Skip to content

Commit e1db418

Browse files
torusrxxxtorusrxxx
committed
Privilege view
1 parent 2835adc commit e1db418

File tree

1 file changed

+82
-1
lines changed

1 file changed

+82
-1
lines changed

src/dbg/instruction.cpp

Lines changed: 82 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2383,4 +2383,85 @@ CMDRESULT cbInstrMnemonicbrief(int argc, char* argv[])
23832383
return STATUS_ERROR;
23842384
dputs(MnemonicHelp::getBriefDescription(argv[1]).c_str());
23852385
return STATUS_CONTINUE;
2386-
}
2386+
}
2387+
2388+
2389+
CMDRESULT cbGetPrivilegeState(int argc, char* argv[])
2390+
{
2391+
TOKEN_PRIVILEGES* Privileges;
2392+
DWORD returnLength;
2393+
LUID luid;
2394+
if (LookupPrivilegeValueW(nullptr, StringUtils::Utf8ToUtf16(argv[1]).c_str(), &luid) == 0)
2395+
{
2396+
varset("$result", (duint)0, false);
2397+
return CMDRESULT::STATUS_CONTINUE;
2398+
}
2399+
Privileges = (TOKEN_PRIVILEGES*)emalloc(64 * 16 + 8, "_dbg_getprivilegestate");
2400+
if (GetTokenInformation(hProcessToken, TokenPrivileges, Privileges, 64 * 16 + 8, &returnLength) == 0)
2401+
{
2402+
if (returnLength > 4 * 1024 * 1024)
2403+
{
2404+
varset("$result", (duint)0, false);
2405+
return CMDRESULT::STATUS_CONTINUE;
2406+
}
2407+
Privileges = (TOKEN_PRIVILEGES*)erealloc(Privileges, returnLength, "_dbg_getprivilegestate");
2408+
if (GetTokenInformation(hProcessToken, TokenPrivileges, Privileges, returnLength, &returnLength) == 0)
2409+
{
2410+
efree(Privileges, "_dbg_getprivilegestate");
2411+
return STATUS_ERROR;
2412+
}
2413+
}
2414+
for (unsigned int i = 0; i < Privileges->PrivilegeCount; i++)
2415+
{
2416+
if (4 + sizeof(LUID_AND_ATTRIBUTES) * i > returnLength)
2417+
{
2418+
efree(Privileges, "_dbg_getprivilegestate");
2419+
return STATUS_ERROR;
2420+
}
2421+
if (memcmp(&Privileges->Privileges[i].Luid, &luid, sizeof(LUID)) == 0)
2422+
{
2423+
efree(Privileges, "_dbg_getprivilegestate");
2424+
varset("$result", (duint)(Privileges->Privileges[i].Attributes + 1), false); // 2=enabled, 3=default, 1=disabled
2425+
return STATUS_CONTINUE;
2426+
}
2427+
}
2428+
efree(Privileges, "_dbg_getprivilegestate");
2429+
varset("$result", (duint)0, false);
2430+
return STATUS_CONTINUE;
2431+
}
2432+
2433+
CMDRESULT cbEnablePrivilege(int argc, char* argv[])
2434+
{
2435+
LUID luid;
2436+
if (LookupPrivilegeValueW(nullptr, StringUtils::Utf8ToUtf16(argv[1]).c_str(), &luid) == 0)
2437+
{
2438+
dprintf("Could not find the specified privilege: %s\n", argv[1]);
2439+
return CMDRESULT::STATUS_ERROR;
2440+
}
2441+
TOKEN_PRIVILEGES* Privilege;
2442+
Privilege = (TOKEN_PRIVILEGES*)emalloc(sizeof(LUID_AND_ATTRIBUTES) + 4, "_dbg_enableprivilege");
2443+
Privilege->PrivilegeCount = 1;
2444+
Privilege->Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
2445+
Privilege->Privileges[0].Luid = luid;
2446+
bool ret = AdjustTokenPrivileges(hProcessToken, FALSE, Privilege, sizeof(LUID_AND_ATTRIBUTES) + 4, nullptr, nullptr) != NO_ERROR;
2447+
efree(Privilege, "_dbg_enableprivilege");
2448+
return ret ? CMDRESULT::STATUS_CONTINUE : CMDRESULT::STATUS_CONTINUE;
2449+
}
2450+
2451+
CMDRESULT cbDisablePrivilege(int argc, char* argv[])
2452+
{
2453+
LUID luid;
2454+
if (LookupPrivilegeValueW(nullptr, StringUtils::Utf8ToUtf16(argv[1]).c_str(), &luid) == 0)
2455+
{
2456+
dprintf("Could not find the specified privilege: %s\n", argv[1]);
2457+
return CMDRESULT::STATUS_ERROR;
2458+
}
2459+
TOKEN_PRIVILEGES* Privilege;
2460+
Privilege = (TOKEN_PRIVILEGES*)emalloc(sizeof(LUID_AND_ATTRIBUTES) + 4, "_dbg_disableprivilege");
2461+
Privilege->PrivilegeCount = 1;
2462+
Privilege->Privileges[0].Attributes = 0;
2463+
Privilege->Privileges[0].Luid = luid;
2464+
bool ret = AdjustTokenPrivileges(hProcessToken, FALSE, Privilege, sizeof(LUID_AND_ATTRIBUTES) + 4, nullptr, nullptr) != NO_ERROR;
2465+
efree(Privilege, "_dbg_disableprivilege");
2466+
return ret ? CMDRESULT::STATUS_CONTINUE : CMDRESULT::STATUS_CONTINUE;
2467+
}

0 commit comments

Comments
 (0)