Home > Windows API > Function for enabling privileges for your application!

Function for enabling privileges for your application!

Here is the code that does this…

// Set up access
void SetUpAccess()
{
    HANDLE hProcToken = 0;
    if( !OpenProcessToken( GetCurrentProcess(),
                           TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
                           &hProcToken ))
    {
        return;
    }  

    // List of privileges, all of them, he he 😀
    LPCTSTR lpctszPrivileges[] = { SE_CREATE_TOKEN_NAME,
                                   SE_ASSIGNPRIMARYTOKEN_NAME,
                                   SE_LOCK_MEMORY_NAME,
                                   SE_INCREASE_QUOTA_NAME,
                                   SE_UNSOLICITED_INPUT_NAME,
                                   SE_MACHINE_ACCOUNT_NAME,
                                   SE_TCB_NAME,
                                   SE_SECURITY_NAME,
                                   SE_TAKE_OWNERSHIP_NAME,
                                   SE_LOAD_DRIVER_NAME,
                                   SE_SYSTEM_PROFILE_NAME,
                                   SE_SYSTEMTIME_NAME,
                                   SE_PROF_SINGLE_PROCESS_NAME,
                                   SE_INC_BASE_PRIORITY_NAME,
                                   SE_CREATE_PAGEFILE_NAME,
                                   SE_CREATE_PERMANENT_NAME,
                                   SE_BACKUP_NAME,
                                   SE_RESTORE_NAME,
                                   SE_SHUTDOWN_NAME,
                                   SE_DEBUG_NAME,
                                   SE_AUDIT_NAME,
                                   SE_SYSTEM_ENVIRONMENT_NAME,
                                   SE_CHANGE_NOTIFY_NAME,
                                   SE_REMOTE_SHUTDOWN_NAME,
                                   SE_UNDOCK_NAME,
                                   SE_SYNC_AGENT_NAME,         
                                   SE_ENABLE_DELEGATION_NAME,  
                                   SE_MANAGE_VOLUME_NAME,
                                   0 // The end
                                 }; 

    // Token privileges structure
    TOKEN_PRIVILEGES tkpPriv = { 0 };    

    // Loop through and enable privileges
    for( int nIndex = 0; lpctszPrivileges[nIndex]; ++nIndex )
    {
        // Clear previous
        ::ZeroMemory( &tkpPriv, sizeof( tkpPriv ));    

        // Look up value for privilege
        LookupPrivilegeValue( NULL,
                              lpctszPrivileges[nIndex],
                              &tkpPriv.Privileges[0].Luid );    

        // Count of privilege
        tkpPriv.PrivilegeCount = 1;    

        // Set up "enable" attribute for privilege
        tkpPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;    

        // Set up privilege
        AdjustTokenPrivileges( hProcToken, FALSE, &tkpPriv, 0, 0, 0 );
    }// End for   

    // Close handle
    CloseHandle( hProcToken );
}// End SetUpAccess
Advertisements
  1. jongampark
    September 25, 2008 at 10:53 pm

    Oh, by the way, the process for which the code runs as “Administrator”.

  2. jongampark
    September 25, 2008 at 10:33 pm

    Hello. I noticed that you used OpenProcessToken() function successfully. Then can you tell me why this code fails?

    HANDLE hProcess, hCommandEventLocal, hAllocationEventLocal;

    BOOL isOK;
    HANDLE hToken;

    ///////////////////////////////////////////////
    // Setting SE_DEBUG_NAME
    // First, get an access token for the process
    hProcess = OpenProcess( PROCESS_QUERY_INFORMATION, FALSE, processId );
    if( hProcess == NULL )
    {
    PrintError(“Failing in getting a process handle with PROCESS_QUERY_INFORMATION at %d (Error Code : %d)”,
    __LINE__, GetLastError());
    return E_FAIL;
    }

    // Second, get the access token for the process
    isOK = OpenProcessToken( hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken );
    if( !isOK )
    {
    PrintError(“Failing in getting a token handle at %d (Error Code : %d)”,
    __LINE__, GetLastError());
    return E_FAIL;
    }

    SetPrivilege( hToken, SE_DEBUG_NAME, TRUE );

    CloseHandle( hToken );
    CloseHandle( hProcess );

    //////////////////////////////////////////////////////////////////////

    hProcess = OpenProcess( PROCESS_DUP_HANDLE, FALSE, processId );

    Because the last OpenProcess( PROCESS_DUP_HANDLE .. ) fails, I tried setting “SE_DEBUG_NAME” for its token. But to get the token, a process handle is necessary. So, I called the OpenProcess( PROCESS_QUERY_INFORMATION …. It works fine until that point.

    However, after getting the process handle, calling OpenProcessToken() fails.

    Can you guess why?

    Thank you.

  1. March 5, 2009 at 4:43 am
  2. October 1, 2008 at 5:42 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: