HopkinsProg Posted October 16, 2009 Share Posted October 16, 2009 Hello all, I am trying to open a given process to see which tokens it has, and then modify those tokens.My AutoIT script is running under Windows XP as an Administrative user, and the process I am trying to open is a command window (cmd.exe) running as a standard user.It looks like I may be able to accomplish this through the Windows API, using a combination of calls to OpenProcessToken, GetTokenInformation, and AdjustTokenPrivileges. I have seen a few examples of OpenProcessToken and AdjustTokenPrivleges (See: Here), but they focus around the debug privilege (SeDebugPrivilege), which doesn't provide any real indicator to me that the code is actually doing anything. I'm a bit more interested in being able to check for and enable "SeTcbPrivilege", basically providing administrative privileges to a process which did not originally have them.I've tried looking through the MSDN docs, but to be honest, with the lack of usable examples (no technet subscription for me, haha), I really don't understand how to use/call these functions.#include <WinAPI.au3> _GetPrivilege_SEDEBUG() ConsoleWrite(@error & @CRLF) Func _GetPrivilege_SEDEBUG() Local $tagLUIDANDATTRIB = "int64 Luid;dword Attributes" Local $count = 1 Local $tagTOKENPRIVILEGES = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]"; count of LUID structs * sizeof LUID struct ; Local $sTOKEN_ADJUST_PRIVILEGES = 0x20 Local $myPID=ProcessExists("cmd.exe") Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $myPID, "dword", 0x20, "int*", "") ;~ _WinAPI_GetCurrentProcess()//$myPID Local $hToken = $call[3] $call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", "SeTcbPrivilege", "int64*", "") ;~ SeDebugPrivilege//SeTcbPrivilege Local $iLuid = $call[3] Local $TP = DllStructCreate($tagTOKENPRIVILEGES) Local $LUID = DllStructCreate($tagLUIDANDATTRIB, DllStructGetPtr($TP, "LUIDandATTRIB")) DllStructSetData($TP, "PrivilegeCount", $count) DllStructSetData($LUID, "Luid", $iLuid) DllStructSetData($LUID, "Attributes", $SE_PRIVILEGE_ENABLED) $call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $hToken, "int", 0, "ptr", DllStructGetPtr($TP), "dword", 0, "ptr", "", "ptr", "") If ($call[0] <> 0) Then ConsoleWrite("Privilege = " & ($call[0] <> 0) & @LF) Return SetError(0) ; $call[0] <> 0 is success Else ConsoleWrite("Privilege = " & ($call[0] <> 0) & @LF) Return SetError(1) EndIf EndFunc ;==>_GetPrivilege_SEDEBUGAny thoughts? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now