/// <summary> /// Enables or disables the specified privilege on the primary access token of the current process.</summary> /// <param name="privilege"> /// Privilege to enable or disable.</param> /// <param name="enable"> /// True to enable the privilege, false to disable it.</param> /// <returns> /// True if the privilege was enabled prior to the change, false if it was disabled.</returns> public static bool ModifyPrivilege(PrivilegeName privilege, bool enable) { if (!LookupPrivilegeValue(null, privilege.ToString(), out Luid luid)) { throw new Win32Exception(); } using (var identity = WindowsIdentity.GetCurrent(TokenAccessLevels.AdjustPrivileges | TokenAccessLevels.Query)) { var newPriv = new TokenPrivileges { Privileges = new LuidAndAttributes[] { new LuidAndAttributes { Luid = luid, Attributes = enable ? SE_PRIVILEGE_ENABLED : 0 } }, PrivilegeCount = 1 }; var prevPriv = new TokenPrivileges { Privileges = new LuidAndAttributes[1], PrivilegeCount = 1 }; if (!AdjustTokenPrivileges(identity.Token, false, ref newPriv, (uint)Marshal.SizeOf(prevPriv), ref prevPriv, out uint returnedBytes)) { throw new Win32Exception(); } return(prevPriv.PrivilegeCount == 0 ? enable /* didn't make a change */ : ((prevPriv.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED) != 0)); } }
public void SetPrivilege(PrivilegeName privilegeName, PrivilegeAttribute privilegeAttribute) { TokPriv1Luid tokenPrivilege; IntPtr hCurrentProcess = Kernel32.GetCurrentProcess(); IntPtr hProcessToken = IntPtr.Zero; if (!AdvApi32.OpenProcessToken(hCurrentProcess, AdvApi32.TOKEN_ADJUST_PRIVILEGES | AdvApi32.TOKEN_QUERY, ref hProcessToken)) { throw new Win32Exception(Marshal.GetLastWin32Error()); } tokenPrivilege.Count = 1; tokenPrivilege.Luid = 0; tokenPrivilege.Attr = (int)privilegeAttribute; if (!AdvApi32.LookupPrivilegeValue(null, PrivilegeStrings[(int)privilegeName], ref tokenPrivilege.Luid)) { throw new Win32Exception(Marshal.GetLastWin32Error()); } if (!AdvApi32.AdjustTokenPrivileges(hProcessToken, false, ref tokenPrivilege, 0, IntPtr.Zero, IntPtr.Zero)) { throw new Win32Exception(Marshal.GetLastWin32Error()); } }
/// <summary> /// Enables or disables the specified privilege on the primary /// access token of the current process. /// </summary> /// <param name="privilege">Privilege to enable or disable.</param> /// <param name="enable">True to enable the privilege, false to /// disable it.</param> /// <returns>True if the privilege was enabled prior to the change, /// false if it was disabled.</returns> public static bool ModifyPrivilege(PrivilegeName privilege, bool enable) { if (!LookupPrivilegeValue(null, privilege.ToString(), out LUID luid)) { throw new System.ComponentModel.Win32Exception(); } using (var identity = System.Security.Principal.WindowsIdentity.GetCurrent( System.Security.Principal.TokenAccessLevels.AdjustPrivileges | System.Security.Principal.TokenAccessLevels.Query)) { var newPriv = new TOKEN_PRIVILEGES { Privileges = new LUID_AND_ATTRIBUTES[1], PrivilegeCount = 1 }; newPriv.Privileges[0].Luid = luid; newPriv.Privileges[0].Attributes = enable ? SE_PRIVILEGE_ENABLED : 0; var prevPriv = new TOKEN_PRIVILEGES { Privileges = new LUID_AND_ATTRIBUTES[1], PrivilegeCount = 1 }; if (!AdjustTokenPrivileges(identity.Token, false, ref newPriv, (uint)Marshal.SizeOf(prevPriv), ref prevPriv, out uint returnedBytes)) { throw new System.ComponentModel.Win32Exception(); } return(prevPriv.PrivilegeCount == 0 ? enable /* didn't make a change */ : ((prevPriv.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED) != 0)); } }
/// <summary> /// Disable privilege /// </summary> /// <param name="process"></param> /// <param name="privilegeName"></param> /// <returns>Previous state for the privilege</returns> public static Privileges DisablePrivilege(Process process, PrivilegeName privilegeName) { Privileges newState = new Privileges { PrivilegeCount = 1, PrivilegeValueAndAttributesArray = new PrivilegeValueAndAttributes[PrivilegeConstants.MaxPrivilegeCount] }; newState.PrivilegeValueAndAttributesArray[0].Attributes = (uint)PrivilegeAttributes.PrivilegeDisabled; newState.PrivilegeValueAndAttributesArray[0].PrivilegeValue = LookupPrivilegeValue(null, privilegeName); return(AdjustTokenPrivileges(process, false, newState)); }
/// <summary> /// Lookup privilege value /// </summary> /// <param name="systemName"></param> /// <param name="privilegeName"></param> /// <returns></returns> public static PrivilegeValue LookupPrivilegeValue(string systemName, PrivilegeName privilegeName) { if (Environment.OSVersion.Platform != PlatformID.Win32NT || !CheckEntryPoint("advapi32.dll", "LookupPrivilegeValueA")) { throw new PrivilegeException("Failed to lookup privilege value. LookupPrivilegeValue() is not supported."); } PrivilegeValue privilegePrivilegeValue = new PrivilegeValue(); if (LookupPrivilegeValue(systemName, privilegeName.ToString(), ref privilegePrivilegeValue) == 0) { throw new PrivilegeException($"Failed to lookup privilege value for privilege '{privilegeName}'. Win32 error: {FormatError(Marshal.GetLastWin32Error())}"); } return(privilegePrivilegeValue); }
/// <summary> /// Check if specified process has a privilege /// </summary> /// <param name="systemName"></param> /// <param name="process"></param> /// <param name="privilegeName"></param> public static bool HasPrivilege(string systemName, Process process, PrivilegeName privilegeName) { var privileges = GetPrivileges(systemName, process); foreach (var privilege in privileges) { if (privilege.PrivilegeName == privilegeName) { if ((privilege.Attributes & PrivilegeAttributes.PrivilegeEnabled) > 0) { return(true); } return(false); } } return(false); }
public static _LUID GetPrivilegeLuid(PrivilegeName privilegeName) { switch (privilegeName) { case PrivilegeName.SE_ASSIGNPRIMARYTOKEN_NAME: return CreateLuid(0, 3); case PrivilegeName.SE_AUDIT_NAME: return CreateLuid(0, 21); case PrivilegeName.SE_BACKUP_NAME: return CreateLuid(0, 17); case PrivilegeName.SE_CHANGE_NOTIFY_NAME: return CreateLuid(0, 23); case PrivilegeName.SE_CREATE_GLOBAL_NAME: return CreateLuid(0, 30); case PrivilegeName.SE_CREATE_PAGEFILE_NAME: return CreateLuid(0, 15); case PrivilegeName.SE_CREATE_PERMANENT_NAME: return CreateLuid(0, 16); case PrivilegeName.SE_CREATE_TOKEN_NAME: return CreateLuid(0, 2); case PrivilegeName.SE_DEBUG_NAME: return CreateLuid(0, 20); case PrivilegeName.SE_ENABLE_DELEGATION_NAME: return CreateLuid(0, 27); case PrivilegeName.SE_IMPERSONATE_NAME: return CreateLuid(0, 29); case PrivilegeName.SE_INC_BASE_PRIORITY_NAME: return CreateLuid(0, 14); case PrivilegeName.SE_INCREASE_QUOTA_NAME: return CreateLuid(0, 5); case PrivilegeName.SE_LOAD_DRIVER_NAME: return CreateLuid(0, 10); case PrivilegeName.SE_LOCK_MEMORY_NAME: return CreateLuid(0, 4); case PrivilegeName.SE_MACHINE_ACCOUNT_NAME: return CreateLuid(0, 6); case PrivilegeName.SE_MANAGE_VOLUME_NAME: return CreateLuid(0, 28); case PrivilegeName.SE_PROF_SINGLE_PROCESS_NAME: return CreateLuid(0, 13); case PrivilegeName.SE_REMOTE_SHUTDOWN_NAME: return CreateLuid(0, 24); case PrivilegeName.SE_RESTORE_NAME: return CreateLuid(0, 18); case PrivilegeName.SE_SECURITY_NAME: return CreateLuid(0, 8); case PrivilegeName.SE_SHUTDOWN_NAME: return CreateLuid(0, 19); case PrivilegeName.SE_SYNC_AGENT_NAME: return CreateLuid(0, 26); case PrivilegeName.SE_SYSTEM_ENVIRONMENT_NAME: return CreateLuid(0, 22); case PrivilegeName.SE_SYSTEM_PROFILE_NAME: return CreateLuid(0, 11); case PrivilegeName.SE_SYSTEMTIME_NAME: return CreateLuid(0, 12); case PrivilegeName.SE_TAKE_OWNERSHIP_NAME: return CreateLuid(0, 9); case PrivilegeName.SE_TCB_NAME: return CreateLuid(0, 7); case PrivilegeName.SE_UNDOCK_NAME: return CreateLuid(0, 25); case PrivilegeName.SE_CREATE_SYMBOLIC_LINK_NAME: return CreateLuid(0, 35); case PrivilegeName.SE_INC_WORKING_SET_NAME: return CreateLuid(0, 33); case PrivilegeName.SE_RELABEL_NAME: return CreateLuid(0, 32); case PrivilegeName.SE_TIME_ZONE_NAME: return CreateLuid(0, 34); case PrivilegeName.SE_TRUSTED_CREDMAN_ACCESS_NAME: return CreateLuid(0, 31); default: throw new ArgumentException("Invalid privilege name.", "privilegeName"); } }
/// <summary> /// Constructor /// </summary> public AdjustPrivilege(PrivilegeName privilegeName) { _process = Process.GetCurrentProcess(); _previousState = PrivilegeProvider.EnablePrivilege(_process, privilegeName); }