Sign in to follow this  
Followers 0
1234hotmaster

Can someone help me use this API?

5 posts in this topic

#1 ·  Posted (edited)

hi i be happy if someone can help me use the NtSetInformationProcess@ntdll.dll

i need to set my program's process privileges :D

i tried

DllCall("ntdll.dll","int", "NtSetInformationProcess","handle",_WinAPI_OpenProcess(512,False,ProcessExists(@ScriptName)),"int",29,"ptr*",1,"long",4)

DllCall("ntdll.dll","int", "NtSetInformationProcess","ptr",_WinAPI_OpenProcess(512,False,ProcessExists(@ScriptName)),"int",29,"int*",1,"int",4)

DllCall("ntdll.dll","int", "NtSetInformationProcess","ptr",_WinAPI_OpenProcess(512,False,ProcessExists(@ScriptName)),"int",29,"int",1,"int",4)

But none seem to work... Am i doing it wrong?

Edited by 1234hotmaster

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

#1 seems most correct... bit nasty code though, what are you using this for? :/

you can try to use _WinApi_GetCurrentProcess() instead of openprocess

Edited by Shaggi

Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG

Share this post


Link to post
Share on other sites

Ok but why doesn't it work? :D

well yea but GetCurrentProcess@User32.dll returns a psuedo handle not a real one but you can make it a real one by using DuplicateHandle@User32.dll but i just used OpenProcess to make it easier :oops:

or are the results diffrent? o.o

Nasty? Do you know what this code does then?...

Share this post


Link to post
Share on other sites

it registers your process as critical, and, if terminated, bsods

if using openprocess, are you sure your bitmask includes the necessary flags? did you try with process_all_access? i dont think getcurrentprocess is invalid in any cases, and it has process_all_access.. did you check return? and, did you try with debug privilege?


Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

then you do.

Ive heard i need to use PROCESS_SET_INFORMATION which is 512 or 0x0200. I also tried opening the process with the PROCESS_ALL_ACCESS and debug priv on a XP virtual machine but didn't seem to work. Also tested on a Windows 7 x64 bit.

The func for allowing debug priv which i found in the forum is:

Func _GetPrivilege_SEDEBUG()
    Local $tagLUIDANDATTRIB = "int64 Luid;dword Attributes"
    Local $count = 1
    Local $tagTOKENPRIVILEGES = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]" ; count of LUID structs * sizeof LUID struct
    Local $TOKEN_ADJUST_PRIVILEGES = 0x20
    Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "ptr", _WinAPI_GetCurrentProcess(), "dword", $TOKEN_ADJUST_PRIVILEGES, "ptr*", "")
    Local $hToken = $call[3]
    $call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", Chr(0), "str", "SeDebugPrivilege", "int64*", "")
    msgbox(0,"",$call[3] & " " & _WinAPI_GetLastErrorMessage())
    Local $iLuid = $call[3]
    Local $TP = DllStructCreate($tagTOKENPRIVILEGES)
    Local $LUID = DllStructCreate($tagLUIDANDATTRIB, DllStructGetPtr($TP, "LUIDandATTRIB"))
    DllStructSetData($TP, "PrivilegeCount", $count)
    DllStructSetData($LUID, "Luid", $iLuid)
    DllStructSetData($LUID, "Attributes", $SE_PRIVILEGE_ENABLED)
    $call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "ptr", $hToken, "int", 0, "ptr", DllStructGetPtr($TP), "dword", 0, "ptr", Chr(0), "ptr", Chr(0))
    Return ($call[0] <> 0) ; $call[0] <> 0 is success
EndFunc   ;==>_GetPrivilege_SEDEBUG

I also tried checking for the return which was -1073741727 aka "A required privilege is not held by the client." - ResHacker

I'm really confused... i also try'd using the debug priv in the Memory.au3 but that also didn't seem to work...

And also thanks for replying I've seen threads that never got replied even in years :)

Edit: Solved it myself :oops:

Ofc thanks to Shaggi for saying check the return value :D

Damn good thing tried it in a virtual machine it blow up when i closed the program :rip:

Edited by 1234hotmaster

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0