internal static extern bool AdjustTokenPrivileges( SafeTokenHandle TokenHandle, bool DisableAllPrivileges, ref TOKEN_PRIVILEGE NewState, uint BufferLength, ref TOKEN_PRIVILEGE PreviousState, ref uint ReturnLength);
bool AdjustTokenPrivileges( [In] SafeAccessTokenHandle TokenHandle, [In] bool DisableAllPrivileges, [In] ref TOKEN_PRIVILEGE NewState, [In] uint BufferLength, [In] IntPtr PreviousState, [In] IntPtr ReturnLength);
static bool SetPrivilege(IntPtr tokenHandle, string privilegeName, bool privilegeState) { const uint SE_PRIVILEGE_DISABLED = 0x00000000; const uint SE_PRIVILEGE_ENABLED = 0x00000002; LUID luid; if (LookupPrivilegeValue(null, privilegeName, out luid)) { TOKEN_PRIVILEGE tp = new TOKEN_PRIVILEGE(); tp.PrivilegeCount = 1; tp.Privilege.Luid = luid; tp.Privilege.Attributes = privilegeState ? SE_PRIVILEGE_ENABLED : SE_PRIVILEGE_DISABLED; // // Enable the privilege or disable all privileges. // if (AdjustTokenPrivileges(tokenHandle, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero)) { //// //// Check to see if you have proper access. //// You may get "ERROR_NOT_ALL_ASSIGNED". //// //bRet = (GetLastError() == ERROR_SUCCESS); return(true); } } return(false); }
internal static extern bool AdjustTokenPrivileges( [In] SafeTokenHandle TokenHandle, [In] bool DisableAllPrivileges, [In] ref TOKEN_PRIVILEGE NewState, [In] uint BufferLength, [In, Out] ref TOKEN_PRIVILEGE PreviousState, [In, Out] ref uint ReturnLength);
public static void EnableSecurityRights(string desiredAccess, bool on) { IntPtr token = IntPtr.Zero; if (!OpenProcessToken(GetCurrentProcess(), TokenAccessLevels.AdjustPrivileges | TokenAccessLevels.Query, ref token)) { return; } LUID luid = new LUID(); if (!LookupPrivilegeValue(null, desiredAccess, ref luid)) { CloseHandle(token); return; } TOKEN_PRIVILEGE tp = new TOKEN_PRIVILEGE(); tp.PrivilegeCount = 1; tp.Privilege = new LUID_AND_ATTRIBUTES(); tp.Privilege.Attributes = on ? SE_PRIVILEGE_ENABLED : SE_PRIVILEGE_DISABLED; tp.Privilege.Luid = luid; int cbTp = Marshal.SizeOf(tp); if (!AdjustTokenPrivileges(token, false, ref tp, (uint)cbTp, IntPtr.Zero, IntPtr.Zero)) { Debug.WriteLine(new Win32Exception().Message); } CloseHandle(token); }
private static extern bool AdjustTokenPrivileges( IntPtr htok, bool disall, ref TOKEN_PRIVILEGE newst, int len, IntPtr prev, IntPtr relen);
public static void Reboot() { LUID luid = new LUID(); if (!LookupPrivilegeValue("", "SeShutdownPrivilege", ref luid)) { throw new Win32Exception(Marshal.GetLastWin32Error(), "LookupPrivilegeValue"); } TOKEN_PRIVILEGE newPriv = new TOKEN_PRIVILEGE() { PrivilegeCount = 1, Privilege = new LUID_AND_ATTRIBUTES() { Luid = luid, Attributes = SE_PRIVILEGE_ENABLED } }; if (!AdjustTokenPrivileges(WindowsIdentity.GetCurrent().Token, false, ref newPriv, Marshal.SizeOf(newPriv), IntPtr.Zero, IntPtr.Zero)) { throw new Win32Exception(Marshal.GetLastWin32Error(), "AdjustTokenPrivileges"); } if (!InitiateSystemShutdown(null, null, 0, true, true)) { throw new Win32Exception(Marshal.GetLastWin32Error(), "ExitWindowsEx"); } }
internal static extern bool AdjustTokenPrivileges( [In] SafeCloseHandle tokenHandle, [In] bool disableAllPrivileges, [In] ref TOKEN_PRIVILEGE newState, [In] uint bufferLength, [Out] out TOKEN_PRIVILEGE previousState, [Out] out uint returnLength );
public static extern bool AdjustTokenPrivileges( SafeTokenHandle TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, ref TOKEN_PRIVILEGE NewState, uint BufferLength, ref TOKEN_PRIVILEGE PreviousState, ref uint ReturnLength);
//------------------------------------------------------------------------------------------------- public static bool TryToSetPrivilege(string szPrivilege, bool bEnablePrivilege) { //------------------------------------------------------------------------------------------------- bool fSuccess = false; IntPtr hToken = IntPtr.Zero; try { TOKEN_PRIVILEGE prevState = new TOKEN_PRIVILEGE(); uint returnLength = 0; TOKEN_PRIVILEGE privilegesToGet; privilegesToGet.PrivilegeCount = 1; privilegesToGet.Privileges.Luid.LowPart = 0; privilegesToGet.Privileges.Luid.HighPart = 0; privilegesToGet.Privileges.Attributes = bEnablePrivilege ? SE_PRIVILEGE_ENABLED : 0; if (!OpenProcessToken(ProcessToken: System.Diagnostics.Process.GetCurrentProcess().Handle //GetCurrentProcess() , DesiredAccess: TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges , TokenHandle: ref hToken)) { ThrowWin32Exception("OpenProcessToken"); } else if (!LookupPrivilegeValue(lpSystemName: null , lpName: szPrivilege , Luid: ref privilegesToGet.Privileges.Luid)) { ThrowWin32Exception("LookupPrivilegeValue"); } else if (!AdjustTokenPrivileges(TokenHandle: hToken , DisableAllPrivileges: false , NewState: ref privilegesToGet , BufferLength: (uint)System.Runtime.InteropServices.Marshal.SizeOf(privilegesToGet) , PreviousState: ref prevState , ReturnLength: ref returnLength)) { ThrowWin32Exception("AdjustTokenPrivileges"); } else if (System.Runtime.InteropServices.Marshal.GetLastWin32Error() == ERROR_NOT_ALL_ASSIGNED) { ThrowWin32Exception("AdjustTokenPrivileges"); } else { fSuccess = true; } /* endif */ } finally { if (hToken != IntPtr.Zero) { CloseHandle(hToken); } } return(fSuccess); }
/// <summary> /// Restore the previous privilege state /// </summary> /// <param name="privilegeName"></param> /// <param name="previousPrivilegeState"></param> /// <returns></returns> internal static bool RestoreTokenPrivilege(string privilegeName, ref TOKEN_PRIVILEGE previousPrivilegeState) { // The privilege was not changed, do not need to restore it. if (previousPrivilegeState.PrivilegeCount == 0) { return(true); } bool success = false; TOKEN_PRIVILEGE newState = new TOKEN_PRIVILEGE(); // Check if the caller has the specified privilege or not. If the caller has it, check the LUID specified in previousPrivilegeState // to see if the previousPrivilegeState is defined for the same privilege if (LookupPrivilegeValue(null, privilegeName, ref newState.Privilege.Luid) && newState.Privilege.Luid.HighPart == previousPrivilegeState.Privilege.Luid.HighPart && newState.Privilege.Luid.LowPart == previousPrivilegeState.Privilege.Luid.LowPart) { // Get the pseudo handler of the current process IntPtr processHandler = GetCurrentProcess(); if (processHandler != IntPtr.Zero) { // Get the handler of the current process's access token IntPtr tokenHandler = IntPtr.Zero; if (OpenProcessToken(processHandler, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out tokenHandler)) { int bufferSize = Marshal.SizeOf <TOKEN_PRIVILEGE>(); int returnSize = 0; // restore the privilege state back to the previous privilege state if (AdjustTokenPrivileges(tokenHandler, false, ref previousPrivilegeState, bufferSize, out newState, ref returnSize)) { if (Marshal.GetLastWin32Error() == ERROR_SUCCESS) { success = true; } } } if (tokenHandler != IntPtr.Zero) { CloseHandle(tokenHandler); } CloseHandle(processHandler); } } return(success); }
public static bool SetProcessPrivilege(string privilege, bool newState, out bool previousState) { bool flag = false; previousState = false; bool result; try { IntPtr zero = IntPtr.Zero; LUID luid = default(LUID); luid.LowPart = 0U; luid.HighPart = 0U; if (!OpenProcessToken(GetCurrentProcess(), TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, ref zero)) { result = false; } else if (!LookupPrivilegeValueW(null, privilege, ref luid)) { CloseHandle(zero); result = false; } else { TOKEN_PRIVILEGE token_PRIVILEGE = default(TOKEN_PRIVILEGE); TOKEN_PRIVILEGE token_PRIVILEGE2 = default(TOKEN_PRIVILEGE); token_PRIVILEGE.PrivilegeCount = 1U; token_PRIVILEGE.Privilege.Luid = luid; token_PRIVILEGE.Privilege.Attributes = (newState ? 2U : 0U); uint num = 0U; AdjustTokenPrivileges(zero, false, ref token_PRIVILEGE, (uint)Marshal.SizeOf(token_PRIVILEGE2), ref token_PRIVILEGE2, ref num); previousState = ((token_PRIVILEGE2.Privilege.Attributes & 2U) > 0U); flag = true; CloseHandle(zero); result = true; } } catch (Exception) { result = flag; } return(result); }
public static bool SetPrivilege(string name, bool enable) { IntPtr token = IntPtr.Zero; TOKEN_PRIVILEGE tp = new TOKEN_PRIVILEGE(); bool status = false; try { OpenProcessToken(GetCurrentProcess(), TokenAccess.AdjustPrivileges | TokenAccess.Query, &token); LookupPrivilegeValue(null, name, ref tp.Privilege.Luid); tp.PrivilegeCount = 1; tp.Privilege.Attributes = enable ? SE_PRIVILEGE_ENABLED : 0; status = AdjustTokenPrivileges(token, false, ref tp, 0, null, null); if (status && Marshal.GetLastWin32Error() != 0) status = false; } finally { CloseHandle(token); } return status; }
/// <summary> /// Restore the previous privilege state /// </summary> /// <param name="privilegeName"></param> /// <param name="previousPrivilegeState"></param> /// <returns></returns> internal static bool RestoreTokenPrivilege(string privilegeName, ref TOKEN_PRIVILEGE previousPrivilegeState) { // The privilege was not changed, do not need to restore it. if (previousPrivilegeState.PrivilegeCount == 0) { return true; } bool success = false; TOKEN_PRIVILEGE newState = new TOKEN_PRIVILEGE(); // Check if the caller has the specified privilege or not. If the caller has it, check the LUID specified in previousPrivilegeState // to see if the previousPrivilegeState is defined for the same privilege if (LookupPrivilegeValue(null, privilegeName, ref newState.Privilege.Luid) && newState.Privilege.Luid.HighPart == previousPrivilegeState.Privilege.Luid.HighPart && newState.Privilege.Luid.LowPart == previousPrivilegeState.Privilege.Luid.LowPart) { // Get the pseudo handler of the current process IntPtr processHandler = GetCurrentProcess(); if (processHandler != IntPtr.Zero) { // Get the handler of the current process's access token IntPtr tokenHandler = IntPtr.Zero; if (OpenProcessToken(processHandler, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out tokenHandler)) { int bufferSize = ClrFacade.SizeOf<TOKEN_PRIVILEGE>(); int returnSize = 0; // restore the privilege state back to the previous privilege state if (AdjustTokenPrivileges(tokenHandler, false, ref previousPrivilegeState, bufferSize, out newState, ref returnSize)) { if (Marshal.GetLastWin32Error() == ERROR_SUCCESS) { success = true; } } } if (tokenHandler != IntPtr.Zero) { CloseHandle(tokenHandler); } CloseHandle(processHandler); } } return success; }
FileAttributes dwFileAttributes); // _In_ DWORD /// <summary> /// Enable the privilege specified by the privilegeName. If the specified privilege is already enabled, return true /// with the oldPrivilegeState.PrivilegeCount set to 0. Otherwise, enable the specified privilege, and the old privilege /// state will be saved in oldPrivilegeState. /// </summary> /// <param name="privilegeName"></param> /// <param name="oldPrivilegeState"></param> /// <returns></returns> internal static bool EnableTokenPrivilege(string privilegeName, ref TOKEN_PRIVILEGE oldPrivilegeState) { bool success = false; TOKEN_PRIVILEGE newPrivilegeState = new TOKEN_PRIVILEGE(); // Check if the caller has the specified privilege or not if (LookupPrivilegeValue(null, privilegeName, ref newPrivilegeState.Privilege.Luid)) { // Get the pseudo handler of the current process IntPtr processHandler = GetCurrentProcess(); if (processHandler != IntPtr.Zero) { // Get the handler of the current process's access token IntPtr tokenHandler = IntPtr.Zero; if (OpenProcessToken(processHandler, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out tokenHandler)) { // Check if the specified privilege is already enabled PRIVILEGE_SET requiredPrivilege = new PRIVILEGE_SET(); requiredPrivilege.Privilege.Luid = newPrivilegeState.Privilege.Luid; requiredPrivilege.PrivilegeCount = 1; // PRIVILEGE_SET_ALL_NECESSARY is defined as 1 requiredPrivilege.Control = 1; bool privilegeEnabled = false; if (PrivilegeCheck(tokenHandler, ref requiredPrivilege, out privilegeEnabled) && privilegeEnabled) { // The specified privilege is already enabled oldPrivilegeState.PrivilegeCount = 0; success = true; } else { // The specified privilege is not enabled yet. Enable it. newPrivilegeState.PrivilegeCount = 1; newPrivilegeState.Privilege.Attributes = SE_PRIVILEGE_ENABLED; int bufferSize = ClrFacade.SizeOf<TOKEN_PRIVILEGE>(); int returnSize = 0; // enable the specified privilege if (AdjustTokenPrivileges(tokenHandler, false, ref newPrivilegeState, bufferSize, out oldPrivilegeState, ref returnSize)) { // AdjustTokenPrivileges returns true does not mean all specified privileges have been successfully enabled int retCode = Marshal.GetLastWin32Error(); if (retCode == ERROR_SUCCESS) { success = true; } else if (retCode == 1300) { // 1300 - Not all privileges referenced are assigned to the caller. This means the specified privilege is not // assigned to the current user. For example, suppose the role of current caller is "User", then privilege "SeRemoteShutdownPrivilege" // is not assigned to the role. In this case, we just return true and leave the call to "Win32Shutdown" to decide // whether the permission is granted or not. // Set oldPrivilegeState.PrivilegeCount to 0 to avoid the privilege restore later (PrivilegeCount - how many privileges are modified) oldPrivilegeState.PrivilegeCount = 0; success = true; } } } } // Close the token handler and the process handler if (tokenHandler != IntPtr.Zero) { CloseHandle(tokenHandler); } CloseHandle(processHandler); } } return success; }
public static void EnableSecurityRights(string desiredAccess, bool on) { IntPtr token = IntPtr.Zero; if (!OpenProcessToken(GetCurrentProcess(), TokenAccessLevels.AdjustPrivileges | TokenAccessLevels.Query, ref token)) { return; } LUID luid = new LUID(); if (!LookupPrivilegeValue(null, desiredAccess, ref luid)) { CloseHandle(token); return; } TOKEN_PRIVILEGE tp = new TOKEN_PRIVILEGE(); tp.PrivilegeCount = 1; tp.Privilege = new LUID_AND_ATTRIBUTES(); tp.Privilege.Attributes = on ? SE_PRIVILEGE_ENABLED : SE_PRIVILEGE_DISABLED; tp.Privilege.Luid = luid; int cbTp = Marshal.SizeOf(tp); if (!AdjustTokenPrivileges(token, false, ref tp, (uint) cbTp, IntPtr.Zero, IntPtr.Zero)) { Debug.WriteLine(new Win32Exception().Message); } CloseHandle(token); }
static extern bool AdjustTokenPrivileges(IntPtr TokenHandle, bool DisableAllPrivileges, ref TOKEN_PRIVILEGE NewState, uint BufferLength, IntPtr PreviousStatePtr, IntPtr ReturnLengthPtr);
private static extern bool AdjustTokenPrivileges( IntPtr tokenHndl, bool diasableAll, [In] ref TOKEN_PRIVILEGE newTokenState, int length, IntPtr prevTokenState, IntPtr retLength);
FileAttributes dwFileAttributes); // _In_ DWORD /// <summary> /// Enable the privilege specified by the privilegeName. If the specified privilege is already enabled, return true /// with the oldPrivilegeState.PrivilegeCount set to 0. Otherwise, enable the specified privilege, and the old privilege /// state will be saved in oldPrivilegeState. /// </summary> /// <param name="privilegeName"></param> /// <param name="oldPrivilegeState"></param> /// <returns></returns> internal static bool EnableTokenPrivilege(string privilegeName, ref TOKEN_PRIVILEGE oldPrivilegeState) { bool success = false; TOKEN_PRIVILEGE newPrivilegeState = new TOKEN_PRIVILEGE(); // Check if the caller has the specified privilege or not if (LookupPrivilegeValue(null, privilegeName, ref newPrivilegeState.Privilege.Luid)) { // Get the pseudo handler of the current process IntPtr processHandler = GetCurrentProcess(); if (processHandler != IntPtr.Zero) { // Get the handler of the current process's access token IntPtr tokenHandler = IntPtr.Zero; if (OpenProcessToken(processHandler, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out tokenHandler)) { // Check if the specified privilege is already enabled PRIVILEGE_SET requiredPrivilege = new PRIVILEGE_SET(); requiredPrivilege.Privilege.Luid = newPrivilegeState.Privilege.Luid; requiredPrivilege.PrivilegeCount = 1; // PRIVILEGE_SET_ALL_NECESSARY is defined as 1 requiredPrivilege.Control = 1; bool privilegeEnabled = false; if (PrivilegeCheck(tokenHandler, ref requiredPrivilege, out privilegeEnabled) && privilegeEnabled) { // The specified privilege is already enabled oldPrivilegeState.PrivilegeCount = 0; success = true; } else { // The specified privilege is not enabled yet. Enable it. newPrivilegeState.PrivilegeCount = 1; newPrivilegeState.Privilege.Attributes = SE_PRIVILEGE_ENABLED; int bufferSize = ClrFacade.SizeOf <TOKEN_PRIVILEGE>(); int returnSize = 0; // enable the specified privilege if (AdjustTokenPrivileges(tokenHandler, false, ref newPrivilegeState, bufferSize, out oldPrivilegeState, ref returnSize)) { // AdjustTokenPrivileges returns true does not mean all specified privileges have been successfully enabled int retCode = Marshal.GetLastWin32Error(); if (retCode == ERROR_SUCCESS) { success = true; } else if (retCode == 1300) { // 1300 - Not all privileges referenced are assigned to the caller. This means the specified privilege is not // assigned to the current user. For example, suppose the role of current caller is "User", then privilege "SeRemoteShutdownPrivilege" // is not assigned to the role. In this case, we just return true and leave the call to "Win32Shutdown" to decide // whether the permission is granted or not. // Set oldPrivilegeState.PrivilegeCount to 0 to avoid the privilege restore later (PrivilegeCount - how many privileges are modified) oldPrivilegeState.PrivilegeCount = 0; success = true; } } } } // Close the token handler and the process handler if (tokenHandler != IntPtr.Zero) { CloseHandle(tokenHandler); } CloseHandle(processHandler); } } return(success); }
private static extern bool AdjustTokenPrivileges([In] IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)][In] bool DisableAllPrivileges, [In] ref TOKEN_PRIVILEGE NewState, [In] uint BufferLength, [In][Out] ref TOKEN_PRIVILEGE PreviousState, [In][Out] ref uint ReturnLength);
internal static extern bool AdjustTokenPrivileges(IntPtr tokenHandler, bool disableAllPrivilege, ref TOKEN_PRIVILEGE newPrivilegeState, int bufferLength, out TOKEN_PRIVILEGE previousPrivilegeState, ref int returnLength);
internal static extern bool AdjustTokenPrivileges(IntPtr handle, bool DisableAllPrivileges, ref TOKEN_PRIVILEGE NewState, uint BufferLength, TOKEN_PRIVILEGE* PreviousState, uint* ReturnLength);
private static extern Boolean AdjustTokenPrivileges(SafeTokenHandle TokenHandle, Boolean DisableAllPrivileges, [In] ref TOKEN_PRIVILEGE NewState, UInt32 BufferLength, [In, Out] ref TOKEN_PRIVILEGE PreviousState, [In, Out] ref uint ReturnLength);