivLuid, szBuffer, &cbName); if (!fSuccess) { errorprint("LookupPrivilegeName failed for privilege %d", i); free(pBuffer); return FALSE; } printf("%40s", szBuffer); szBuffer[0] = 0; if (dwPrivAttributes & SE_PRIVILEGE_ENABLED) { strcat(szBuffer, "enabled"); } if (dwPrivAttributes & SE_PRIVILEGE_ENABLED_BY_DEFAULT) { if (szBuffer[0]) strcat(szBuffer, ", "); strcat(szBuffer, "enabled by default"); } if (dwPrivAttributes & SE_PRIVILEGE_USED_FOR_ACCESS) { if (szBuffer[0]) strcat(szBuffer, ", "); strcat(szBuffer, "used for access"); } if (szBuffer[0]) printf(" (%s)\n", szBuffer); else printf("\n"); } free(pBuffer); return TRUE; } void main(void) { HANDLE hThisProcess = GetCurrentProcess(); HANDLE hToken = INVALID_HANDLE_VALUE; BOOL fSuccess; DWORD dwGLE; fSuccess = OpenProcessToken( hThisProcess, TOKEN_ALL_ACCESS, &hToken ); if (!fSuccess) { errorprint("couldn't open process token for current process"); exit(1); } printf("Privileges before setting SeDebugPrivilege...\n"); printf("---------------------------------------------\n"); fSuccess = ListPrivileges(hToken); if (!fSuccess) { errorprint("ListPrivileges failed, exiting..."); CloseHandle(hToken); exit(1); } fSuccess = SetPrivilege(hToken, "SeDebugPrivilege", TRUE); if (!fSuccess) { errorprint("SetPrivilege(\"SeDebugPrivilege\") failed, exiting..."); CloseHandle(hToken); exit(1); } printf("\nPrivileges after setting SeDebugPrivilege... \n"); printf("--------------------------------------------\n"); fSuccess = ListPrivileges(hToken); if (!fSuccess) { errorprint("ListPrivileges failed, exiting..."); CloseHandle(hToken); exit(1); } CloseHandle(hToken); exit(0); }