Jump to content
Sign in to follow this  

SeDebugPrivilege confirm on runtime

Recommended Posts

#include <Array.au3>
#include <security.au3>
#include <WinAPI.au3>

$seDebug = _Security__LookupPrivilegeValue(Null, $SE_DEBUG_NAME)
If $seDebug Then
    ConsoleWrite(@CRLF & "[+] SeDebugPrivilege Available" & @CRLF)
    ConsoleWrite("[+] Getting CurrentProcess PID:" & @AutoItPID & " token" & @CRLF)
    $hToken = _Security__OpenProcessToken(_WinAPI_GetCurrentProcess(), $TOKEN_ALL_ACCESS)
    If $hToken Then
        ConsoleWrite("[+] Trying to set SeDebugPrivilege" & @CRLF)
        _Security__SetPrivilege($hToken, $SE_DEBUG_NAME, True)
        ConsoleWrite("[+] Confirming SeDebugPrivilege" & @CRLF)
        $d = DllStructGetData(_Security__GetTokenInformation($hToken, 3), 1)
        $privCount = Int(BinaryMid($d, 1, 4))
        $offset = 0
        $seDebugSet = False
        For $i = 1 To $privCount
            If $offset == 0 Then $offset = 5
            $luidandattributes = BinaryMid($d, $offset, 12)
            $highpart = Int(BinaryMid($luidandattributes, 1, 4))
            ;$lowpart = BinaryMid($luidandattributes,4,4)
            ;$attributes = BinaryMid($luidandattributes,8,4)
            $offset += 12
            If $highpart == $seDebug Then
                $seDebugSet = True
    If $seDebugSet Then
        ConsoleWrite("[+] SeDebugPrivilege Confirmed!" & @CRLF)
        ConsoleWrite("[-] Set SeDebugPrivilege Failed! Try Run as Administrator" & @CRLF)
    ConsoleWrite(@CRLF & "[+] SeDebugPrivilege Not Available" & @CRLF)

Hi, I made this above code to confirm whether SeDebug is enabled or not, is there any better and easy/efficient/correct way to check the same?

Edited by kanishk619

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this