Setting SeDebugPrivilige in .NET

It is really amazing how the .NET Framework has made the development tasks easier. The Framework Class Library is undoubtedly an extremely rich set of API’s. I wanted to dump the entire address space of any process. So, I thought of doing a small Dump Tool in the free time which I get occasionally in the evenings or on weekends. I’ll post the complete code when it’s complete.

Anyway I wrote the following C++ code to get SeDebugPrivilige for a process. SeDebugPrivilige allows any process to access memory and other information of operating system processes which you do not have access to otherwise.

BOOL CTaskManagerDlg::SetPrivilege()

{

   HANDLE hToken;
   TOKEN_PRIVILEGES tp;
   LUID luid;
   TOKEN_PRIVILEGES tpPrevious;
   DWORD cbPrevious=sizeof(TOKEN_PRIVILEGES);

   if(!OpenProcessToken(::GetCurrentProcess(),
   TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken))
     return FALSE;

   if(!LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &luid ))
     return FALSE;
   tp.PrivilegeCount           = 1;
   tp.Privileges[0].Luid       = luid;
   tp.Privileges[0].Attributes = 0;

   AdjustTokenPrivileges(hToken,FALSE,&tp,
   sizeof(TOKEN_PRIVILEGES),&tpPrevious,&cPrevious);
   if (GetLastError() != ERROR_SUCCESS)
     return FALSE;

   tpPrevious.PrivilegeCount       = 1;
   tpPrevious.Privileges[0].Luid   = luid;
   tpPrevious.Privileges[0].Attributes|=(SE_PRIVILEGE_ENABLED);

   AdjustTokenPrivileges(hToken,FALSE, &tpPrevious,cbPrevious,
   NULL,NULL);
   if (GetLastError() != ERROR_SUCCESS)
     return FALSE;

   CloseHandle(hToken);
   return TRUE;

}

This code has been taken mostly from the MSDN Article Article ID: Q131065

To do all this from C# you just need to call a simple function J

System.Diagnostics.Process.EnterDebugMode();

Yes ! Its that easy. The Base Class Library is quite rich but you only have to find the things. However, I still could not find the equivalent of Functions from the native ToolHelp32 library defined in the Kernel32.dll. So, I have to write a complete PInvoke wrapper for that. I will post the complete code on the weekend.

Can anyone tell me where to find .NET Equivalents of  ToolHelp32 Functions ?

Advertisements

2 thoughts on “Setting SeDebugPrivilige in .NET

  1. Bush is forever saying that democracies do not invade other countries and start wars. Well, he did just that. He invaded Iraq, started a war, and killed people. What do you think? What is he doing to us, and what is he doing to the world?
    What happened to us, people? When did we become such lemmings?
    We have lost friends and influenced no one. No wonder most of the world thinks we suck. Thanks to what george bush has done to our country during the past three years, we do!

  2. ANYONE can code in C++,C or C#.

    VB.NET Challenge:
    Create an example code-

    Here’s a challenge for you, who can adjust the token privileges to allow a process to be opened without an exception? I want the VM_READ desired access and QUERY_LIMITED_INFORMATION.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s