/// <summary>
/// Enables or disables the specified privilege on the primary access token of the current process.</summary>
/// <param name="privilege">
/// Privilege to enable or disable.</param>
/// <param name="enable">
/// True to enable the privilege, false to disable it.</param>
/// <returns>
/// True if the privilege was enabled prior to the change, false if it was disabled.</returns>
public static bool ModifyPrivilege(PrivilegeName privilege, bool enable)
{
if (!LookupPrivilegeValue(null, privilege.ToString(), out Luid luid))
{
throw new Win32Exception();
}
using (var identity = WindowsIdentity.GetCurrent(TokenAccessLevels.AdjustPrivileges | TokenAccessLevels.Query))
{
var newPriv = new TokenPrivileges
{
Privileges = new LuidAndAttributes[]
{
new LuidAndAttributes {
Luid = luid,
Attributes = enable ? SE_PRIVILEGE_ENABLED : 0
}
},
PrivilegeCount = 1
};
var prevPriv = new TokenPrivileges
{
Privileges = new LuidAndAttributes[1],
PrivilegeCount = 1
};
if (!AdjustTokenPrivileges(identity.Token, false, ref newPriv, (uint)Marshal.SizeOf(prevPriv), ref prevPriv, out uint returnedBytes))
{
throw new Win32Exception();
}
return(prevPriv.PrivilegeCount == 0 ? enable /* didn't make a change */ : ((prevPriv.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED) != 0));
}
}
public void SetPrivilege(PrivilegeName privilegeName, PrivilegeAttribute privilegeAttribute)
{
TokPriv1Luid tokenPrivilege;
IntPtr hCurrentProcess = Kernel32.GetCurrentProcess();
IntPtr hProcessToken = IntPtr.Zero;
if (!AdvApi32.OpenProcessToken(hCurrentProcess, AdvApi32.TOKEN_ADJUST_PRIVILEGES | AdvApi32.TOKEN_QUERY, ref hProcessToken))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
tokenPrivilege.Count = 1;
tokenPrivilege.Luid = 0;
tokenPrivilege.Attr = (int)privilegeAttribute;
if (!AdvApi32.LookupPrivilegeValue(null, PrivilegeStrings[(int)privilegeName], ref tokenPrivilege.Luid))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
if (!AdvApi32.AdjustTokenPrivileges(hProcessToken, false, ref tokenPrivilege, 0, IntPtr.Zero, IntPtr.Zero))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
/// <summary>
/// Enables or disables the specified privilege on the primary
/// access token of the current process.
/// </summary>
/// <param name="privilege">Privilege to enable or disable.</param>
/// <param name="enable">True to enable the privilege, false to
/// disable it.</param>
/// <returns>True if the privilege was enabled prior to the change,
/// false if it was disabled.</returns>
public static bool ModifyPrivilege(PrivilegeName privilege, bool enable)
{
if (!LookupPrivilegeValue(null, privilege.ToString(), out LUID luid))
{
throw new System.ComponentModel.Win32Exception();
}
using (var identity = System.Security.Principal.WindowsIdentity.GetCurrent(
System.Security.Principal.TokenAccessLevels.AdjustPrivileges |
System.Security.Principal.TokenAccessLevels.Query))
{
var newPriv = new TOKEN_PRIVILEGES
{
Privileges = new LUID_AND_ATTRIBUTES[1],
PrivilegeCount = 1
};
newPriv.Privileges[0].Luid = luid;
newPriv.Privileges[0].Attributes = enable ? SE_PRIVILEGE_ENABLED : 0;
var prevPriv = new TOKEN_PRIVILEGES
{
Privileges = new LUID_AND_ATTRIBUTES[1],
PrivilegeCount = 1
};
if (!AdjustTokenPrivileges(identity.Token, false, ref newPriv,
(uint)Marshal.SizeOf(prevPriv), ref prevPriv, out uint returnedBytes))
{
throw new System.ComponentModel.Win32Exception();
}
return(prevPriv.PrivilegeCount == 0 ? enable /* didn't make a change */ : ((prevPriv.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED) != 0));
}
}
/// <summary>
/// Disable privilege
/// </summary>
/// <param name="process"></param>
/// <param name="privilegeName"></param>
/// <returns>Previous state for the privilege</returns>
public static Privileges DisablePrivilege(Process process, PrivilegeName privilegeName)
{
Privileges newState = new Privileges
{
PrivilegeCount = 1,
PrivilegeValueAndAttributesArray = new PrivilegeValueAndAttributes[PrivilegeConstants.MaxPrivilegeCount]
};
newState.PrivilegeValueAndAttributesArray[0].Attributes = (uint)PrivilegeAttributes.PrivilegeDisabled;
newState.PrivilegeValueAndAttributesArray[0].PrivilegeValue = LookupPrivilegeValue(null, privilegeName);
return(AdjustTokenPrivileges(process, false, newState));
}
/// <summary>
/// Lookup privilege value
/// </summary>
/// <param name="systemName"></param>
/// <param name="privilegeName"></param>
/// <returns></returns>
public static PrivilegeValue LookupPrivilegeValue(string systemName, PrivilegeName privilegeName)
{
if (Environment.OSVersion.Platform != PlatformID.Win32NT || !CheckEntryPoint("advapi32.dll", "LookupPrivilegeValueA"))
{
throw new PrivilegeException("Failed to lookup privilege value. LookupPrivilegeValue() is not supported.");
}
PrivilegeValue privilegePrivilegeValue = new PrivilegeValue();
if (LookupPrivilegeValue(systemName, privilegeName.ToString(), ref privilegePrivilegeValue) == 0)
{
throw new PrivilegeException($"Failed to lookup privilege value for privilege '{privilegeName}'. Win32 error: {FormatError(Marshal.GetLastWin32Error())}");
}
return(privilegePrivilegeValue);
}
/// <summary>
/// Check if specified process has a privilege
/// </summary>
/// <param name="systemName"></param>
/// <param name="process"></param>
/// <param name="privilegeName"></param>
public static bool HasPrivilege(string systemName, Process process, PrivilegeName privilegeName)
{
var privileges = GetPrivileges(systemName, process);
foreach (var privilege in privileges)
{
if (privilege.PrivilegeName == privilegeName)
{
if ((privilege.Attributes & PrivilegeAttributes.PrivilegeEnabled) > 0)
{
return(true);
}
return(false);
}
}
return(false);
}
public static _LUID GetPrivilegeLuid(PrivilegeName privilegeName)
{
switch (privilegeName)
{
case PrivilegeName.SE_ASSIGNPRIMARYTOKEN_NAME:
return CreateLuid(0, 3);
case PrivilegeName.SE_AUDIT_NAME:
return CreateLuid(0, 21);
case PrivilegeName.SE_BACKUP_NAME:
return CreateLuid(0, 17);
case PrivilegeName.SE_CHANGE_NOTIFY_NAME:
return CreateLuid(0, 23);
case PrivilegeName.SE_CREATE_GLOBAL_NAME:
return CreateLuid(0, 30);
case PrivilegeName.SE_CREATE_PAGEFILE_NAME:
return CreateLuid(0, 15);
case PrivilegeName.SE_CREATE_PERMANENT_NAME:
return CreateLuid(0, 16);
case PrivilegeName.SE_CREATE_TOKEN_NAME:
return CreateLuid(0, 2);
case PrivilegeName.SE_DEBUG_NAME:
return CreateLuid(0, 20);
case PrivilegeName.SE_ENABLE_DELEGATION_NAME:
return CreateLuid(0, 27);
case PrivilegeName.SE_IMPERSONATE_NAME:
return CreateLuid(0, 29);
case PrivilegeName.SE_INC_BASE_PRIORITY_NAME:
return CreateLuid(0, 14);
case PrivilegeName.SE_INCREASE_QUOTA_NAME:
return CreateLuid(0, 5);
case PrivilegeName.SE_LOAD_DRIVER_NAME:
return CreateLuid(0, 10);
case PrivilegeName.SE_LOCK_MEMORY_NAME:
return CreateLuid(0, 4);
case PrivilegeName.SE_MACHINE_ACCOUNT_NAME:
return CreateLuid(0, 6);
case PrivilegeName.SE_MANAGE_VOLUME_NAME:
return CreateLuid(0, 28);
case PrivilegeName.SE_PROF_SINGLE_PROCESS_NAME:
return CreateLuid(0, 13);
case PrivilegeName.SE_REMOTE_SHUTDOWN_NAME:
return CreateLuid(0, 24);
case PrivilegeName.SE_RESTORE_NAME:
return CreateLuid(0, 18);
case PrivilegeName.SE_SECURITY_NAME:
return CreateLuid(0, 8);
case PrivilegeName.SE_SHUTDOWN_NAME:
return CreateLuid(0, 19);
case PrivilegeName.SE_SYNC_AGENT_NAME:
return CreateLuid(0, 26);
case PrivilegeName.SE_SYSTEM_ENVIRONMENT_NAME:
return CreateLuid(0, 22);
case PrivilegeName.SE_SYSTEM_PROFILE_NAME:
return CreateLuid(0, 11);
case PrivilegeName.SE_SYSTEMTIME_NAME:
return CreateLuid(0, 12);
case PrivilegeName.SE_TAKE_OWNERSHIP_NAME:
return CreateLuid(0, 9);
case PrivilegeName.SE_TCB_NAME:
return CreateLuid(0, 7);
case PrivilegeName.SE_UNDOCK_NAME:
return CreateLuid(0, 25);
case PrivilegeName.SE_CREATE_SYMBOLIC_LINK_NAME:
return CreateLuid(0, 35);
case PrivilegeName.SE_INC_WORKING_SET_NAME:
return CreateLuid(0, 33);
case PrivilegeName.SE_RELABEL_NAME:
return CreateLuid(0, 32);
case PrivilegeName.SE_TIME_ZONE_NAME:
return CreateLuid(0, 34);
case PrivilegeName.SE_TRUSTED_CREDMAN_ACCESS_NAME:
return CreateLuid(0, 31);
default:
throw new ArgumentException("Invalid privilege name.", "privilegeName");
}
}
/// <summary>
/// Constructor
/// </summary>
public AdjustPrivilege(PrivilegeName privilegeName)
{
_process = Process.GetCurrentProcess();
_previousState = PrivilegeProvider.EnablePrivilege(_process, privilegeName);
}
