/////////////////////////// Privileges related functions /////////////////////////// public static bool EnablePrivileges(IntPtr handle, List <string> privileges, SysCallManager sysCall) { DInvoke.PE.PE_MANUAL_MAP moduleDetails = sysCall.getMappedModule("C:\\Windows\\System32\\advapi32.dll"); foreach (var privilege in privileges) { try { var myLuid = new DInvoke.Win32.WinNT._LUID(); object[] lookupPrivileges = { null, privilege, myLuid }; var priv = (bool)DInvoke.Generic.CallMappedDLLModuleExport(moduleDetails.PEINFO, moduleDetails.ModuleBase, "LookupPrivilegeValue", typeof(DInvoke.Win32.DELEGATES.LookupPrivilegeValue), lookupPrivileges); if (!priv) { continue; } DInvoke.Win32.WinNT._TOKEN_PRIVILEGES myTokenPrivileges; myTokenPrivileges.PrivilegeCount = 1; myTokenPrivileges.Privileges = new DInvoke.Win32.WinNT._LUID_AND_ATTRIBUTES[1]; myTokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; myTokenPrivileges.Privileges[0].Luid = myLuid; object[] adjustPrivileges = { handle, false, myTokenPrivileges, 0, IntPtr.Zero, IntPtr.Zero }; DInvoke.Generic.CallMappedDLLModuleExport(moduleDetails.PEINFO, moduleDetails.ModuleBase, "AdjustTokenPrivileges", typeof(DInvoke.Win32.DELEGATES.AdjustTokenPrivileges), adjustPrivileges); } catch { return(false); } } return(true); }
/////////////////////////// Privileges related functions /////////////////////////// public static bool EnablePrivileges(IntPtr handle, List <string> privileges, SysCallManager sysCall) { DInvoke.PE.PE_MANUAL_MAP moduleDetails = sysCall.getMappedModule("C:\\Windows\\System32\\advapi32.dll"); foreach (var privilege in privileges) { try { var myLuid = new DInvoke.Win32.WinNT._LUID(); object[] lookupPrivileges = { null, privilege, myLuid }; var priv = (bool)DInvoke.Generic.CallMappedDLLModuleExport(moduleDetails.PEINFO, moduleDetails.ModuleBase, "LookupPrivilegeValueA", typeof(DInvoke.Win32.DELEGATES.LookupPrivilegeValue), lookupPrivileges); if (!priv) { continue; } DInvoke.Win32.WinNT._LUID_AND_ATTRIBUTES luidAndAttributes = new DInvoke.Win32.WinNT._LUID_AND_ATTRIBUTES(); luidAndAttributes.Luid = (DInvoke.Win32.WinNT._LUID)lookupPrivileges[2]; luidAndAttributes.Attributes = SE_PRIVILEGE_ENABLED; DInvoke.Win32.WinNT._TOKEN_PRIVILEGES newState; newState.PrivilegeCount = 1; newState.Privileges = luidAndAttributes; DInvoke.Win32.WinNT._TOKEN_PRIVILEGES previousState = new DInvoke.Win32.WinNT._TOKEN_PRIVILEGES(); uint returnLength = 0; object[] adjustPrivileges = { handle, false, newState, (uint)Marshal.SizeOf(newState), previousState, returnLength }; DInvoke.Generic.CallMappedDLLModuleExport(moduleDetails.PEINFO, moduleDetails.ModuleBase, "AdjustTokenPrivileges", typeof(DInvoke.Win32.DELEGATES.AdjustTokenPrivileges), adjustPrivileges); } catch { return(false); } } return(true); }