dcsimg
Results 1 to 8 of 8

Thread: [RESOLVED] Help with GetTokenInformation and SE_SYSTEMTIME_NAME

  1. #1

    Thread Starter
    Hyperactive Member
    Join Date
    Aug 2011
    Location
    Palm Coast, FL
    Posts
    283

    Resolved [RESOLVED] Help with GetTokenInformation and SE_SYSTEMTIME_NAME

    Win32 API Expert help needed!

    I need to use GetTokenInformation to determine if the running process has the SE_SYSTEMTIME_NAME privilege. I'm not trying to enable the privilege, I already know how to do that with AdjustTokenPrivileges.

    Not finding lots of helpful VB6 code for this.

    TIA

  2. #2
    PowerPoster
    Join Date
    Jul 2010
    Location
    NYC
    Posts
    2,289

    Re: Help with GetTokenInformation and SE_SYSTEMTIME_NAME

    Well what code have you written that's failing and where? There's lots of code you can find for that API just not for that exact privilege, but it shouldn't be that different. To find VB6-specific code questions/answers for an API if MSDN isn't enough, I'll go to google and search for e.g. 'declare function gettokeninformation' so it's limited to VB code. There's lots of results for it.

  3. #3

    Thread Starter
    Hyperactive Member
    Join Date
    Aug 2011
    Location
    Palm Coast, FL
    Posts
    283

    Re: Help with GetTokenInformation and SE_SYSTEMTIME_NAME

    NVM - May have found answer.
    Last edited by AAraya; Aug 10th, 2019 at 11:42 AM.

  4. #4
    Addicted Member
    Join Date
    Aug 2017
    Posts
    199

    Re: Help with GetTokenInformation and SE_SYSTEMTIME_NAME

    Quote Originally Posted by AAraya View Post
    NVM - May have found answer.
    Is your solution similar to this?

    Code:
    Option Explicit
    
    Public Const SE_ASSIGNPRIMARYTOKEN_NAME                As String = "SeAssignPrimaryTokenPrivilege"             'Replace a process-level token.
    Public Const SE_AUDIT_NAME                             As String = "SeAuditPrivilege"                          'Generate security audits.
    Public Const SE_BACKUP_NAME                            As String = "SeBackupPrivilege"                         'Back up files and directories.
    Public Const SE_CHANGE_NOTIFY_NAME                     As String = "SeChangeNotifyPrivilege"                   'Bypass traverse checking.
    Public Const SE_CREATE_GLOBAL_NAME                     As String = "SeCreateGlobalPrivilege"                   'Create global objects.
    Public Const SE_CREATE_PAGEFILE_NAME                   As String = "SeCreatePagefilePrivilege"                 'Create a pagefile.
    Public Const SE_CREATE_PERMANENT_NAME                  As String = "SeCreatePermanentPrivilege"                'Create permanent shared objects.
    Public Const SE_CREATE_SYMBOLIC_LINK_NAME              As String = "SeCreateSymbolicLinkPrivilege"             'Create symbolic links.
    Public Const SE_CREATE_TOKEN_NAME                      As String = "SeCreateTokenPrivilege"                    'Create a token object.
    Public Const SE_DEBUG_NAME                             As String = "SeDebugPrivilege"                          'Debug programs.
    Public Const SE_DELEGATE_SESSION_USER_IMPERSONATE_NAME As String = "SeDelegateSessionUserImpersonatePrivilege" 'Impersonate other users.
    Public Const SE_ENABLE_DELEGATION_NAME                 As String = "SeEnableDelegationPrivilege"               'Enable computer and user accounts to be trusted for delegation.
    Public Const SE_IMPERSONATE_NAME                       As String = "SeImpersonatePrivilege"                    'Impersonate a client after authentication.
    Public Const SE_INCREASE_QUOTA_NAME                    As String = "SeIncreaseQuotaPrivilege"                  'Adjust memory quotas for a process.
    Public Const SE_INC_BASE_PRIORITY_NAME                 As String = "SeIncreaseBasePriorityPrivilege"           'Increase scheduling priority.
    Public Const SE_INC_WORKING_SET_NAME                   As String = "SeIncreaseWorkingSetPrivilege"             'Increase a process working set.
    Public Const SE_LOAD_DRIVER_NAME                       As String = "SeLoadDriverPrivilege"                     'Load and unload device drivers.
    Public Const SE_LOCK_MEMORY_NAME                       As String = "SeLockMemoryPrivilege"                     'Lock pages in memory.
    Public Const SE_MACHINE_ACCOUNT_NAME                   As String = "SeMachineAccountPrivilege"                 'Add workstations to domain.
    Public Const SE_MANAGE_VOLUME_NAME                     As String = "SeManageVolumePrivilege"                   'Manage the files on a volume.
    Public Const SE_PROF_SINGLE_PROCESS_NAME               As String = "SeProfileSingleProcessPrivilege"           'Profile single process.
    Public Const SE_RELABEL_NAME                           As String = "SeRelabelPrivilege"                        'Modify an object label.
    Public Const SE_REMOTE_SHUTDOWN_NAME                   As String = "SeRemoteShutdownPrivilege"                 'Force shutdown from a remote system.
    Public Const SE_RESTORE_NAME                           As String = "SeRestorePrivilege"                        'Restore files and directories.
    Public Const SE_SECURITY_NAME                          As String = "SeSecurityPrivilege"                       'Manage auditing and security log.
    Public Const SE_SHUTDOWN_NAME                          As String = "SeShutdownPrivilege"                       'Shut down the system.
    Public Const SE_SYNC_AGENT_NAME                        As String = "SeSyncAgentPrivilege"                      'Synchronize directory service data.
    Public Const SE_SYSTEMTIME_NAME                        As String = "SeSystemtimePrivilege"                     'Change the system time.
    Public Const SE_SYSTEM_ENVIRONMENT_NAME                As String = "SeSystemEnvironmentPrivilege"              'Modify firmware environment values.
    Public Const SE_SYSTEM_PROFILE_NAME                    As String = "SeSystemProfilePrivilege"                  'Profile system performance.
    Public Const SE_TAKE_OWNERSHIP_NAME                    As String = "SeTakeOwnershipPrivilege"                  'Take ownership of files or other objects.
    Public Const SE_TCB_NAME                               As String = "SeTcbPrivilege"                            'Act as part of the operating system.
    Public Const SE_TIME_ZONE_NAME                         As String = "SeTimeZonePrivilege"                       'Change the time zone.
    Public Const SE_TRUSTED_CREDMAN_ACCESS_NAME            As String = "SeTrustedCredManAccessPrivilege"           'Access Credential Manager as a trusted caller.
    Public Const SE_UNDOCK_NAME                            As String = "SeUndockPrivilege"                         'Remove computer from docking station.
    Public Const SE_UNSOLICITED_INPUT_NAME                 As String = "SeUnsolicitedInputPrivilege"               'Read unsolicited input from a terminal device.
    
    Private Type LUID
        LowPart  As Long
        HighPart As Long
    End Type
    
    Private Type LUID_AND_ATTRIBUTES
        Luid_      As LUID
        Attributes As Long
    End Type
    
    Private Type TOKEN_PRIVILEGES
        PrivilegeCount As Long
        Privileges     As LUID_AND_ATTRIBUTES
    End Type
    
    Private Declare Function CloseHandle Lib "kernel32.dll" (ByVal hObject As Long) As Long
    Private Declare Function GetCurrentProcess Lib "kernel32.dll" () As Long
    Private Declare Function GetTokenInformation Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal TokenInformationClass As Long, ByRef TokenInformation As Any, ByVal TokenInformationLength As Long, ByRef ReturnLength As Long) As Long
    Private Declare Function LookupPrivilegeNameW Lib "advapi32.dll" (ByVal lpSystemName As Long, ByRef lpLuid As LUID, ByVal lpName As Long, ByRef cchName As Long) As Long
    Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, ByRef TokenHandle As Long) As Long
    Private Declare Function SysReAllocStringLen Lib "oleaut32.dll" (ByVal pBSTR As Long, Optional ByVal pszStrPtr As Long, Optional ByVal Length As Long) As Long
    
    Public Function IsPrivilegeEnabled(ByRef PrivilegeName As String) As Boolean
        Const TOKEN_QUERY = &H8&, TokenPrivileges = 3&, SE_PRIVILEGE_ENABLED_BY_DEFAULT = &H1&, SE_PRIVILEGE_ENABLED = &H2&, ERROR_INSUFFICIENT_BUFFER = 122&
        Dim hToken As Long, I As Long, Size As Long, sPrivName As String, LA() As LUID_AND_ATTRIBUTES
    
        If OpenProcessToken(GetCurrentProcess, TOKEN_QUERY, hToken) Then
            GetTokenInformation hToken, TokenPrivileges, ByVal 0&, 0&, Size:    Debug.Assert Err.LastDllError = ERROR_INSUFFICIENT_BUFFER
    
            If Size Then
                ReDim LA(0& To (Size \ 4& - 1&) \ 3&) As LUID_AND_ATTRIBUTES
    
                If GetTokenInformation(hToken, TokenPrivileges, LA(0&).Attributes, Size, Size) Then
                    For I = 1& To LA(0&).Attributes
                        Size = 0&
                        LookupPrivilegeNameW 0&, LA(I).Luid_, 0&, Size:         Debug.Assert Err.LastDllError = ERROR_INSUFFICIENT_BUFFER
    
                        If Size Then
                            SysReAllocStringLen VarPtr(sPrivName), , Size - 1&
    
                            If LookupPrivilegeNameW(0&, LA(I).Luid_, StrPtr(sPrivName), Size) Then
                                If sPrivName = PrivilegeName Then
                                    IsPrivilegeEnabled = (LA(I).Attributes And (SE_PRIVILEGE_ENABLED_BY_DEFAULT Or SE_PRIVILEGE_ENABLED)) <> 0&
                                    Exit For
                                End If
                            End If
                        End If
                    Next
                End If
            End If
    
            I = CloseHandle(hToken):                                            Debug.Assert I
        End If
    End Function
    Code:
    ? IsPrivilegeEnabled(SE_SYSTEMTIME_NAME)
    False
    
    ? IsPrivilegeEnabled(SE_CHANGE_NOTIFY_NAME)
    True

  5. #5

    Thread Starter
    Hyperactive Member
    Join Date
    Aug 2011
    Location
    Palm Coast, FL
    Posts
    283

    Re: Help with GetTokenInformation and SE_SYSTEMTIME_NAME

    VB VI - Thanks so much for posting this. Your solution does some things differently than mine. But I didn't really know what I was doing - though I got it to work. I'm going to study yours closely and make changes to mine where necessary. Appreciate your help!

  6. #6

  7. #7

    Thread Starter
    Hyperactive Member
    Join Date
    Aug 2011
    Location
    Palm Coast, FL
    Posts
    283

    Re: Help with GetTokenInformation and SE_SYSTEMTIME_NAME

    My solution is a little different, rather than getting the privilege name on every LUID I just compare the LUIDS. Here are a couple of code snippets. This first one is where I check if a privilege exists in a token.

    Code:
    Private Function PrivilegeExistsInToken(ByVal phdlTokenHandle As Long, pPrivilegeLUID As LUID, ByRef plngErrNum As Long) As Boolean
    
        On Error GoTo PROC_ERROR
    
        '//Determines if a privilege exists in a token
        '//requires a handle to a token (obtained by a call to OpenProcessToken)
        '//and a LUID for the Privilege (obtained by call to LookupPrivilegeValue)
        Dim lngSizeNeeded       As Long
        Dim bytarrReadBuffer()  As Byte
        Dim strStringBuffer     As String
        Dim lngStringPointer    As Long
        Dim lngRetVal           As Long
        Dim bolPrivilegeExists  As Boolean
        Dim arrTokensData()     As LUID_AND_ATTRIBUTES
        
        Const SIZE_DWORD As Long = 4
            
        'init
        bolPrivilegeExists = False
            
        'first call it to get the size of the buffer
        Call GetTokenInformation(phdlTokenHandle, E_TokenInformationClasses.TOKENPRIVILEGES, ByVal 0, 0, lngSizeNeeded)
        
        'size the buffer
        ReDim bytarrReadBuffer(0 To lngSizeNeeded)
        
        'now read the token privileges into the buffer
        lngRetVal = GetTokenInformation(phdlTokenHandle, E_TokenInformationClasses.TOKENPRIVILEGES, bytarrReadBuffer(0), UBound(bytarrReadBuffer), lngSizeNeeded)
        If lngRetVal = 0 Then
            'failure to get token information
            bolPrivilegeExists = False
            plngErrNum = Err.LastDllError
            
            GoTo PROC_EXIT
        End If
        
        '(
        'Notes on the data in the buffer:
        'The first DWORD contains the number of privileges
        'The following bytes contain all of the LUIDS and Attributes
        ')
        
        'how many privileges do we have LUID and Attributes for?
        Dim lngPrivilegesCount  As Long
        Call CopyMemory(lngPrivilegesCount, bytarrReadBuffer(0), SIZE_DWORD)   'first DWORD in the buffer contains this data
        
        If lngPrivilegesCount <= 0 Then
            bolPrivilegeExists = False
            GoTo PROC_EXIT
        End If
        
        'copy the buffer data to arrTokensData
        '(omit the first DWORD which contains the privilege count and get the remaining
        'data which is the LUIDS and Attributes)
        ReDim arrTokensData(0 To lngPrivilegesCount - 1)
        Call CopyMemory(arrTokensData(0), bytarrReadBuffer(SIZE_DWORD), lngPrivilegesCount * Len(arrTokensData(0)))
        
        'search for matching LUID
        Dim i As Long
        
        For i = 0 To (lngPrivilegesCount - 1)
            With arrTokensData(i)
                If .TheLuid.LowPart = pPrivilegeLUID.LowPart Then
                    If .TheLuid.HighPart = pPrivilegeLUID.HighPart Then
                        bolPrivilegeExists = True
                        Exit For
                    End If
                End If
            End With
        Next
                    
    PROC_EXIT:
        Erase bytarrReadBuffer()
        
        PrivilegeExistsInToken = bolPrivilegeExists
    
        Exit Function
    PROC_ERROR:
        With Err
            If .LastDllError <> 0 Then
                plngErrNum = .LastDllError
            Else
                plngErrNum = .Number
            End If
        End With
        
        Resume PROC_EXIT
        Resume    
    End Function
    And here's where I call the function above... This is where I get the token handle for the current process and the LUID for the privilege name.

    Code:
        'get a handle to the current process
        hdlProcessHandle = GetCurrentProcess()
        
        'open the access token for the process
        lngRetVal = OpenProcessToken(hdlProcessHandle, (TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY), hdlTokenHandle)
        If lngRetVal = 0 Then
            bolSuccess = False
            GoTo PROC_EXIT
        End If
        
        'Get the locally unique identifier (LUID) to represent the privilege name.
        strPrivilegeName = "SeSystemtimePrivilege"
        lngRetVal = LookupPrivilegeValue(StrPtr(strSystemName), StrPtr(strPrivilegeName), PrivilegeLuid)
        If lngRetVal = 0 Then
            bolSuccess = False
            GoTo PROC_EXIT
        End If
        
        'does the privilege exist in the token?
        If Not PrivilegeExistsInToken(hdlTokenHandle, PrivilegeLuid, plngErrNum) Then
            bolSuccess = False       
            GoTo PROC_EXIT
        End If
    Last edited by AAraya; Aug 13th, 2019 at 09:03 AM.

  8. #8

    Thread Starter
    Hyperactive Member
    Join Date
    Aug 2011
    Location
    Palm Coast, FL
    Posts
    283

    Re: Help with GetTokenInformation and SE_SYSTEMTIME_NAME

    Quote Originally Posted by wqweto View Post
    Now I feel dumb not noticing it for so long :-))

    </wqw>
    I only noticed myself when typing it up!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width