c++ get handle to wininit.exe

Question

eulogy57 0 Newbie Poster

14 Years Ago

Hi. I've been browsing this forum for answers for some time now and i guess it's about time to post a question myself. Here's the deal:

I have a dll file in which i define a method that sets SE_DEBUG_NAME to enabled. Here's the code:

// tema4dll.cpp : Defines the exported functions for the DLL application.
//

#include "stdafx.h"
#include <windows.h>
#include <stdio.h>
#pragma comment(lib, "advapi32.lib")


extern "C" __declspec(dllexport) bool SetPriviledge ()
{
	TOKEN_PRIVILEGES Debug_Privileges;


	if (!LookupPrivilegeValue (NULL, SE_DEBUG_NAME, &Debug_Privileges.Privileges[0].Luid)) 
	{
		printf("==================================\n");
		printf ("LookupPrivilegeValue error: %u\n", GetLastError());
		printf("==================================\n");
		return false;
	}


	HANDLE hToken = 0;
	if (!OpenProcessToken (GetCurrentProcess (), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) 
	{	
		printf("==================================\n");
		printf ("OpenProcessToken error: %u\n", GetLastError());
		printf("==================================\n");

		if (hToken)
			CloseHandle (hToken); 
		return false; 
	}


	Debug_Privileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; 
	Debug_Privileges.PrivilegeCount = 1; 

	if (!AdjustTokenPrivileges (hToken,	FALSE, &Debug_Privileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL))
	{
		printf("==================================\n");
		printf ("AdjustTokenPrivileges error: %u\n", GetLastError());
		printf("==================================\n");

		if (hToken) 
			CloseHandle (hToken); 
		return false; 
	}

	return true; 

}

I then dynamically load the dll in another program, call the function described above and then try to get a handle to "wininit.exe". Here's the code:

// tema4.cpp : Defines the entry point for the console application.
//



#include "stdafx.h"
#include <windows.h>
#include <stdio.h>
#include <tlhelp32.h>
#include <tchar.h>
#include <wchar.h>

typedef bool (WINAPI *PGNSI)();

int _tmain(int argc, _TCHAR* argv[])
{
	HMODULE hModule;
	PGNSI pGNSI;

	hModule=LoadLibrary(L"d:\\Vlad\\Facultate\\An III\\semII\\CSSO\\tema4\\tema4dll");

	if(hModule==NULL)
	{
		printf("==================================\n");
		printf ("Error at loading library: %u\n", GetLastError());
		printf("==================================\n");
		return 1;
	}
	
	printf("==================================\n");
	printf("Library found\n");
	printf("==================================\n");
	
	pGNSI = (PGNSI)GetProcAddress(hModule,(LPCSTR)"SetPriviledge");

	if(NULL == pGNSI)
	{
		printf("==================================\n");
		printf("Error at finding function: %u\n", GetLastError());
		printf("==================================\n");
		return 1;
	}
	
	printf("==================================\n");
	printf("Function found\n");
	printf("==================================\n");
		
	if(pGNSI()==FALSE)
	{
		printf("==================================\n");
		printf("Error at setting priviledge: %u\n", GetLastError());
		printf("==================================\n");
		return 1;
	}
	
	printf("==================================\n");
	printf("Privileges set\n");
	printf("==================================\n");

	HANDLE hProcessSnap;
	PROCESSENTRY32 pe32;
	pe32.dwSize = sizeof( PROCESSENTRY32 );
	
	hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
	if( hProcessSnap == INVALID_HANDLE_VALUE )
	{
		printf("==================================\n");
		printf("Can not CreateToolhelp32Snapshot of processes");
		printf("==================================\n");
		return 1;
	}

	if( !Process32First( hProcessSnap, &pe32 ) )
	{
		printf("==================================\n");
		printf("Process32First Error: %u\n", GetLastError()); // show cause of failure
		printf("==================================\n");
		CloseHandle( hProcessSnap );          // clean the snapshot object
		return 1;
	}
	
	do
	{
		if(wcscmp(pe32.szExeFile,L"wininit.exe")==0)
		{
			printf("==================================\n");
			_tprintf( TEXT("PROCESS FOUND: %s %u \n"), pe32.szExeFile, pe32.th32ProcessID);
			printf("==================================\n");

			HANDLE hWininit=OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);

			if(hWininit==NULL)
			{
				printf("==================================\n");
				printf("Getting wininit.exe handle error: %u\n", GetLastError());
				printf("==================================\n");

				if (hWininit) 
					CloseHandle (hWininit);
				
				if (hProcessSnap) 
					CloseHandle (hProcessSnap);

				return 1;
			}
			
		}
	} while( Process32Next( hProcessSnap, &pe32 ) );



	return 0;
}

The problem is that it gives me an error code 5 (ACCESS_DENIED) although the SetPriviledge() function returns true. Does anyone have any idea? Thanks

c++

1 Contributor
2 Replies
452 Views
1 Day Discussion Span
Latest Post 14 Years Ago Latest Post by eulogy57

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

eulogy57 0 Newbie Poster · Answer 1 · 2010-03-30T19:02:44+00:00

has no one got any ideas? and no, it's not meant to break down someone's computer it's just a homework assignment and i really can;t figure it out.

eulogy57 0 Newbie Poster · Answer 2 · 2010-03-31T11:58:21+00:00

ok, problem solved. the code was correct, i just needed to run the program as administrator so the dll function could set the priviledge.