1234hotmaster Posted November 15, 2011 Share Posted November 15, 2011 (edited) hi i be happy if someone can help me use the NtSetInformationProcess@ntdll.dll i need to set my program's process privileges i tried DllCall("ntdll.dll","int", "NtSetInformationProcess","handle",_WinAPI_OpenProcess(512,False,ProcessExists(@ScriptName)),"int",29,"ptr*",1,"long",4) DllCall("ntdll.dll","int", "NtSetInformationProcess","ptr",_WinAPI_OpenProcess(512,False,ProcessExists(@ScriptName)),"int",29,"int*",1,"int",4) DllCall("ntdll.dll","int", "NtSetInformationProcess","ptr",_WinAPI_OpenProcess(512,False,ProcessExists(@ScriptName)),"int",29,"int",1,"int",4) But none seem to work... Am i doing it wrong? Edited November 15, 2011 by 1234hotmaster Link to comment Share on other sites More sharing options...
Shaggi Posted November 15, 2011 Share Posted November 15, 2011 (edited) #1 seems most correct... bit nasty code though, what are you using this for? :/ you can try to use _WinApi_GetCurrentProcess() instead of openprocess Edited November 15, 2011 by Shaggi Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG Link to comment Share on other sites More sharing options...
1234hotmaster Posted November 15, 2011 Author Share Posted November 15, 2011 Ok but why doesn't it work? well yea but GetCurrentProcess@User32.dll returns a psuedo handle not a real one but you can make it a real one by using DuplicateHandle@User32.dll but i just used OpenProcess to make it easier or are the results diffrent? o.o Nasty? Do you know what this code does then?... Link to comment Share on other sites More sharing options...
Shaggi Posted November 15, 2011 Share Posted November 15, 2011 it registers your process as critical, and, if terminated, bsods if using openprocess, are you sure your bitmask includes the necessary flags? did you try with process_all_access? i dont think getcurrentprocess is invalid in any cases, and it has process_all_access.. did you check return? and, did you try with debug privilege? Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG Link to comment Share on other sites More sharing options...
1234hotmaster Posted November 16, 2011 Author Share Posted November 16, 2011 (edited) then you do.Ive heard i need to use PROCESS_SET_INFORMATION which is 512 or 0x0200. I also tried opening the process with the PROCESS_ALL_ACCESS and debug priv on a XP virtual machine but didn't seem to work. Also tested on a Windows 7 x64 bit.The func for allowing debug priv which i found in the forum is:Func _GetPrivilege_SEDEBUG() Local $tagLUIDANDATTRIB = "int64 Luid;dword Attributes" Local $count = 1 Local $tagTOKENPRIVILEGES = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]" ; count of LUID structs * sizeof LUID struct Local $TOKEN_ADJUST_PRIVILEGES = 0x20 Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "ptr", _WinAPI_GetCurrentProcess(), "dword", $TOKEN_ADJUST_PRIVILEGES, "ptr*", "") Local $hToken = $call[3] $call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", Chr(0), "str", "SeDebugPrivilege", "int64*", "") msgbox(0,"",$call[3] & " " & _WinAPI_GetLastErrorMessage()) Local $iLuid = $call[3] Local $TP = DllStructCreate($tagTOKENPRIVILEGES) Local $LUID = DllStructCreate($tagLUIDANDATTRIB, DllStructGetPtr($TP, "LUIDandATTRIB")) DllStructSetData($TP, "PrivilegeCount", $count) DllStructSetData($LUID, "Luid", $iLuid) DllStructSetData($LUID, "Attributes", $SE_PRIVILEGE_ENABLED) $call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "ptr", $hToken, "int", 0, "ptr", DllStructGetPtr($TP), "dword", 0, "ptr", Chr(0), "ptr", Chr(0)) Return ($call[0] <> 0) ; $call[0] <> 0 is success EndFunc ;==>_GetPrivilege_SEDEBUGI also tried checking for the return which was -1073741727 aka "A required privilege is not held by the client." - ResHackerI'm really confused... i also try'd using the debug priv in the Memory.au3 but that also didn't seem to work...And also thanks for replying I've seen threads that never got replied even in years Edit: Solved it myself Ofc thanks to Shaggi for saying check the return value Damn good thing tried it in a virtual machine it blow up when i closed the program Edited November 16, 2011 by 1234hotmaster Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now