Privileges for registry editting

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • nohimn
    New Member
    • Feb 2010
    • 6
    #1

    Privileges for registry editting

    The RegLoadKey function requires that I set both SE_BACKUP_NAME and SE_RESTORE_NAME to enabled. I'm currently trying, but I keep getting an error:

    Run-Time Check Failure #2 - Stack around the variable 'tkp' was corrupted.

    The code:

    #include <windows.h>

    int WINAPI WinMain(HINSTAN CE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
    {
    HANDLE hToken = NULL;
    LUID rLuid;
    LUID bLuid;
    OpenProcessToke n(GetCurrentPro cess(), TOKEN_ADJUST_PR IVILEGES|TOKEN_ QUERY, &hToken);
    TOKEN_PRIVILEGE S tkp;

    LookupPrivilege Value(NULL, SE_BACKUP_NAME, &tkp.Privile ges[0].Luid);
    LookupPrivilege Value(NULL, SE_RESTORE_NAME , &tkp.Privile ges[1].Luid);
    tkp.PrivilegeCo unt = 2;
    tkp.Privileges[0].Attributes = SE_PRIVILEGE_EN ABLED;
    tkp.Privileges[1].Attributes = SE_PRIVILEGE_EN ABLED;
    AdjustTokenPriv ileges(hToken, FALSE, &tkp, 0, NULL, 0);
    CloseHandle(hTo ken);
    RegLoadKey(HKEY _USERS, L"Test\\", L"C:\\Docume nts and Settings\\test\ \NTUSER.DAT");
    return 0;
    }

    I'm just digging into WinAPI, and I only picked up c++ last semester, so I'm willing to bet that this is a fairly elementary mistake. But I can't seem to find it. I did track that the error occurs when I try to set anything to tkp.Privileges[1], so it's probably an array issue, but I just can't figure out exactly how to go about fixing this. Anyone?
    Tags: visual c++, windows api
    • weaknessforcats
      Recognized Expert Expert
      • Mar 2007
      • 9214
      #2
      The PriviledgeCount member of TOKEN_PRIVILEGE S has the number of elements in the array. I would check that before assuming [0] or [1].


      Exactly how is this getting set?

        Comment

        • nohimn
          New Member
          • Feb 2010
          • 6
          #3
          I'm setting that variable like so:

          tkp.PrivilegeCo unt = 2;

          declaring this before the LookupPrivilege Value function doesn't change the issue. I found an article that essentially does what I'm trying to do in VB

          Error - Office.com - Microsoft Support
          http://support.microsoft.com/kb/297060


          I can't see where I'm going wrong.

            Comment

            • grayMist
              New Member
              • Feb 2010
              • 12
              #4
              the TOKEN_PRIVILEGE S struct defines the Privileges as an ANY_SIZE array.
              Which simply means that the array size is 1.

              This allows the TOKEN_PRIVILEGE S struct to be used to type cast an arbitrary sized buffer and access the Privilege member at any offset (the max being defined by the PrivilegeCount member)

              If you simply access TOKEN_PRIVILEGE S struct after a normal defination, the maximum Privileges can only be 1.

              You can first do a GetTokenInforma tion() on the token handle returned by OpenProcessToke n() with the TOKEN_INFORMATI ON_CLASS enum set to TokenPrivileges . This will return the actual privileges in the return buffer.
              and then modify the returned TOKEN_PRIVILEGE S using AdjustTokenPriv ileges()

              You may also skip the GetTokenInforma tion() altogether and directly go for AdjustTokenPriv ileges(), but in that case use the PTOKEN_PRIVILEG ES to typecast an adequately large buffer and then set the new privileges.
              Last edited by grayMist; Feb 25 '10, 07:17 AM. Reason: improved readability

                Comment

                • nohimn
                  New Member
                  • Feb 2010
                  • 6
                  #5
                  Thanks grayMist! I basically used your last suggestion, and allocated a larger buffer to fit both items in the array. It seems to work without error now!:

                  #include <windows.h>

                  int WINAPI WinMain(HINSTAN CE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
                  {
                  HANDLE hToken = NULL;
                  LUID rLuid;
                  LUID bLuid;
                  OpenProcessToke n(GetCurrentPro cess(), TOKEN_ADJUST_PR IVILEGES|TOKEN_ QUERY, &hToken);
                  int offset = FIELD_OFFSET(TO KEN_PRIVILEGES, Privileges[2]);
                  PTOKEN_PRIVILEG ES tkp = (PTOKEN_PRIVILE GES) malloc(offset);




                  tkp->PrivilegeCou nt = 2;
                  tkp->Privileges[0];
                  LookupPrivilege Value(NULL, SE_BACKUP_NAME, &bLuid);
                  tkp->Privileges[0].Luid = bLuid;
                  tkp->Privileges[0].Attributes = SE_PRIVILEGE_EN ABLED;
                  LookupPrivilege Value(NULL, SE_RESTORE_NAME , &rLuid);
                  tkp->Privileges[1].Luid = rLuid;
                  tkp->Privileges[1].Attributes = SE_PRIVILEGE_EN ABLED;
                  AdjustTokenPriv ileges(hToken, FALSE, tkp, 0, NULL, 0);
                  CloseHandle(hTo ken);
                  RegLoadKey(HKEY _USERS, L"Test\\", L"C:\\Docume nts and Settings\\test\ \NTUSER.DAT");
                  return 0;
                  }

                    Comment

                    Previous template Next
                    Working...