Sign in to follow this  
Followers 0

[Solved]What could cause AdjustTokenPrivileges() to fail?

3 posts in this topic

#1 ·  Posted (edited)

Hello. I am tying to AdjustTokenPrivileges() but i get error saying: "Not all privileges or groups referenced are assigned to the caller." Does anyone know I could fix this error? Or what I need to do inorder to get rid of it. Even running it under SYSTEM didn't help.

#include <winapi.au3>
#include <array.au3>
#include <security.au3>

$NULL = 0
;$TOKEN_ALL_ACCESS = 0xf01ff

Func SetTBCPrivileges()
$dwPID = @AutoItPID
$hToken = 0
$hProcess = 0
$tpDebug = DllStructCreate($tagTOKEN_PRIVILEGES)
$hProcess = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS,False,$dwPID)
If not $hProcess Then return False
If not _WinAPI_OpenProcessToken($hProcess,$TOKEN_ALL_ACCESS,$hToken) Then return False
$LUID = _Security__LookupPrivilegeValue("", $SE_DEBUG_NAME)
if $LUID == 0 Then Return False
if _Security__AdjustTokenPrivileges($hToken,False,DllStructGetPtr($tpDebug),DllStructGetSize($tpDebug),$NULL,$NULL) = False Then Return false
;~ if _WinAPI_GetLastError() <> $ERROR_SUCCESS Then Return False
MsgBox(0,0, _WinAPI_GetLastErrorMessage())

Func _WinAPI_OpenProcessToken($pHandle, $iAccess, byref $hToken)
Local $aResult = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $pHandle, "int", $iAccess, "int*", 0)
If @error Or $aResult[0] = 0 Then Return SetError(1, 0, 0)
$hToken = $aResult[3]
Return $aResult[0]

Original code is here:

BOOL SetTBCPrivileges(VOID) {
HANDLE hProcess;
HANDLE hToken;
LUID Luid;
dwPID = GetCurrentProcessId();
if ((hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID)) == NULL) return FALSE;
if (OpenProcessToken(hProcess, TOKEN_ALL_ACCESS, &hToken) == 0) return FALSE;
if ((LookupPrivilegeValue(NULL, SE_TCB_NAME, &Luid)) == 0) return FALSE;
tpDebug.PrivilegeCount = 1;
tpDebug.Privileges[0].Luid = Luid;
tpDebug.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if ((AdjustTokenPrivileges(hToken, FALSE, &tpDebug, sizeof(tpDebug), NULL, NULL)) == 0) return FALSE;
if (GetLastError() != ERROR_SUCCESS) return FALSE;
return TRUE;
Edited by E1M1


Share this post

Link to post
Share on other sites

#2 ·  Posted (edited)

You need #RequireAdmin whether you like it or not.

Edited by trancexx




Share this post

Link to post
Share on other sites

#3 ·  Posted (edited)

Dont you already have admin rights when you run it as system service (it runs under SYSTEM user)? Just in case I added it to test and it didn't solve the issue. I also figured that issue is not in code. I guess I need to do something else before calling that function.

Edit: I had to run it a service directly. Before I was using launcher app and required permissions went lost that way.

Edit2: had to update autoit on virtual machine to get it work there too

Edited by E1M1


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0