It is really amazing how the .NET Framework has made the development tasks easier. The Framework Class Library is undoubtedly an extremely rich set of API’s. I wanted to dump the entire address space of any process. So, I thought of doing a small Dump Tool in the free time which I get occasionally in the evenings or on weekends. I’ll post the complete code when it’s complete.
Anyway I wrote the following C++ code to get SeDebugPrivilige for a process. SeDebugPrivilige allows any process to access memory and other information of operating system processes which you do not have access to otherwise.
BOOL CTaskManagerDlg::SetPrivilege()
{
HANDLE hToken;
TOKEN_PRIVILEGES tp;
LUID luid;
TOKEN_PRIVILEGES tpPrevious;
DWORD cbPrevious=sizeof(TOKEN_PRIVILEGES);
if(!OpenProcessToken(::GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken))
return FALSE;
if(!LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &luid ))
return FALSE;
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = 0;
AdjustTokenPrivileges(hToken,FALSE,&tp,
sizeof(TOKEN_PRIVILEGES),&tpPrevious,&cPrevious);
if (GetLastError() != ERROR_SUCCESS)
return FALSE;
tpPrevious.PrivilegeCount = 1;
tpPrevious.Privileges[0].Luid = luid;
tpPrevious.Privileges[0].Attributes|=(SE_PRIVILEGE_ENABLED);
AdjustTokenPrivileges(hToken,FALSE, &tpPrevious,cbPrevious,
NULL,NULL);
if (GetLastError() != ERROR_SUCCESS)
return FALSE;
CloseHandle(hToken);
return TRUE;
}
This code has been taken mostly from the MSDN Article Article ID: Q131065
To do all this from C# you just need to call a simple function J
System.Diagnostics.Process.EnterDebugMode();
Yes ! Its that easy. The Base Class Library is quite rich but you only have to find the things. However, I still could not find the equivalent of Functions from the native ToolHelp32 library defined in the Kernel32.dll. So, I have to write a complete PInvoke wrapper for that. I will post the complete code on the weekend.
Can anyone tell me where to find .NET Equivalents of ToolHelp32 Functions ?
Aleem's Weblog 
Bush is forever saying that democracies do not invade other countries and start wars. Well, he did just that. He invaded Iraq, started a war, and killed people. What do you think? What is he doing to us, and what is he doing to the world?
What happened to us, people? When did we become such lemmings?
We have lost friends and influenced no one. No wonder most of the world thinks we suck. Thanks to what george bush has done to our country during the past three years, we do!
ANYONE can code in C++,C or C#.
VB.NET Challenge:
Create an example code-
Here’s a challenge for you, who can adjust the token privileges to allow a process to be opened without an exception? I want the VM_READ desired access and QUERY_LIMITED_INFORMATION.