Sign in to follow this  
Followers 0
E1M1

[Solved]What could cause AdjustTokenPrivileges() to fail?

3 posts in this topic

#1 ·  Posted (edited)

Hello. I am tying to AdjustTokenPrivileges() but i get error saying: "Not all privileges or groups referenced are assigned to the caller." Does anyone know I could fix this error? Or what I need to do inorder to get rid of it. Even running it under SYSTEM didn't help.

#include <winapi.au3>
#include <array.au3>
#include <security.au3>

$NULL = 0
$PROCESS_ALL_ACCESS = 0x001F0FFF
;$TOKEN_ALL_ACCESS = 0xf01ff
;$ERROR_SUCCESS = 0

SetTBCPrivileges()
Func SetTBCPrivileges()
$dwPID = @AutoItPID
$hToken = 0
$hProcess = 0
$tpDebug = DllStructCreate($tagTOKEN_PRIVILEGES)
$hProcess = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS,False,$dwPID)
If not $hProcess Then return False
If not _WinAPI_OpenProcessToken($hProcess,$TOKEN_ALL_ACCESS,$hToken) Then return False
$LUID = _Security__LookupPrivilegeValue("", $SE_DEBUG_NAME)
if $LUID == 0 Then Return False
DllStructSetData($tpDebug,"Count",1)
DllStructSetData($tpDebug,"LUID",$LUID,1)
DllStructSetData($tpDebug,"Attributes",$SE_PRIVILEGE_ENABLED,1)
if _Security__AdjustTokenPrivileges($hToken,False,DllStructGetPtr($tpDebug),DllStructGetSize($tpDebug),$NULL,$NULL) = False Then Return false
;~ if _WinAPI_GetLastError() <> $ERROR_SUCCESS Then Return False
MsgBox(0,0, _WinAPI_GetLastErrorMessage())
EndFunc

Func _WinAPI_OpenProcessToken($pHandle, $iAccess, byref $hToken)
Local $aResult = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $pHandle, "int", $iAccess, "int*", 0)
If @error Or $aResult[0] = 0 Then Return SetError(1, 0, 0)
$hToken = $aResult[3]
Return $aResult[0]
EndFunc

Original code is here:

BOOL SetTBCPrivileges(VOID) {
DWORD dwPID;
HANDLE hProcess;
HANDLE hToken;
LUID Luid;
TOKEN_PRIVILEGES tpDebug;
dwPID = GetCurrentProcessId();
if ((hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID)) == NULL) return FALSE;
if (OpenProcessToken(hProcess, TOKEN_ALL_ACCESS, &hToken) == 0) return FALSE;
if ((LookupPrivilegeValue(NULL, SE_TCB_NAME, &Luid)) == 0) return FALSE;
tpDebug.PrivilegeCount = 1;
tpDebug.Privileges[0].Luid = Luid;
tpDebug.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if ((AdjustTokenPrivileges(hToken, FALSE, &tpDebug, sizeof(tpDebug), NULL, NULL)) == 0) return FALSE;
if (GetLastError() != ERROR_SUCCESS) return FALSE;
CloseHandle(hToken);
CloseHandle(hProcess);
return TRUE;
}
Edited by E1M1

edited

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

You need #RequireAdmin whether you like it or not.

Edited by trancexx

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Dont you already have admin rights when you run it as system service (it runs under SYSTEM user)? Just in case I added it to test and it didn't solve the issue. I also figured that issue is not in code. I guess I need to do something else before calling that function.

Edit: I had to run it a service directly. Before I was using launcher app and required permissions went lost that way.

Edit2: had to update autoit on virtual machine to get it work there too

Edited by E1M1

edited

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0