internal static extern bool AdjustTokenPrivileges(
SafeTokenHandle TokenHandle,
bool DisableAllPrivileges,
ref TOKEN_PRIVILEGE NewState,
uint BufferLength,
ref TOKEN_PRIVILEGE PreviousState,
ref uint ReturnLength);
bool AdjustTokenPrivileges(
[In] SafeAccessTokenHandle TokenHandle,
[In] bool DisableAllPrivileges,
[In] ref TOKEN_PRIVILEGE NewState,
[In] uint BufferLength,
[In] IntPtr PreviousState,
[In] IntPtr ReturnLength);
static bool SetPrivilege(IntPtr tokenHandle, string privilegeName, bool privilegeState)
{
const uint SE_PRIVILEGE_DISABLED = 0x00000000;
const uint SE_PRIVILEGE_ENABLED = 0x00000002;
LUID luid;
if (LookupPrivilegeValue(null, privilegeName, out luid))
{
TOKEN_PRIVILEGE tp = new TOKEN_PRIVILEGE();
tp.PrivilegeCount = 1;
tp.Privilege.Luid = luid;
tp.Privilege.Attributes = privilegeState ? SE_PRIVILEGE_ENABLED : SE_PRIVILEGE_DISABLED;
//
// Enable the privilege or disable all privileges.
//
if (AdjustTokenPrivileges(tokenHandle, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero))
{
////
//// Check to see if you have proper access.
//// You may get "ERROR_NOT_ALL_ASSIGNED".
////
//bRet = (GetLastError() == ERROR_SUCCESS);
return(true);
}
}
return(false);
}
internal static extern bool AdjustTokenPrivileges(
[In] SafeTokenHandle TokenHandle,
[In] bool DisableAllPrivileges,
[In] ref TOKEN_PRIVILEGE NewState,
[In] uint BufferLength,
[In, Out] ref TOKEN_PRIVILEGE PreviousState,
[In, Out] ref uint ReturnLength);
internal static extern bool AdjustTokenPrivileges(
SafeTokenHandle TokenHandle,
bool DisableAllPrivileges,
ref TOKEN_PRIVILEGE NewState,
uint BufferLength,
ref TOKEN_PRIVILEGE PreviousState,
ref uint ReturnLength);
public static void EnableSecurityRights(string desiredAccess, bool on)
{
IntPtr token = IntPtr.Zero;
if (!OpenProcessToken(GetCurrentProcess(), TokenAccessLevels.AdjustPrivileges | TokenAccessLevels.Query,
ref token))
{
return;
}
LUID luid = new LUID();
if (!LookupPrivilegeValue(null, desiredAccess, ref luid))
{
CloseHandle(token);
return;
}
TOKEN_PRIVILEGE tp = new TOKEN_PRIVILEGE();
tp.PrivilegeCount = 1;
tp.Privilege = new LUID_AND_ATTRIBUTES();
tp.Privilege.Attributes = on ? SE_PRIVILEGE_ENABLED : SE_PRIVILEGE_DISABLED;
tp.Privilege.Luid = luid;
int cbTp = Marshal.SizeOf(tp);
if (!AdjustTokenPrivileges(token, false, ref tp, (uint)cbTp, IntPtr.Zero, IntPtr.Zero))
{
Debug.WriteLine(new Win32Exception().Message);
}
CloseHandle(token);
}
private static extern bool AdjustTokenPrivileges(
IntPtr htok,
bool disall,
ref TOKEN_PRIVILEGE newst,
int len,
IntPtr prev,
IntPtr relen);
public static void Reboot()
{
LUID luid = new LUID();
if (!LookupPrivilegeValue("", "SeShutdownPrivilege", ref luid))
{
throw new Win32Exception(Marshal.GetLastWin32Error(), "LookupPrivilegeValue");
}
TOKEN_PRIVILEGE newPriv = new TOKEN_PRIVILEGE()
{
PrivilegeCount = 1,
Privilege = new LUID_AND_ATTRIBUTES()
{
Luid = luid, Attributes = SE_PRIVILEGE_ENABLED
}
};
if (!AdjustTokenPrivileges(WindowsIdentity.GetCurrent().Token, false, ref newPriv, Marshal.SizeOf(newPriv), IntPtr.Zero, IntPtr.Zero))
{
throw new Win32Exception(Marshal.GetLastWin32Error(), "AdjustTokenPrivileges");
}
if (!InitiateSystemShutdown(null, null, 0, true, true))
{
throw new Win32Exception(Marshal.GetLastWin32Error(), "ExitWindowsEx");
}
}
internal static extern bool AdjustTokenPrivileges(
[In] SafeCloseHandle tokenHandle,
[In] bool disableAllPrivileges,
[In] ref TOKEN_PRIVILEGE newState,
[In] uint bufferLength,
[Out] out TOKEN_PRIVILEGE previousState,
[Out] out uint returnLength
);
public static extern bool AdjustTokenPrivileges(
SafeTokenHandle TokenHandle,
[MarshalAs(UnmanagedType.Bool)]
bool DisableAllPrivileges,
ref TOKEN_PRIVILEGE NewState,
uint BufferLength,
ref TOKEN_PRIVILEGE PreviousState,
ref uint ReturnLength);
//-------------------------------------------------------------------------------------------------
public static bool TryToSetPrivilege(string szPrivilege, bool bEnablePrivilege)
{
//-------------------------------------------------------------------------------------------------
bool fSuccess = false;
IntPtr hToken = IntPtr.Zero;
try
{
TOKEN_PRIVILEGE prevState = new TOKEN_PRIVILEGE();
uint returnLength = 0;
TOKEN_PRIVILEGE privilegesToGet;
privilegesToGet.PrivilegeCount = 1;
privilegesToGet.Privileges.Luid.LowPart = 0;
privilegesToGet.Privileges.Luid.HighPart = 0;
privilegesToGet.Privileges.Attributes = bEnablePrivilege ? SE_PRIVILEGE_ENABLED : 0;
if (!OpenProcessToken(ProcessToken: System.Diagnostics.Process.GetCurrentProcess().Handle //GetCurrentProcess()
, DesiredAccess: TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges
, TokenHandle: ref hToken))
{
ThrowWin32Exception("OpenProcessToken");
}
else if (!LookupPrivilegeValue(lpSystemName: null
, lpName: szPrivilege
, Luid: ref privilegesToGet.Privileges.Luid))
{
ThrowWin32Exception("LookupPrivilegeValue");
}
else if (!AdjustTokenPrivileges(TokenHandle: hToken
, DisableAllPrivileges: false
, NewState: ref privilegesToGet
, BufferLength: (uint)System.Runtime.InteropServices.Marshal.SizeOf(privilegesToGet)
, PreviousState: ref prevState
, ReturnLength: ref returnLength))
{
ThrowWin32Exception("AdjustTokenPrivileges");
}
else if (System.Runtime.InteropServices.Marshal.GetLastWin32Error() == ERROR_NOT_ALL_ASSIGNED)
{
ThrowWin32Exception("AdjustTokenPrivileges");
}
else
{
fSuccess = true;
} /* endif */
}
finally
{
if (hToken != IntPtr.Zero)
{
CloseHandle(hToken);
}
}
return(fSuccess);
}
/// <summary>
/// Restore the previous privilege state
/// </summary>
/// <param name="privilegeName"></param>
/// <param name="previousPrivilegeState"></param>
/// <returns></returns>
internal static bool RestoreTokenPrivilege(string privilegeName, ref TOKEN_PRIVILEGE previousPrivilegeState)
{
// The privilege was not changed, do not need to restore it.
if (previousPrivilegeState.PrivilegeCount == 0)
{
return(true);
}
bool success = false;
TOKEN_PRIVILEGE newState = new TOKEN_PRIVILEGE();
// Check if the caller has the specified privilege or not. If the caller has it, check the LUID specified in previousPrivilegeState
// to see if the previousPrivilegeState is defined for the same privilege
if (LookupPrivilegeValue(null, privilegeName, ref newState.Privilege.Luid) &&
newState.Privilege.Luid.HighPart == previousPrivilegeState.Privilege.Luid.HighPart &&
newState.Privilege.Luid.LowPart == previousPrivilegeState.Privilege.Luid.LowPart)
{
// Get the pseudo handler of the current process
IntPtr processHandler = GetCurrentProcess();
if (processHandler != IntPtr.Zero)
{
// Get the handler of the current process's access token
IntPtr tokenHandler = IntPtr.Zero;
if (OpenProcessToken(processHandler, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out tokenHandler))
{
int bufferSize = Marshal.SizeOf <TOKEN_PRIVILEGE>();
int returnSize = 0;
// restore the privilege state back to the previous privilege state
if (AdjustTokenPrivileges(tokenHandler, false, ref previousPrivilegeState, bufferSize, out newState, ref returnSize))
{
if (Marshal.GetLastWin32Error() == ERROR_SUCCESS)
{
success = true;
}
}
}
if (tokenHandler != IntPtr.Zero)
{
CloseHandle(tokenHandler);
}
CloseHandle(processHandler);
}
}
return(success);
}
public static bool SetProcessPrivilege(string privilege, bool newState, out bool previousState)
{
bool flag = false;
previousState = false;
bool result;
try
{
IntPtr zero = IntPtr.Zero;
LUID luid = default(LUID);
luid.LowPart = 0U;
luid.HighPart = 0U;
if (!OpenProcessToken(GetCurrentProcess(), TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, ref zero))
{
result = false;
}
else if (!LookupPrivilegeValueW(null, privilege, ref luid))
{
CloseHandle(zero);
result = false;
}
else
{
TOKEN_PRIVILEGE token_PRIVILEGE = default(TOKEN_PRIVILEGE);
TOKEN_PRIVILEGE token_PRIVILEGE2 = default(TOKEN_PRIVILEGE);
token_PRIVILEGE.PrivilegeCount = 1U;
token_PRIVILEGE.Privilege.Luid = luid;
token_PRIVILEGE.Privilege.Attributes = (newState ? 2U : 0U);
uint num = 0U;
AdjustTokenPrivileges(zero, false, ref token_PRIVILEGE, (uint)Marshal.SizeOf(token_PRIVILEGE2), ref token_PRIVILEGE2, ref num);
previousState = ((token_PRIVILEGE2.Privilege.Attributes & 2U) > 0U);
flag = true;
CloseHandle(zero);
result = true;
}
}
catch (Exception)
{
result = flag;
}
return(result);
}
public static bool SetPrivilege(string name, bool enable)
{
IntPtr token = IntPtr.Zero;
TOKEN_PRIVILEGE tp = new TOKEN_PRIVILEGE();
bool status = false;
try
{
OpenProcessToken(GetCurrentProcess(), TokenAccess.AdjustPrivileges | TokenAccess.Query, &token);
LookupPrivilegeValue(null, name, ref tp.Privilege.Luid);
tp.PrivilegeCount = 1;
tp.Privilege.Attributes = enable ? SE_PRIVILEGE_ENABLED : 0;
status = AdjustTokenPrivileges(token, false, ref tp, 0, null, null);
if (status && Marshal.GetLastWin32Error() != 0)
status = false;
}
finally
{
CloseHandle(token);
}
return status;
}
/// <summary>
/// Restore the previous privilege state
/// </summary>
/// <param name="privilegeName"></param>
/// <param name="previousPrivilegeState"></param>
/// <returns></returns>
internal static bool RestoreTokenPrivilege(string privilegeName, ref TOKEN_PRIVILEGE previousPrivilegeState)
{
// The privilege was not changed, do not need to restore it.
if (previousPrivilegeState.PrivilegeCount == 0)
{
return true;
}
bool success = false;
TOKEN_PRIVILEGE newState = new TOKEN_PRIVILEGE();
// Check if the caller has the specified privilege or not. If the caller has it, check the LUID specified in previousPrivilegeState
// to see if the previousPrivilegeState is defined for the same privilege
if (LookupPrivilegeValue(null, privilegeName, ref newState.Privilege.Luid) &&
newState.Privilege.Luid.HighPart == previousPrivilegeState.Privilege.Luid.HighPart &&
newState.Privilege.Luid.LowPart == previousPrivilegeState.Privilege.Luid.LowPart)
{
// Get the pseudo handler of the current process
IntPtr processHandler = GetCurrentProcess();
if (processHandler != IntPtr.Zero)
{
// Get the handler of the current process's access token
IntPtr tokenHandler = IntPtr.Zero;
if (OpenProcessToken(processHandler, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out tokenHandler))
{
int bufferSize = ClrFacade.SizeOf<TOKEN_PRIVILEGE>();
int returnSize = 0;
// restore the privilege state back to the previous privilege state
if (AdjustTokenPrivileges(tokenHandler, false, ref previousPrivilegeState, bufferSize, out newState, ref returnSize))
{
if (Marshal.GetLastWin32Error() == ERROR_SUCCESS)
{
success = true;
}
}
}
if (tokenHandler != IntPtr.Zero)
{
CloseHandle(tokenHandler);
}
CloseHandle(processHandler);
}
}
return success;
}
FileAttributes dwFileAttributes); // _In_ DWORD
/// <summary>
/// Enable the privilege specified by the privilegeName. If the specified privilege is already enabled, return true
/// with the oldPrivilegeState.PrivilegeCount set to 0. Otherwise, enable the specified privilege, and the old privilege
/// state will be saved in oldPrivilegeState.
/// </summary>
/// <param name="privilegeName"></param>
/// <param name="oldPrivilegeState"></param>
/// <returns></returns>
internal static bool EnableTokenPrivilege(string privilegeName, ref TOKEN_PRIVILEGE oldPrivilegeState)
{
bool success = false;
TOKEN_PRIVILEGE newPrivilegeState = new TOKEN_PRIVILEGE();
// Check if the caller has the specified privilege or not
if (LookupPrivilegeValue(null, privilegeName, ref newPrivilegeState.Privilege.Luid))
{
// Get the pseudo handler of the current process
IntPtr processHandler = GetCurrentProcess();
if (processHandler != IntPtr.Zero)
{
// Get the handler of the current process's access token
IntPtr tokenHandler = IntPtr.Zero;
if (OpenProcessToken(processHandler, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out tokenHandler))
{
// Check if the specified privilege is already enabled
PRIVILEGE_SET requiredPrivilege = new PRIVILEGE_SET();
requiredPrivilege.Privilege.Luid = newPrivilegeState.Privilege.Luid;
requiredPrivilege.PrivilegeCount = 1;
// PRIVILEGE_SET_ALL_NECESSARY is defined as 1
requiredPrivilege.Control = 1;
bool privilegeEnabled = false;
if (PrivilegeCheck(tokenHandler, ref requiredPrivilege, out privilegeEnabled) && privilegeEnabled)
{
// The specified privilege is already enabled
oldPrivilegeState.PrivilegeCount = 0;
success = true;
}
else
{
// The specified privilege is not enabled yet. Enable it.
newPrivilegeState.PrivilegeCount = 1;
newPrivilegeState.Privilege.Attributes = SE_PRIVILEGE_ENABLED;
int bufferSize = ClrFacade.SizeOf<TOKEN_PRIVILEGE>();
int returnSize = 0;
// enable the specified privilege
if (AdjustTokenPrivileges(tokenHandler, false, ref newPrivilegeState, bufferSize, out oldPrivilegeState, ref returnSize))
{
// AdjustTokenPrivileges returns true does not mean all specified privileges have been successfully enabled
int retCode = Marshal.GetLastWin32Error();
if (retCode == ERROR_SUCCESS)
{
success = true;
}
else if (retCode == 1300)
{
// 1300 - Not all privileges referenced are assigned to the caller. This means the specified privilege is not
// assigned to the current user. For example, suppose the role of current caller is "User", then privilege "SeRemoteShutdownPrivilege"
// is not assigned to the role. In this case, we just return true and leave the call to "Win32Shutdown" to decide
// whether the permission is granted or not.
// Set oldPrivilegeState.PrivilegeCount to 0 to avoid the privilege restore later (PrivilegeCount - how many privileges are modified)
oldPrivilegeState.PrivilegeCount = 0;
success = true;
}
}
}
}
// Close the token handler and the process handler
if (tokenHandler != IntPtr.Zero)
{
CloseHandle(tokenHandler);
}
CloseHandle(processHandler);
}
}
return success;
}
public static void EnableSecurityRights(string desiredAccess, bool on)
{
IntPtr token = IntPtr.Zero;
if (!OpenProcessToken(GetCurrentProcess(), TokenAccessLevels.AdjustPrivileges | TokenAccessLevels.Query,
ref token))
{
return;
}
LUID luid = new LUID();
if (!LookupPrivilegeValue(null, desiredAccess, ref luid))
{
CloseHandle(token);
return;
}
TOKEN_PRIVILEGE tp = new TOKEN_PRIVILEGE();
tp.PrivilegeCount = 1;
tp.Privilege = new LUID_AND_ATTRIBUTES();
tp.Privilege.Attributes = on ? SE_PRIVILEGE_ENABLED : SE_PRIVILEGE_DISABLED;
tp.Privilege.Luid = luid;
int cbTp = Marshal.SizeOf(tp);
if (!AdjustTokenPrivileges(token, false, ref tp, (uint) cbTp, IntPtr.Zero, IntPtr.Zero))
{
Debug.WriteLine(new Win32Exception().Message);
}
CloseHandle(token);
}
static extern bool AdjustTokenPrivileges(IntPtr TokenHandle, bool DisableAllPrivileges, ref TOKEN_PRIVILEGE NewState, uint BufferLength, IntPtr PreviousStatePtr, IntPtr ReturnLengthPtr);
public static extern bool AdjustTokenPrivileges(
SafeTokenHandle TokenHandle,
[MarshalAs(UnmanagedType.Bool)]
bool DisableAllPrivileges,
ref TOKEN_PRIVILEGE NewState,
uint BufferLength,
ref TOKEN_PRIVILEGE PreviousState,
ref uint ReturnLength);
private static extern bool AdjustTokenPrivileges(
IntPtr tokenHndl, bool diasableAll,
[In] ref TOKEN_PRIVILEGE newTokenState,
int length,
IntPtr prevTokenState,
IntPtr retLength);
FileAttributes dwFileAttributes); // _In_ DWORD
/// <summary>
/// Enable the privilege specified by the privilegeName. If the specified privilege is already enabled, return true
/// with the oldPrivilegeState.PrivilegeCount set to 0. Otherwise, enable the specified privilege, and the old privilege
/// state will be saved in oldPrivilegeState.
/// </summary>
/// <param name="privilegeName"></param>
/// <param name="oldPrivilegeState"></param>
/// <returns></returns>
internal static bool EnableTokenPrivilege(string privilegeName, ref TOKEN_PRIVILEGE oldPrivilegeState)
{
bool success = false;
TOKEN_PRIVILEGE newPrivilegeState = new TOKEN_PRIVILEGE();
// Check if the caller has the specified privilege or not
if (LookupPrivilegeValue(null, privilegeName, ref newPrivilegeState.Privilege.Luid))
{
// Get the pseudo handler of the current process
IntPtr processHandler = GetCurrentProcess();
if (processHandler != IntPtr.Zero)
{
// Get the handler of the current process's access token
IntPtr tokenHandler = IntPtr.Zero;
if (OpenProcessToken(processHandler, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out tokenHandler))
{
// Check if the specified privilege is already enabled
PRIVILEGE_SET requiredPrivilege = new PRIVILEGE_SET();
requiredPrivilege.Privilege.Luid = newPrivilegeState.Privilege.Luid;
requiredPrivilege.PrivilegeCount = 1;
// PRIVILEGE_SET_ALL_NECESSARY is defined as 1
requiredPrivilege.Control = 1;
bool privilegeEnabled = false;
if (PrivilegeCheck(tokenHandler, ref requiredPrivilege, out privilegeEnabled) && privilegeEnabled)
{
// The specified privilege is already enabled
oldPrivilegeState.PrivilegeCount = 0;
success = true;
}
else
{
// The specified privilege is not enabled yet. Enable it.
newPrivilegeState.PrivilegeCount = 1;
newPrivilegeState.Privilege.Attributes = SE_PRIVILEGE_ENABLED;
int bufferSize = ClrFacade.SizeOf <TOKEN_PRIVILEGE>();
int returnSize = 0;
// enable the specified privilege
if (AdjustTokenPrivileges(tokenHandler, false, ref newPrivilegeState, bufferSize, out oldPrivilegeState, ref returnSize))
{
// AdjustTokenPrivileges returns true does not mean all specified privileges have been successfully enabled
int retCode = Marshal.GetLastWin32Error();
if (retCode == ERROR_SUCCESS)
{
success = true;
}
else if (retCode == 1300)
{
// 1300 - Not all privileges referenced are assigned to the caller. This means the specified privilege is not
// assigned to the current user. For example, suppose the role of current caller is "User", then privilege "SeRemoteShutdownPrivilege"
// is not assigned to the role. In this case, we just return true and leave the call to "Win32Shutdown" to decide
// whether the permission is granted or not.
// Set oldPrivilegeState.PrivilegeCount to 0 to avoid the privilege restore later (PrivilegeCount - how many privileges are modified)
oldPrivilegeState.PrivilegeCount = 0;
success = true;
}
}
}
}
// Close the token handler and the process handler
if (tokenHandler != IntPtr.Zero)
{
CloseHandle(tokenHandler);
}
CloseHandle(processHandler);
}
}
return(success);
}
private static extern bool AdjustTokenPrivileges([In] IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)][In] bool DisableAllPrivileges, [In] ref TOKEN_PRIVILEGE NewState, [In] uint BufferLength, [In][Out] ref TOKEN_PRIVILEGE PreviousState, [In][Out] ref uint ReturnLength);
internal static extern bool AdjustTokenPrivileges(IntPtr tokenHandler, bool disableAllPrivilege, ref TOKEN_PRIVILEGE newPrivilegeState, int bufferLength, out TOKEN_PRIVILEGE previousPrivilegeState, ref int returnLength);
internal static extern bool AdjustTokenPrivileges(IntPtr handle, bool DisableAllPrivileges, ref TOKEN_PRIVILEGE NewState, uint BufferLength, TOKEN_PRIVILEGE* PreviousState, uint* ReturnLength);
internal static extern bool AdjustTokenPrivileges(IntPtr tokenHandler, bool disableAllPrivilege,
ref TOKEN_PRIVILEGE newPrivilegeState, int bufferLength,
out TOKEN_PRIVILEGE previousPrivilegeState,
ref int returnLength);
private static extern Boolean AdjustTokenPrivileges(SafeTokenHandle TokenHandle,
Boolean DisableAllPrivileges, [In] ref TOKEN_PRIVILEGE NewState, UInt32 BufferLength,
[In, Out] ref TOKEN_PRIVILEGE PreviousState, [In, Out] ref uint ReturnLength);
