Recently, some remote Server, you wrote a Web Service, which calls the USER32.DLL of ExitWindowSex to restart the machine. Starting from Win2k, you need to call AdjustTokenPrivilege to set privilege before calling ExitWindowSex. To do this in C #, you will find it, you have found someone else's code in MS NewsGroup.
Internal class tokenadjuster
{
[DLLIMPORT ("User32.dll")]]]]]
INTERNAL Static Extern Bool EXITWINDOWSEX (INT UFLAGS, INT DWRESERVED);
// Pinvoke Stuff Required To set / enable security privileges
[DLLIMPORT ("Advapi32", setLastError = true)]
[SupportUnmanagedcodeeeSecurity]
Static Extern Int OpenProcessToken
INTPTR ProcessHandle, // Handle to Process
Int desiredaccess, // desired access to process
Ref INTPTR tokenhandle // Handle To Open Access Token
);
[DLLIMPORT ("kernel32", setLastError = true)]
[SupportUnmanagedcodeeeSecurity]
Static Extern Bool CloseHandle (INTPTR HANDLE);
[DLLIMPORT ("Advapi32.dll", Charset = charset.auto, setLastError = true)]
[SupportUnmanagedcodeeeSecurity]
Static Extern Int AdjustTokenPrivileges
INTPTR tokenhandle,
Int disableAllPrivileges,
INTPTR NewState,
Int bufferlength,
INTPTR Previousste,
Ref int ReturnLength;
[DLLIMPORT ("Advapi32.dll", Charset = charset.auto, setLastError = true)]
[SupportUnmanagedcodeeeSecurity]
Static Extern Bool LookuppprivileGevalue
String lpsystemname,
String lpname,
Ref luid lpluid;
[Structlayout (layoutkind.sequential)]
Internal struct Luid
{
INTERNAL INT lowPart;
INTERNAL INTHIGHPART;
}
[Structlayout (layoutkind.sequential)]
INTERNAL STRUCT Luid_and_attributes
{
Luid LUID;
Int attribute;
}
[Structlayout (layoutkind.sequential)]
INTERNAL STRUCT _PRIVILEGE_SET
{
Int privilegect;
Int control;
[Marshalas (UnmanagedType.ByValarray, SizeConst = 1)] // Anysize_Array = 1luid_and_attributes [] privileges
}
[Structlayout (layoutkind.sequential)]
INTERNAL STRUCT TOKEN_PRIVILEGES
{
INTERNAL INT Privilect;
[Marshalas (UnmanagedType.ByValarray, SizeConst = 3)]
INTERNAL INT [] PRIVILEGES
}
Const int se_privilege_enabled = 0x00000002;
Const int token_adjust_privileges = 0x00000020;
Const int token_query = 0x00000008;
Const int token_all_access = 0x001F01FF;
Const int process_query_information = 0x00000400;
Public Static Bool SetPrivilege (String Privilege, Bool EnablePrivilege)
{
Bool retval = false;
INT LTKPOLD = 0;
INTPTR HTOKEN = INTPTR.ZERO;
Token_Privileges Tkp = new token_privileges ();
Tkp.privileges = new int [3];
Token_privileges tkpold = new token_privileges ();
Tkpold.privileges = new int [3];
Luid Tluid = New Luid ();
Tkp.priVilegect = 1;
EnablePrivilege
Tkp.privileges [2] = SE_PRIVILEGE_ENABED;
Else
Tkp.privileges [2] = 0;
IF (LookuppprivileValue (Null, Privilege, Ref Tluid)
{
Process proc = process.getcurrentprocess ();
IF (Proc.Handle! = INTPTR.ZERO)
{
IF (OpenProcessToken (proc.handle, token_adjust_privileges | token_Query, Ref HToken)! = 0)
{
Tkp.priVilegect = 1;
Tkp.privileges [2] = SE_PRIVILEGE_ENABED;
Tkp.privileges [1] = tluid.highpart;
Tkp.privileges [0] = tluid.lowpart;
Const int buflength = 256;
INTPTR TU = Marshal.allochglobal (BUFLens);
Marshal.StructureToptr (TKP, TU, TRUE);
IF (AdjustTokenPrivileges (HToken, 0, Tu, Bufflength, INTPTR.ZERO, REF LTKPOLD)! = 0)
{
// Successful AdjustTokenPrivileges Doesn't Mean Privile Could Be change
INT Ierror = Marshal.getlastwin32error ();
IF (ierror == 0)
{
RetVal = true; // token changed
}
Else
{
Throw new ApplicationException (Ierror.Tostring ());
}
}
Token_Privileges tokp = (token_privileges) Marshal.PTRTOStructure (TU,
Typeof (token_privileges));
Marshal.Freehglobal (TU);
}
}
}
IF (htoken! = INTPTR.ZERO)
{
CloseHandle (HTOKEN);
}
Return RetVal;
}
}
First, I wrote a test line app, which is very smooth, but after the same code is rewritten into the Web Service, calling EXITWINDOWSEX without reacting - Track Check, AdjustTokenPrivilege does not return an error. Do not worry in the back A GetLastError got a 1300 error - NOT All Privilegens Reference Areigned to the Caller. It seems that the user permission to run the process is not enough .... Try to change the processmodel / @ user in Machine.Config to Machine SYSTEM, everything is OK. However, if I don't change this, but try to give the ASPNET User Weighted limit, it seems that there is still a problem - I even gave the Act As A Part of OS in the local policy, let alone join the Local Admin group . I don't know what kind of permissions needed to successfully set this privilege.
BTW: After writing this, it is a way to skip the AdjustTokenPrivileges Restart machine: Simple Write a Windows Service, when you want to restart, you want to want this service to throw 1 error, just do it in the Recover page configured in Service. A little set, you can restart. The idea comes from the previous virus that will engage the S RPC service, but there is no trial, but I believe that there is basically no big problem.
Finally, Congratulations to the success of the classmates to get married, and tomato scrambled eggs are eaten every day. Haha
