I'm trying to get a list of all types of privileges and whether they are active or not.
these are the privileges:
. "SeShutdownPrivilege,SeSystemtimePrivilege,SeCreatePagefilePrivilege,SeImpersonatePrivilege,SeIncreaseQuotaPrivilege,"
. "SeTimeZonePrivilege,SeIncreaseBasePriorityPrivilege,SeManageVolumePrivilege,SeRemoteShutdownPrivilege,"
. "SeSecurityPrivilege,SeTakeOwnershipPrivilege,SeBackupPrivilege,SeProfileSingleProcessPrivilege,SeRestorePrivilege,"
. "SeSystemEnvironmentPrivilege,SeSystemProfilePrivilege"[/code]
and I want to get something like:
SeCreateGlobalPrivilege = ENABLED
SeDebugPrivilege = DISABLED
SeShutdownPrivilege = ENABLED
and so on[/code]
Code (This is the progress so far):
Code: Select all
/*
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)
#define SE_PRIVILEGE_ENABLED (0x00000002L)
#define SE_PRIVILEGE_REMOVED (0X00000004L)
#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
Privileges := "SeChangeNotifyPrivilege,SeCreateGlobalPrivilege,SeDebugPrivilege,"
. "SeShutdownPrivilege,SeSystemtimePrivilege,SeCreatePagefilePrivilege,SeImpersonatePrivilege,SeIncreaseQuotaPrivilege,"
. "SeTimeZonePrivilege,SeIncreaseBasePriorityPrivilege,SeManageVolumePrivilege,SeRemoteShutdownPrivilege,"
. "SeSecurityPrivilege,SeTakeOwnershipPrivilege,SeBackupPrivilege,SeProfileSingleProcessPrivilege,SeRestorePrivilege,"
. "SeSystemEnvironmentPrivilege,SeSystemProfilePrivilege"
*/
ProcessId := DllCall("Kernel32.dll\GetCurrentProcessId")
hProcess := DllCall("Kernel32.dll\OpenProcess", "UInt", 0x0400, "UInt", 0, "UInt", ProcessId)
DllCall("Advapi32.dll\OpenProcessToken", "Ptr", hProcess, "UInt", 0x00000008, "UIntP", hToken)
;GetTokenInformation: https://msdn.microsoft.com/en-us/library/windows/desktop/aa446671%28v=vs.85%29.aspx
;TokenInformationClass = TOKEN_INFORMATION_CLASS = TokenPrivileges = 3 --> TOKEN_PRIVILEGES
DllCall("Advapi32.dll\GetTokenInformation", "Ptr", hToken, "UInt", 3, "Ptr", 0, "UInt", 0, "UIntP", ReturnLength)
TokenInformationLength := VarSetCapacity(TokenInformation, ReturnLength * 2, 0) / 2
DllCall("Advapi32.dll\GetTokenInformation", "Ptr", hToken, "UInt", 3, "Ptr", &TokenInformation, "UInt", TokenInformationLength, "UIntP", ReturnLength)
;TOKEN_PRIVILEGES (structure): https://msdn.microsoft.com/en-us/library/windows/desktop/aa379630%28v=vs.85%29.aspx
PrivilegeCount := NumGet(TokenInformation, 0, "UInt")
Privileges := NumGet(TokenInformation, 4, "Int64")
PrivilegeAttribute := NumGet(TokenInformation, 12, "UInt")
MsgBox % PrivilegeCount "`n" Privileges "`n" PrivilegeAttribute
currently I use this to change the privileges:
Code: Select all
MsgBox % "Enable SeBackupPrivilege: " ProcessSetPrivilege("explorer.exe", "SeBackupPrivilege", true)
;this disables all, I want only the specified.
MsgBox % "Disable SeBackupPrivilege: " ProcessSetPrivilege("explorer.exe", "SeBackupPrivilege", false)
ExitApp
ProcessSetPrivilege(ProcessName, Privileges, Set := true) {
static AllPrivileges := "SeChangeNotifyPrivilege,SeCreateGlobalPrivilege,SeDebugPrivilege,"
. "SeShutdownPrivilege,SeSystemtimePrivilege,SeCreatePagefilePrivilege,SeImpersonatePrivilege,SeIncreaseQuotaPrivilege,"
. "SeTimeZonePrivilege,SeIncreaseBasePriorityPrivilege,SeManageVolumePrivilege,SeRemoteShutdownPrivilege,"
. "SeSecurityPrivilege,SeTakeOwnershipPrivilege,SeBackupPrivilege,SeProfileSingleProcessPrivilege,SeRestorePrivilege,"
. "SeSystemEnvironmentPrivilege,SeSystemProfilePrivilege"
hProcess := DllCall("Kernel32.dll\OpenProcess", "UInt", 0x0400, "UInt", 0, "UInt", ProcessExist(ProcessName))
DllCall("Advapi32.dll\OpenProcessToken", "Ptr", hProcess, "UInt", 0x0020|0x00000008, "UIntP", hToken)
PrivilegesLuid := [], i := 0
Loop, Parse, % (Privileges="All"?AllPrivileges:Privileges), `,
DllCall("Advapi32.dll\LookupPrivilegeValueW", "Ptr", 0, "Str", A_LoopField, "Int64P", lpLuid)
, PrivilegesLuid[A_Index] := lpLuid
for k, v in PrivilegesLuid
ti := "", VarSetCapacity(ti, 16, 0), NumPut(1, ti, 0, "UInt"), NumPut(v, ti, 4, "Int64"), NumPut(2, ti, 12, "UInt")
, i := i+(DllCall("Advapi32.dll\AdjustTokenPrivileges", "Ptr", hToken, "Int", !Set, "Ptr", &ti, "UInt", 0, "Ptr", 0, "Ptr", 0)?1:0)
DllCall("kernel32.dll\CloseHandle", "Ptr", hToken)
DllCall("kernel32.dll\CloseHandle", "Ptr", hProcess)
return i, ErrorLevel := PrivilegesLuid.MaxIndex()!=i
}
ProcessExist(i) {
Process, Exist, % i
return ErrorLevel
}
in short, my problem is I do not know how to work with Arrays in DllCall(). this is what says the TOKEN_PRIVILEGES structure (the part I do not understand how to do):
thanks!