AdjustTokenPrivileges fail with ERROR_NOACCESS (000003E6)

Started by debali, November 04, 2006, 03:55:56 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

debali

November 04, 2006, 03:55:56 PM
  Hi all, I have a problem here, in this sample I'm trying to set the token attributes to SE_DEBUG_NAME but when is called AdjustTokenPrivileges fail with the error ERROR_NOACCESS (000003E6). I had made the same thing with VC++ 2005 from a sample in the msdn "How to Shut Down the System" and it have worked fine, I have debugged thousands of times and I can't figure out where is the problem. Thanks..

The Goasm source

TOKEN_PRIVILEGES STRUCT
COUNT DD ?
LUID  DQ ?
ATRIBUTES DD ?
ENDS

DATA SECTION
SET_DEBUG_PRV DB 'SeDebugPrivilege', 0
hToken DD ?
luid DQ ?
tkp TOKEN_PRIVILEGES

CODE SECTION
START:
INT 3
MOV EBX, ADDR tkp
CALL GetCurrentProcess
PUSH ADDR hToken
PUSH 0x28                        ;TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY
PUSH EAX
CALL OpenProcessToken
OR EAX, EAX
JZ >
PUSH ADDR tkp.LUID
PUSH ADDR SET_DEBUG_PRV
PUSH 0
CALL LookupPrivilegeValueA
MOV D[tkp.COUNT], 1
MOV D[tkp.ATRIBUTES], 2
PUSH 0
PUSH 0
PUSH 0
PUSH ADDR tkp
PUSH 0
PUSH [hToken]
CALL AdjustTokenPrivileges
:
RET

C Source from MSDN

#include <stdio.h>
#include <windows.h>

int main(){
   HANDLE hToken;
   TOKEN_PRIVILEGES tkp;

   // Get a token for this process.
   if (!OpenProcessToken(GetCurrentProcess(),
        TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
      return( FALSE );

   // Get the LUID for the shutdown privilege.

   LookupPrivilegeValue(NULL, SE_DEBUG_NAME,  // I have changed SE_SHUTDOWN_NAME
        &tkp.Privileges[0].Luid);
   GetLastError();

   tkp.PrivilegeCount = 1;  // one privilege to set
   tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

   // Get the shutdown privilege for this process.

   AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,
        (PTOKEN_PRIVILEGES)NULL, 0);

   if (GetLastError() != ERROR_SUCCESS)
      return FALSE;


   //Shut down the system and force all applications to close.

  /* if (!ExitWindowsEx(EWX_SHUTDOWN | EWX_FORCE,
               SHTDN_REASON_MAJOR_OPERATINGSYSTEM | SHTDN_REASON_FLAG_PLANNED))
      return FALSE; */

   return TRUE;
   }

jorgon

#1
November 04, 2006, 05:03:57 PM
Hi debali

If you add an ALIGN 4 just before the tkp structure, this will ensure that the structure is aligned on a dword boundary as required by AdjustTokenPrivileges.

Some APIs are sensitive in this way to alignment of addresses of data.

Author of the "Go" tools (GoAsm, GoLink, GoRC, GoBug)

debali

#2
November 04, 2006, 05:57:29 PM
  Thanks works perfect. But by the way how can I know next time what apis needs to be ALIGN?



/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Ok I can see now in the goasm manual..

"For Windows NT/2000 and XP the destination of many pointers to data given to the APIs need to be dword aligned, and often this is undocumented. It is a good idea to ensure that the destination of these pointers are always dword aligned in your data section if you are writing code for these platforms"

ToutEnMasm

#3
November 04, 2006, 07:14:58 PM
I will try an answer.
In the SDK header's file ,we find


Quote
#include <pshpack4.h>

typedef struct _LUID_AND_ATTRIBUTES {
    LUID Luid;
    DWORD Attributes;
    } LUID_AND_ATTRIBUTES, * PLUID_AND_ATTRIBUTES;
typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;

#include <poppack.h>

The include file pshpack.. tell the compiler to align 4
The include file poppack.h return  to the alignement before the changes and so on

And if we look at  TOKEN_PRIVILEGES
Quote
typedef struct _TOKEN_PRIVILEGES {
    DWORD PrivilegeCount;
    LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;


The structure use LUID_AND_ATTRIBUTES  that must be align


                                          ToutEnMasm

                                 



ToutEnMasm

#4
November 05, 2006, 10:26:04 AM
Hello,
I have seen that ml have an option  that can be usefull.
/Zp[n] Set structure alignment
add /Zp4  when using ml and this will be solve many problems.
The align 4 seems to be the defaut alignement for the structures.
Take care with PshPack8 that is present in
Vfw.h
AVIFile - routines for reading/writing standard AVI files
winnt.h
                                ToutEnMasm


debali

#5
November 06, 2006, 01:15:10 AM
Hi ToutEnMasm, thanks for your answers, now I will know how many bytes i need to ALIENG in future projects.  :U

donkey

#6
November 06, 2006, 01:44:30 AM
Hi debali,

Structures in NT should be aligned at 4 bytes (ALIGN 4), if you are allocating them as LOCAL then they should already be aligned this way, this is the token adjustment from WinExplorer...

Code Select
EnableTokenPrivilege FRAME PrivilegeName
LOCAL tp :TOKEN_PRIVILEGES
LOCAL luid :LUID
LOCAL hToken :D
LOCAL hProcess :D
LOCAL tpPrevious :TOKEN_PRIVILEGES
LOCAL cbPrevious :D

mov D[cbPrevious], sizeof TOKEN_PRIVILEGES

//
// Get debug privilege
//
invoke GetCurrentProcess
mov [hProcess],eax

invoke OpenProcessToken, [hProcess],TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, offset hToken
test eax,eax
jnz >
xor eax,eax
ret
:

invoke LookupPrivilegeValue, NULL, [PrivilegeName], offset luid
test eax,eax
jnz >
xor eax,eax
ret
:

//
// first pass.  get current privilege setting
//
mov D[tp.PrivilegeCount],1
mov eax,[luid.LowPart]
mov [tp.Privileges.Luid.LowPart],eax
mov eax,[luid.HighPart]
mov [tp.Privileges.Luid.HighPart],eax
mov D[tp.Privileges.Attributes],0

invoke AdjustTokenPrivileges,[hToken],FALSE,offset tp,SIZEOF TOKEN_PRIVILEGES,offset tpPrevious,offset cbPrevious

invoke GetLastError
test eax,eax
jz >
xor eax,eax
ret
:

//
// second pass.  set privilege based on previous setting
//
mov D[tpPrevious.PrivilegeCount],1
mov eax,[luid.LowPart]
mov [tpPrevious.Privileges.Luid.LowPart],eax
mov eax,[luid.HighPart]
mov [tpPrevious.Privileges.Luid.HighPart],eax
mov eax,[tpPrevious.Privileges.Attributes]
or eax,SE_PRIVILEGE_ENABLED
mov [tpPrevious.Privileges.Attributes],eax

invoke AdjustTokenPrivileges,[hToken],FALSE,offset tpPrevious,[cbPrevious],NULL,NULL

invoke GetLastError
test eax,eax
jz >
xor eax,eax
ret
:

xor eax,eax
inc eax
ret
ENDF
"Ahhh, what an awful dream. Ones and zeroes everywhere...[shudder] and I thought I saw a two." -- Bender
"It was just a dream, Bender. There's no such thing as two". -- Fry
-- Futurama

Donkey's Stable

P1

#7
November 06, 2006, 02:48:28 PM
Quote from: debali on November 04, 2006, 05:57:29 PMBut by the way how can I know next time what apis needs to be ALIGN?
By default, I place Align 4, in all my sections ( of 32 bit software ).  After you hit one as a problem, you realize, it's a standard practise for 32 bit programming, not to fall into that pothole any more.

Regards,  P1  :8)
Print
Go Up Pages1
User actions