/// <summary>
/// Disable privilege
/// </summary>
/// <param name="process"></param>
/// <param name="privilegeName"></param>
/// <returns>Previous state for the privilege</returns>
public static Privileges DisablePrivilege(Process process, PrivilegeName privilegeName)
{
Privileges newState = new Privileges
{
PrivilegeCount = 1,
PrivilegeValueAndAttributesArray = new PrivilegeValueAndAttributes[PrivilegeConstants.MaxPrivilegeCount]
};
newState.PrivilegeValueAndAttributesArray[0].Attributes = (uint)PrivilegeAttributes.PrivilegeDisabled;
newState.PrivilegeValueAndAttributesArray[0].PrivilegeValue = LookupPrivilegeValue(null, privilegeName);
return(AdjustTokenPrivileges(process, false, newState));
}
/// <summary>
/// Get privileges of the specified process
/// </summary>
/// <param name="systemName"></param>
/// <param name="process"></param>
/// <returns></returns>
public static List <Privilege> GetPrivileges(string systemName, Process process)
{
List <Privilege> privilegeList = new List <Privilege>();
//Get process token
IntPtr tokenHandle = IntPtr.Zero;
if (OpenProcessToken(process.Handle, (int)(TokenAccessRights.TokenAdjustPrivileges | TokenAccessRights.TokenQuery), ref tokenHandle) == 0)
{
throw new PrivilegeException("Failed to open process token. Win32 error: " + FormatError(Marshal.GetLastWin32Error()));
}
// Get length required for Privileges by specifying buffer length of 0
GetTokenInformation(tokenHandle, TokenInformationClass.TokenPrivileges, IntPtr.Zero, 0, out var privilegesSize);
var lastError = Marshal.GetLastWin32Error();
if (lastError == ErrorInsufficientBuffer)
{
IntPtr privilegesBuffer = IntPtr.Zero;
try
{
privilegesBuffer = Marshal.AllocHGlobal((int)privilegesSize);
if (!GetTokenInformation(tokenHandle, TokenInformationClass.TokenPrivileges, privilegesBuffer, privilegesSize, out privilegesSize))
{
throw new PrivilegeException("Failed to get token information. Win32 error: " + FormatError(Marshal.GetLastWin32Error()));
}
Privileges privileges = (Privileges)Marshal.PtrToStructure(privilegesBuffer, typeof(Privileges));
if (privileges.PrivilegeCount > PrivilegeConstants.MaxPrivilegeCount)
{
throw new PrivilegeException($"Number of privileges exceeds hardcoded maximum of {PrivilegeConstants.MaxPrivilegeCount}. Max size must be set to greater or equal to {privileges.PrivilegeCount} and code be recompiled by a developer to fix this problem.");
}
for (var i = 0; i < privileges.PrivilegeCount; i++)
{
Privilege privilege = new Privilege(systemName, privileges.PrivilegeValueAndAttributesArray[i].PrivilegeValue, privileges.PrivilegeValueAndAttributesArray[i].Attributes);
privilegeList.Add(privilege);
}
}
finally
{
Marshal.FreeHGlobal(privilegesBuffer);
}
}
return(privilegeList);
}
/// <summary>
/// Adjust token privileges for specified process
/// </summary>
/// <param name="process"></param>
/// <param name="disableAllPrivileges"></param>
/// <param name="newState"></param>
/// <returns>Previous state</returns>
public static Privileges AdjustTokenPrivileges(Process process, bool disableAllPrivileges, Privileges newState)
{
if (Environment.OSVersion.Platform != PlatformID.Win32NT || !CheckEntryPoint("advapi32.dll", "AdjustTokenPrivileges"))
{
throw new PrivilegeException("Failed to adjust token privilege. AdjustTokenPrivileges() is not supported.");
}
IntPtr tokenHandle = IntPtr.Zero;
if (OpenProcessToken(process.Handle, (int)(TokenAccessRights.TokenAdjustPrivileges | TokenAccessRights.TokenQuery), ref tokenHandle) == 0)
{
throw new PrivilegeException("Failed to open process token. Win32 error: " + FormatError(Marshal.GetLastWin32Error()));
}
Privileges previousState = new Privileges();
int previousStateSize = 0;
int newStateSize = sizeof(int) + (sizeof(int) * 2 + sizeof(UInt32)) * newState.PrivilegeCount;
if (AdjustTokenPrivileges(tokenHandle, disableAllPrivileges, ref newState, newStateSize, ref previousState, ref previousStateSize) == 0)
{
throw new PrivilegeException("Failed to enable token privilege. Win32 error: " + FormatError(Marshal.GetLastWin32Error()));
}
return(previousState);
}
private static extern int AdjustTokenPrivileges(IntPtr tokenHandle, [MarshalAs(UnmanagedType.Bool)] bool disableAllPrivileges, ref Privileges newState, int bufferLength, ref Privileges previousState, ref int returnLength);