What do you not understand, how to implement it or how to attach to your process?
OK, so I need SeDebugPrivilege enabled. I've been googling and searching around and I found some code that enables it but I have no idea how it works. If someone could post the code heavily documented or a link to where it is documented I'd be really happy .
-Edit- And yes I have read the MSDN code. -Edit-
Last edited by Albzter; 02-12-2017 at 01:29 AM.
What do you not understand, how to implement it or how to attach to your process?
I am gonna assume you know about the language and it is only the part of SeDebugPrivilege which is the problem.
Else ignore this.
The changing of SeDebugPrivilege is split up into these parts:
- Get an access token (Meaning the id of the actual user session on the computer)
- Get the numeric id from the the string of the new privilege. Eg. SE_DEBUG_NAME (LookupPrivilegeValue)
- Get current privileges (AdjustTokenPrivileges)
- Adjust those privileges (AdjustTokenPrivileges)
The real thing here to note is that AdjustTokenPrivileges is used for both getting and actually changing privileges.
If you take a look at this url
https:// support .microsoft .com /en-us/help/131065/how-to-obtain-a-handle-to-any-process-with-sedebugprivilege
and search for the first call to AdjustTokenPrivileges you will see that by setting the tp variable as they do.
The tpPrevious variable will (if that call succeeds) be filled with the current privileges.
Then they use the tpPrevious variable and fill it with new privileges and then calls AdjustTokenPrivileges again.
This is untested so if it doesn't act like it should, that is the problemBOOL SetDebugPrivilege() {
HANDLE hToken = nullptr;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken)) return FALSE;
TOKEN_PRIVILEGES TokenPrivileges = { 0 };
TokenPrivileges.PrivilegeCount = 1;
TokenPrivileges.Privileges[0].Attributes = TRUE ? SE_PRIVILEGE_ENABLED : 0;
if (!LookupPrivilegeValueA(nullptr, "SeDebugPrivilege", &TokenPrivileges.Privileges[0].Luid)){
CloseHandle(hToken);
return FALSE;
}
if (!AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), nullptr, nullptr)){
CloseHandle(hToken);
return FALSE;
}
CloseHandle(hToken);
return TRUE;