[Microwave89]

Hi Guys,

For the last few hours I've been messing around with a Win32 function called "OpenProcessToken" (or the Nt version)
in order to be able to gain shutdown privileges.

This is the code I'm currently using, and my machine is running Windows 8.1 x64.

Code: Select all

HANDLE hCurrProcess = GetCurrentProcess();
if (!OpenProcessToken(hCurrProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, phTokenHandle)){
	MessageBoxW(NULL, L"fail", L"fail", 0);
	return -1;
}

Unfortunately, the code fails always with an "access denied" error!
There is also no difference between launching it as an administrator or not (UAC is currently enabled).

I also searched the web, but couldn't come up with a viable solution to this problem.
I read though that a special privilege (SeCreateTokenPrivilege) is needed, but removed from the entire system after service start up.
So even as an administrator there is no way to debug programs (SeDebugPrivilege is needed) or to load a driver (SeLoadDriverPrivilege) if these privileges are not being enabled by default??
WTF?

So what might I'm doing wrong?
Or does there really no solution exist addressing this issue?


Best regards - Microwave89

[Buster_BSA]

http://msdn.microsoft.com/en-us/library ... p/aa376871

Code: Select all

#include <windows.h>

#pragma comment(lib, "user32.lib")
#pragma comment(lib, "advapi32.lib")

BOOL MySystemShutdown()
{
   HANDLE hToken; 
   TOKEN_PRIVILEGES tkp; 
 
   // Get a token for this process. 
 
   if (!OpenProcessToken(GetCurrentProcess(), 
        TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) 
      return( FALSE ); 
 
   // Get the LUID for the shutdown privilege. 
 
   LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, 
        &tkp.Privileges[0].Luid); 
 
   tkp.PrivilegeCount = 1;  // one privilege to set    
   tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; 
 
   // Get the shutdown privilege for this process. 
 
   AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, 
        (PTOKEN_PRIVILEGES)NULL, 0); 
 
   if (GetLastError() != ERROR_SUCCESS) 
      return FALSE; 
 
   // Shut down the system and force all applications to close. 
 
   if (!ExitWindowsEx(EWX_SHUTDOWN | EWX_FORCE, 
               SHTDN_REASON_MAJOR_OPERATINGSYSTEM |
               SHTDN_REASON_MINOR_UPGRADE |
               SHTDN_REASON_FLAG_PLANNED)) 
      return FALSE; 

   //shutdown was successful
   return TRUE;
}

[Microwave89]

Hi Buster_BSA,

Sorry for no responding to your answer, I was quite busy these days!

So thanks a lot for the code example!
I had also searched the web though, but haven't been able to figure out, what i've been doing wrong.
So I just copied your code, and interestingly it worked as expected!

Best Regards, Microwave89

[EP_X0FF]

Your problem is likely because of

phTokenHandle

which is pointer you defined but not allocated.

Third param of OpenProcessToken is pointer to receive handle. So it is &Handle not PHandle

[Microwave89]

Thanks for your input as well, EP_X0FF!

Yes, I remember today that I've been noticing a subtle difference between my code and the example of Buster_BSA, when I was figuring out why my code didn't run.
I sometimes still have a few problems regarding pointers...but I'm learning to understand them.


Best Regards - Microwave