Documentation if isapp ....
- Thread starter fpefpe
- Start date
I'm pretty sure that SE_DEBUG_NAME can be enabled "on the fly" if you have a right to it. My SYSUTILS plugin does it in InitializePlugin() (code below). I am an (unelevated) administrator and it apparently succeeds. Even so, I cannot use ISAPP with a system process.
And, in InitializePlugin(),
Code:
BOOL EnableDebugPriv( BOOL bAdd )
{
HANDLE hToken = NULL;
LUID SeDebugNameValue;
TOKEN_PRIVILEGES tp;
BOOL rv = FALSE;
if ( OpenProcessToken( GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) )
{
if ( LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &SeDebugNameValue ) )
{
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = SeDebugNameValue;
tp.Privileges[0].Attributes = bAdd ? SE_PRIVILEGE_ENABLED : 0;
rv = AdjustTokenPrivileges( hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL );
}
CloseHandle( hToken );
}
return rv;
}And, in InitializePlugin(),
Code:
if ( !EnableDebugPriv(TRUE) )
Printf(L"SysUtils: DEBUG privilege is not available\r\n");I guess I was wrong about that. Even though AdjustTokenPrivileges() succeeded (returned TRUE), TCError() shows:
Code:
TCC: (Sys) Not all privileges or groups referenced are assigned to the caller.
hello -- thx for the info ... My ID is part of the admin group and it seems that the directive is not working
I think Rex means processes 0 and 4. Elevated, you can query any other process.
UAC makes for a sad state of affairs for privileges like SE_DEBUG_NAME and SE_SYSTEMTIME_NAME. While admins have those (and others) privileges, the "token" assigned to an admin logged in under UAC does not have them. Since they're not in the token, they cannot be assigned, even if you ask for them politely.
With SECPOL.MSC (Management Console Security Policy Snap-in) you can enable those privileges for anyone, including ordinary users. Having done so, ordinary users can debug and set the system time with no fuss at all. But admins still can't (without elevation) because of that crippled token given to them by UAC.
