kanishk619 Posted March 9, 2017 Share Posted March 9, 2017 (edited) expandcollapse popup#include <Array.au3> #include <security.au3> #include <WinAPI.au3> $seDebug = _Security__LookupPrivilegeValue(Null, $SE_DEBUG_NAME) If $seDebug Then ConsoleWrite(@CRLF & "[+] SeDebugPrivilege Available" & @CRLF) ConsoleWrite("[+] Getting CurrentProcess PID:" & @AutoItPID & " token" & @CRLF) $hToken = _Security__OpenProcessToken(_WinAPI_GetCurrentProcess(), $TOKEN_ALL_ACCESS) If $hToken Then ConsoleWrite("[+] Trying to set SeDebugPrivilege" & @CRLF) _Security__SetPrivilege($hToken, $SE_DEBUG_NAME, True) ConsoleWrite("[+] Confirming SeDebugPrivilege" & @CRLF) $d = DllStructGetData(_Security__GetTokenInformation($hToken, 3), 1) $privCount = Int(BinaryMid($d, 1, 4)) $offset = 0 $seDebugSet = False For $i = 1 To $privCount If $offset == 0 Then $offset = 5 $luidandattributes = BinaryMid($d, $offset, 12) $highpart = Int(BinaryMid($luidandattributes, 1, 4)) ;$lowpart = BinaryMid($luidandattributes,4,4) ;$attributes = BinaryMid($luidandattributes,8,4) $offset += 12 If $highpart == $seDebug Then $seDebugSet = True EndIf Next _WinAPI_CloseHandle($hToken) EndIf If $seDebugSet Then ConsoleWrite("[+] SeDebugPrivilege Confirmed!" & @CRLF) Else ConsoleWrite("[-] Set SeDebugPrivilege Failed! Try Run as Administrator" & @CRLF) EndIf Else ConsoleWrite(@CRLF & "[+] SeDebugPrivilege Not Available" & @CRLF) EndIf Hi, I made this above code to confirm whether SeDebug is enabled or not, is there any better and easy/efficient/correct way to check the same? Edited March 9, 2017 by kanishk619 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now