Hi all, I have a problem here, in this sample I'm trying to set the token attributes to SE_DEBUG_NAME but when is called AdjustTokenPrivileges fail with the error ERROR_NOACCESS (000003E6). I had made the same thing with VC++ 2005 from a sample in the msdn "How to Shut Down the System" and it have worked fine, I have debugged thousands of times and I can't figure out where is the problem. Thanks..
The Goasm source
TOKEN_PRIVILEGES STRUCT
COUNT DD ?
LUID DQ ?
ATRIBUTES DD ?
ENDS
DATA SECTION
SET_DEBUG_PRV DB 'SeDebugPrivilege', 0
hToken DD ?
luid DQ ?
tkp TOKEN_PRIVILEGES
CODE SECTION
START:
INT 3
MOV EBX, ADDR tkp
CALL GetCurrentProcess
PUSH ADDR hToken
PUSH 0x28 ;TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY
PUSH EAX
CALL OpenProcessToken
OR EAX, EAX
JZ >
PUSH ADDR tkp.LUID
PUSH ADDR SET_DEBUG_PRV
PUSH 0
CALL LookupPrivilegeValueA
MOV D[tkp.COUNT], 1
MOV D[tkp.ATRIBUTES], 2
PUSH 0
PUSH 0
PUSH 0
PUSH ADDR tkp
PUSH 0
PUSH [hToken]
CALL AdjustTokenPrivileges
:
RET
C Source from MSDN
#include <stdio.h>
#include <windows.h>
int main(){
HANDLE hToken;
TOKEN_PRIVILEGES tkp;
// Get a token for this process.
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
return( FALSE );
// Get the LUID for the shutdown privilege.
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, // I have changed SE_SHUTDOWN_NAME
&tkp.Privileges[0].Luid);
GetLastError();
tkp.PrivilegeCount = 1; // one privilege to set
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
// Get the shutdown privilege for this process.
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,
(PTOKEN_PRIVILEGES)NULL, 0);
if (GetLastError() != ERROR_SUCCESS)
return FALSE;
//Shut down the system and force all applications to close.
/* if (!ExitWindowsEx(EWX_SHUTDOWN | EWX_FORCE,
SHTDN_REASON_MAJOR_OPERATINGSYSTEM | SHTDN_REASON_FLAG_PLANNED))
return FALSE; */
return TRUE;
}
Hi debali
If you add an ALIGN 4 just before the tkp structure, this will ensure that the structure is aligned on a dword boundary as required by AdjustTokenPrivileges.
Some APIs are sensitive in this way to alignment of addresses of data.
Thanks works perfect. But by the way how can I know next time what apis needs to be ALIGN?
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Ok I can see now in the goasm manual..
"For Windows NT/2000 and XP the destination of many pointers to data given to the APIs need to be dword aligned, and often this is undocumented. It is a good idea to ensure that the destination of these pointers are always dword aligned in your data section if you are writing code for these platforms"
I will try an answer.
In the SDK header's file ,we find
Quote
#include <pshpack4.h>
typedef struct _LUID_AND_ATTRIBUTES {
LUID Luid;
DWORD Attributes;
} LUID_AND_ATTRIBUTES, * PLUID_AND_ATTRIBUTES;
typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
#include <poppack.h>
The include file pshpack.. tell the compiler to align 4
The include file poppack.h return to the alignement before the changes and so on
And if we look at TOKEN_PRIVILEGES
Quote
typedef struct _TOKEN_PRIVILEGES {
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;
The structure use LUID_AND_ATTRIBUTES that must be align
ToutEnMasm
Hello,
I have seen that ml have an option that can be usefull.
/Zp[n] Set structure alignment
add /Zp4 when using ml and this will be solve many problems.
The align 4 seems to be the defaut alignement for the structures.
Take care with PshPack8 that is present in
Vfw.h
AVIFile - routines for reading/writing standard AVI files
winnt.h
ToutEnMasm
Hi ToutEnMasm, thanks for your answers, now I will know how many bytes i need to ALIENG in future projects. :U
Hi debali,
Structures in NT should be aligned at 4 bytes (ALIGN 4), if you are allocating them as LOCAL then they should already be aligned this way, this is the token adjustment from WinExplorer...
EnableTokenPrivilege FRAME PrivilegeName
LOCAL tp :TOKEN_PRIVILEGES
LOCAL luid :LUID
LOCAL hToken :D
LOCAL hProcess :D
LOCAL tpPrevious :TOKEN_PRIVILEGES
LOCAL cbPrevious :D
mov D[cbPrevious], sizeof TOKEN_PRIVILEGES
//
// Get debug privilege
//
invoke GetCurrentProcess
mov [hProcess],eax
invoke OpenProcessToken, [hProcess],TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, offset hToken
test eax,eax
jnz >
xor eax,eax
ret
:
invoke LookupPrivilegeValue, NULL, [PrivilegeName], offset luid
test eax,eax
jnz >
xor eax,eax
ret
:
//
// first pass. get current privilege setting
//
mov D[tp.PrivilegeCount],1
mov eax,[luid.LowPart]
mov [tp.Privileges.Luid.LowPart],eax
mov eax,[luid.HighPart]
mov [tp.Privileges.Luid.HighPart],eax
mov D[tp.Privileges.Attributes],0
invoke AdjustTokenPrivileges,[hToken],FALSE,offset tp,SIZEOF TOKEN_PRIVILEGES,offset tpPrevious,offset cbPrevious
invoke GetLastError
test eax,eax
jz >
xor eax,eax
ret
:
//
// second pass. set privilege based on previous setting
//
mov D[tpPrevious.PrivilegeCount],1
mov eax,[luid.LowPart]
mov [tpPrevious.Privileges.Luid.LowPart],eax
mov eax,[luid.HighPart]
mov [tpPrevious.Privileges.Luid.HighPart],eax
mov eax,[tpPrevious.Privileges.Attributes]
or eax,SE_PRIVILEGE_ENABLED
mov [tpPrevious.Privileges.Attributes],eax
invoke AdjustTokenPrivileges,[hToken],FALSE,offset tpPrevious,[cbPrevious],NULL,NULL
invoke GetLastError
test eax,eax
jz >
xor eax,eax
ret
:
xor eax,eax
inc eax
ret
ENDF
Quote from: debali on November 04, 2006, 05:57:29 PMBut by the way how can I know next time what apis needs to be ALIGN?
By default, I place Align 4, in all my sections ( of 32 bit software ). After you hit one as a problem, you realize, it's a standard practise for 32 bit programming, not to fall into that pothole any more.
Regards, P1 :8)