Sardith Posted July 17, 2006 Share Posted July 17, 2006 Does anyone know how to set a script or autoit.exe to have Debug privileges? Using autoit, id rather not use tsearch or anything to do so. Dllcall maybe? [font="Verdana"]Valik:Get it straight - I'm not here to say please, I'm here to help - if my help's not appreciated then lotsa luck, gentlemen.[/font] Link to comment Share on other sites More sharing options...
Sardith Posted July 17, 2006 Author Share Posted July 17, 2006 C++ for it. int iGetDebugPrivilege ( void ) { HANDLE hToken; TOKEN_PRIVILEGES CurrentTPriv; LUID luidVal; if ( OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken) == FALSE ) return 0; if ( LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luidVal) == FALSE ) { CloseHandle( hToken ); return 0; } CurrentTPriv.PrivilegeCount = 1; CurrentTPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; CurrentTPriv.Privileges[0].Luid = luidVal; int iRet = AdjustTokenPrivileges(hToken, FALSE, &CurrentTPriv, sizeof( TOKEN_PRIVILEGES ), NULL, NULL); CloseHandle(hToken); return iRet; } [font="Verdana"]Valik:Get it straight - I'm not here to say please, I'm here to help - if my help's not appreciated then lotsa luck, gentlemen.[/font] Link to comment Share on other sites More sharing options...
Nomad Posted July 17, 2006 Share Posted July 17, 2006 I believe debug priviledges are granted when you open the selected process with the correct access handle. I've asked a similar question in the past and nobody could directly answer it. So far, I haven't heard from anyone complaining that they couldn't read their memory with my memory functions, and if they needed these token priviledges, they wouldn't be able to read the process' memory if they didn't have these priviledges. Nomad Link to comment Share on other sites More sharing options...
Sardith Posted July 17, 2006 Author Share Posted July 17, 2006 The point I made about tsearch is, There's a program made in tsearch that can change it to debug privs. So memory really had nothing to do with it. [font="Verdana"]Valik:Get it straight - I'm not here to say please, I'm here to help - if my help's not appreciated then lotsa luck, gentlemen.[/font] Link to comment Share on other sites More sharing options...
Nomad Posted July 17, 2006 Share Posted July 17, 2006 (edited) The point I made about tsearch is, There's a program made in tsearch that can change it to debug privs. So memory really had nothing to do with it.It has everything to do with it. Debug priviledges are required to read from any process' virtual memory space. If you are an administrator on the computer you are using, you have these priviledges by default. If you do not have administrative priviledges for the computer you are using, then you must set the token priviledges to TRUE before the system will allow you to access the virtual memory space of a process.So, if you are able to read from memory, then you have these priviledges, if you can't, then you don't. Also, T-Search is a "memory tool", so how can memory have nothing to do with it? Edit: my point is, I think AutoIt automatically adjusts the tokens when you open the process or something, because nobody has complained about not being able to access the memory and I've not attempted to implement a token priviledge adjustment. Edited July 17, 2006 by Nomad Link to comment Share on other sites More sharing options...
Nomad Posted July 17, 2006 Share Posted July 17, 2006 (edited) Here is a sample program, witten in C by Netter, in which he has to adjust the tokens. I can do the same thing with AutoIt and not adjust the tokens... removed Edit: In fact, if you check "MemRead" in my signature, you'll see this program done in AutoIt. It's not exactly the same, but it's close. Edited July 19, 2006 by Nomad Link to comment Share on other sites More sharing options...
Sardith Posted July 17, 2006 Author Share Posted July 17, 2006 Nomad, could you guide me in making a debug token changer? Id like to keep all of my program in Autoit [font="Verdana"]Valik:Get it straight - I'm not here to say please, I'm here to help - if my help's not appreciated then lotsa luck, gentlemen.[/font] Link to comment Share on other sites More sharing options...
Nomad Posted July 17, 2006 Share Posted July 17, 2006 Nomad, could you guide me in making a debug token changer? Id like to keep all of my program in AutoitI'd have to do some research of my own, which was why I asked this same question myself a while back. I don't think you need it, but if you do then yes, I'll help. Because if this is still required in AutoIt, then I also need to do it, and that means doing some research. It will most likely have to be done with a DllCall and possibly a DllStruct. But it shouldn't be too difficult. Link to comment Share on other sites More sharing options...
Sardith Posted July 18, 2006 Author Share Posted July 18, 2006 I need it for game injection reasons. Without it, the .dll injection will fail. [font="Verdana"]Valik:Get it straight - I'm not here to say please, I'm here to help - if my help's not appreciated then lotsa luck, gentlemen.[/font] Link to comment Share on other sites More sharing options...
Nomad Posted July 18, 2006 Share Posted July 18, 2006 I need it for game injection reasons. Without it, the .dll injection will fail.I'm looking into it, I should have a rough script shortly.Nomad Link to comment Share on other sites More sharing options...
Sardith Posted July 18, 2006 Author Share Posted July 18, 2006 Thanks so much Nomad. [font="Verdana"]Valik:Get it straight - I'm not here to say please, I'm here to help - if my help's not appreciated then lotsa luck, gentlemen.[/font] Link to comment Share on other sites More sharing options...
Nomad Posted July 18, 2006 Share Posted July 18, 2006 (edited) Thanks so much Nomad.No problem. Here is a rough script, I'm not sure if it will work or not. I have Windows 98, and you need Windows 2000+ to use this. All Windows systems prior to 2000 do not need this anyway. ;removed. Source: removed If it doesn't work, let me know anything you can about what happened, including any error codes. As I said, I have no way to test this. Nomad Edited July 19, 2006 by Nomad Link to comment Share on other sites More sharing options...
Nomad Posted July 18, 2006 Share Posted July 18, 2006 Well? Does it work? I'd like to know if it does, so I know I can use it if it's going to be needed for other users of my scripts which access the virtual memory space of a process. If it doesn't, then I can change a few things that I wasn't 100% sure of when I wrote it (differences between AutoIt default standards and C++). I also slapped this together in less than an hour. So... Nomad Link to comment Share on other sites More sharing options...
Nomad Posted July 19, 2006 Share Posted July 19, 2006 Moved code to alternate site. Nomad. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now