Sign in to follow this  
Followers 0
Sardith

Debug privileges

14 posts in this topic

Does anyone know how to set a script or autoit.exe to have Debug privileges? Using autoit, id rather not use tsearch or anything to do so.

Dllcall maybe?


[font="Verdana"]Valik:Get it straight - I'm not here to say please, I'm here to help - if my help's not appreciated then lotsa luck, gentlemen.[/font]

Share this post


Link to post
Share on other sites



C++ for it.

int iGetDebugPrivilege ( void )
{
    HANDLE           hToken;
    TOKEN_PRIVILEGES   CurrentTPriv;
    LUID               luidVal;

    if ( OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken) == FALSE )
        return 0;

    if ( LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luidVal) == FALSE )
    {
        CloseHandle( hToken );
        return 0;
    }

    CurrentTPriv.PrivilegeCount         = 1;
    CurrentTPriv.Privileges[0].Attributes  = SE_PRIVILEGE_ENABLED;
    CurrentTPriv.Privileges[0].Luid     = luidVal;

    int iRet = AdjustTokenPrivileges(hToken, FALSE, &CurrentTPriv, sizeof( TOKEN_PRIVILEGES ), NULL, NULL);

    CloseHandle(hToken);

    return iRet;
}

[font="Verdana"]Valik:Get it straight - I'm not here to say please, I'm here to help - if my help's not appreciated then lotsa luck, gentlemen.[/font]

Share this post


Link to post
Share on other sites

I believe debug priviledges are granted when you open the selected process with the correct access handle. I've asked a similar question in the past and nobody could directly answer it. So far, I haven't heard from anyone complaining that they couldn't read their memory with my memory functions, and if they needed these token priviledges, they wouldn't be able to read the process' memory if they didn't have these priviledges.

Nomad :D


Share this post


Link to post
Share on other sites

The point I made about tsearch is, There's a program made in tsearch that can change it to debug privs. So memory really had nothing to do with it.


[font="Verdana"]Valik:Get it straight - I'm not here to say please, I'm here to help - if my help's not appreciated then lotsa luck, gentlemen.[/font]

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

The point I made about tsearch is, There's a program made in tsearch that can change it to debug privs. So memory really had nothing to do with it.

It has everything to do with it. Debug priviledges are required to read from any process' virtual memory space. If you are an administrator on the computer you are using, you have these priviledges by default. If you do not have administrative priviledges for the computer you are using, then you must set the token priviledges to TRUE before the system will allow you to access the virtual memory space of a process.

So, if you are able to read from memory, then you have these priviledges, if you can't, then you don't. Also, T-Search is a "memory tool", so how can memory have nothing to do with it? :D

Edit: my point is, I think AutoIt automatically adjusts the tokens when you open the process or something, because nobody has complained about not being able to access the memory and I've not attempted to implement a token priviledge adjustment.

Edited by Nomad

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

Here is a sample program, witten in C by Netter, in which he has to adjust the tokens. I can do the same thing with AutoIt and not adjust the tokens...

removed

Edit: In fact, if you check "MemRead" in my signature, you'll see this program done in AutoIt. It's not exactly the same, but it's close.

Edited by Nomad

Share this post


Link to post
Share on other sites

Nomad, could you guide me in making a debug token changer? Id like to keep all of my program in Autoit


[font="Verdana"]Valik:Get it straight - I'm not here to say please, I'm here to help - if my help's not appreciated then lotsa luck, gentlemen.[/font]

Share this post


Link to post
Share on other sites

Nomad, could you guide me in making a debug token changer? Id like to keep all of my program in Autoit

I'd have to do some research of my own, which was why I asked this same question myself a while back. I don't think you need it, but if you do then yes, I'll help. Because if this is still required in AutoIt, then I also need to do it, and that means doing some research. It will most likely have to be done with a DllCall and possibly a DllStruct. But it shouldn't be too difficult.

Share this post


Link to post
Share on other sites

I need it for game injection reasons. Without it, the .dll injection will fail.


[font="Verdana"]Valik:Get it straight - I'm not here to say please, I'm here to help - if my help's not appreciated then lotsa luck, gentlemen.[/font]

Share this post


Link to post
Share on other sites

I need it for game injection reasons. Without it, the .dll injection will fail.

I'm looking into it, I should have a rough script shortly.

Nomad :D


Share this post


Link to post
Share on other sites

Thanks so much Nomad.


[font="Verdana"]Valik:Get it straight - I'm not here to say please, I'm here to help - if my help's not appreciated then lotsa luck, gentlemen.[/font]

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

Thanks so much Nomad.

No problem. Here is a rough script, I'm not sure if it will work or not. I have Windows 98, and you need Windows 2000+ to use this. All Windows systems prior to 2000 do not need this anyway.

;removed.

Source:

removed

If it doesn't work, let me know anything you can about what happened, including any error codes. As I said, I have no way to test this.

Nomad :D

Edited by Nomad

Share this post


Link to post
Share on other sites

Well? Does it work? I'd like to know if it does, so I know I can use it if it's going to be needed for other users of my scripts which access the virtual memory space of a process. If it doesn't, then I can change a few things that I wasn't 100% sure of when I wrote it (differences between AutoIt default standards and C++).

I also slapped this together in less than an hour. So... :wacko:

Nomad :D


Share this post


Link to post
Share on other sites

Moved code to alternate site.

Nomad.


Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0