From b6d5dc93f294a2c781a7613c72169d0389137a3d Mon Sep 17 00:00:00 2001 From: Iain Patterson Date: Mon, 25 Jul 2016 17:23:52 +0100 Subject: [PATCH] Added get_debug_token(). New function to obtain SeDebugPrivilege privilege. --- process.cpp | 41 +++++++++++++++++++++++++++++++++++++++++ process.h | 1 + 2 files changed, 42 insertions(+) diff --git a/process.cpp b/process.cpp index fa8de6b..220411b 100644 --- a/process.cpp +++ b/process.cpp @@ -2,6 +2,47 @@ extern imports_t imports; +HANDLE get_debug_token() { + long error; + HANDLE token; + if (! OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, false, &token)) { + error = GetLastError(); + if (error == ERROR_NO_TOKEN) { + (void) ImpersonateSelf(SecurityImpersonation); + (void) OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, false, &token); + } + } + if (! token) return INVALID_HANDLE_VALUE; + + TOKEN_PRIVILEGES privileges, old; + unsigned long size = sizeof(TOKEN_PRIVILEGES); + LUID luid; + if (! LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) { + CloseHandle(token); + return INVALID_HANDLE_VALUE; + } + + privileges.PrivilegeCount = 1; + privileges.Privileges[0].Luid = luid; + privileges.Privileges[0].Attributes = 0; + + if (! AdjustTokenPrivileges(token, false, &privileges, size, &old, &size)) { + CloseHandle(token); + return INVALID_HANDLE_VALUE; + } + + old.PrivilegeCount = 1; + old.Privileges[0].Luid = luid; + old.Privileges[0].Attributes |= SE_PRIVILEGE_ENABLED; + + if (! AdjustTokenPrivileges(token, false, &old, size, NULL, NULL)) { + CloseHandle(token); + return INVALID_HANDLE_VALUE; + } + + return token; +} + void service_kill_t(nssm_service_t *service, kill_t *k) { if (! service) return; if (! k) return; diff --git a/process.h b/process.h index fe36f2f..de39cf0 100644 --- a/process.h +++ b/process.h @@ -21,6 +21,7 @@ typedef struct { typedef int (*walk_function_t)(nssm_service_t *, kill_t *); +HANDLE get_debug_token(); void service_kill_t(nssm_service_t *, kill_t *); int get_process_creation_time(HANDLE, FILETIME *); int get_process_exit_time(HANDLE, FILETIME *); -- 2.20.1