-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathHelpers.Privileges.pas
198 lines (168 loc) · 6.05 KB
/
Helpers.Privileges.pas
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
unit Helpers.Privileges;
interface
uses
Winapi.Windows,
System.SysUtils;
const
// Privileges names
SE_ASSIGNPRIMARYTOKEN_NAME = 'SeAssignPrimaryTokenPrivilege';
SE_AUDIT_NAME = 'SeAuditPrivilege';
SE_BACKUP_NAME = 'SeBackupPrivilege';
SE_CHANGE_NOTIFY_NAME = 'SeChangeNotifyPrivilege';
SE_CREATE_GLOBAL_NAME = 'SeCreateGlobalPrivilege';
SE_CREATE_PAGEFILE_NAME = 'SeCreatePagefilePrivilege';
SE_CREATE_PERMANENT_NAME = 'SeCreatePermanentPrivilege';
SE_CREATE_TOKEN_NAME = 'SeCreateTokenPrivilege';
SE_DEBUG_NAME = 'SeDebugPrivilege';
SE_ENABLE_DELEGATION_NAME = 'SeEnableDelegationPrivilege';
SE_IMPERSONATE_NAME = 'SeImpersonatePrivilege';
SE_INC_BASE_PRIORITY_NAME = 'SeIncreaseBasePriorityPrivilege';
SE_INCREASE_QUOTA_NAME = 'SeIncreaseQuotaPrivilege';
SE_LOAD_DRIVER_NAME = 'SeLoadDriverPrivilege';
SE_LOCK_MEMORY_NAME = 'SeLockMemoryPrivilege';
SE_MACHINE_ACCOUNT_NAME = 'SeMachineAccountPrivilege';
SE_MANAGE_VOLUME_NAME = 'SeManageVolumePrivilege';
SE_PROF_SINGLE_PROCESS_NAME = 'SeProfileSingleProcessPrivilege';
SE_REMOTE_SHUTDOWN_NAME = 'SeRemoteShutdownPrivilege';
SE_RESTORE_NAME = 'SeRestorePrivilege';
SE_SECURITY_NAME = 'SeSecurityPrivilege';
SE_SHUTDOWN_NAME = 'SeShutdownPrivilege';
SE_SYNC_AGENT_NAME = 'SeSyncAgentPrivilege';
SE_SYSTEM_ENVIRONMENT_NAME = 'SeSystemEnvironment';
SE_SYSTEM_PROFILE_NAME = 'SeSystemProfilePrivilege';
SE_SYSTEMTIME_NAME = 'SeSystemtimePrivilege';
SE_TAKE_OWNERSHIP_NAME = 'SeTakeOwnershipPrivilege';
SE_TCB_NAME = 'SeTcbPrivilege';
SE_UNDOCK_NAME = 'SeUndockPrivilege';
SE_UNSOLICITED_INPUT_NAME = 'SeUnsolicitedInputPrivilege';
type
IPrivilegesManager = interface
function Enable(Name: string): Boolean;
function Disable(Name: string): Boolean;
function Check(Name: string): Boolean;
function DisableAll: Boolean;
end;
TPrivilegesManager = class(TInterfacedObject, IPrivilegesManager)
strict private
FProcess: THandle;
function CheckPrivilege(Process: THandle; lpszPrivilege: LPCTSTR): Boolean;
function SetPrivilege(Process: THandle;
lpszPrivilege: LPCTSTR; // name of privilege to enable/disable
bEnablePrivilege: BOOL; // to enable or disable privilege
bDisableAllPrivileges: BOOL = False): BOOL;
public
constructor Create(Process: THandle); overload;
constructor Create; overload;
function Enable(Name: string): Boolean;
function Disable(Name: string): Boolean;
function Check(Name: string): Boolean;
function DisableAll: Boolean;
public
class function Current: IPrivilegesManager;
end;
implementation
{ TPrivilegesManager }
class function TPrivilegesManager.Current: IPrivilegesManager;
begin
Result := TPrivilegesManager.Create;
end;
constructor TPrivilegesManager.Create;
begin
Create(GetCurrentProcess);
end;
constructor TPrivilegesManager.Create(Process: THandle);
begin
inherited Create;
FProcess := Process;
end;
function TPrivilegesManager.Enable(Name: string): Boolean;
begin
Result := SetPrivilege(FProcess, LPCTSTR(Name), True, False);
end;
function TPrivilegesManager.Disable(Name: string): Boolean;
begin
Result := SetPrivilege(FProcess, LPCTSTR(Name), False, False);
end;
function TPrivilegesManager.Check(Name: string): Boolean;
begin
Result := CheckPrivilege(FProcess, LPCTSTR(Name));
end;
function TPrivilegesManager.DisableAll: Boolean;
begin
Result := SetPrivilege(FProcess, nil, False, True);
end;
function TPrivilegesManager.SetPrivilege(Process: THandle;
lpszPrivilege: LPCTSTR; bEnablePrivilege: BOOL; bDisableAllPrivileges: BOOL): BOOL;
var
TokenHandle: THandle;
TokenPrivileges: TTokenPrivileges;
newLuid: LUID;
ReturnLength: DWORD;
begin
if not OpenProcessToken(Process,
TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, TokenHandle)
then
Exit(False);
try
if not bDisableAllPrivileges then
begin
if not LookupPrivilegeValue(nil, lpszPrivilege, TLargeInteger(newLuid)) then
Exit(False);
TokenPrivileges.PrivilegeCount := 1;
TokenPrivileges.Privileges[0].Luid := TLargeInteger(newLuid);
if bEnablePrivilege then
TokenPrivileges.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else
TokenPrivileges.Privileges[0].Attributes := 0;
end
else
ZeroMemory(@TokenPrivileges, SizeOf(TokenPrivileges));
if not AdjustTokenPrivileges(TokenHandle,
bDisableAllPrivileges,
TokenPrivileges,
SizeOf(TokenPrivileges),
nil,
ReturnLength) then
Exit(False);
if GetLastError = ERROR_NOT_ALL_ASSIGNED then
Exit(False);
Result := True;
finally
CloseHandle(TokenHandle);
end;
end;
function TPrivilegesManager.CheckPrivilege(Process: THandle; lpszPrivilege: LPCTSTR): Boolean;
var
Luid: TLargeInteger;
TokenHandle: THandle;
TokenInformation: Pointer;
Size: Cardinal;
I: Integer;
begin
Result := False;
if not LookupPrivilegeValue(nil, lpszPrivilege, Luid) then
RaiseLastOSError;
if not OpenProcessToken(Process, TOKEN_QUERY, TokenHandle) then
RaiseLastOSError;
try
if not GetTokenInformation(TokenHandle, TokenPrivileges, nil, 0, Size) then
if GetLastError <> ERROR_INSUFFICIENT_BUFFER then
RaiseLastOSError;
GetMem(TokenInformation, Size);
try
if not GetTokenInformation(TokenHandle, TokenPrivileges, TokenInformation, Size, Size) then
RaiseLastOSError;
with PTokenPrivileges(TokenInformation)^ do
begin
for I := 0 to PrivilegeCount - 1 do
if Privileges[I].Luid = Luid then
Exit(Privileges[I].Attributes and SE_PRIVILEGE_ENABLED = SE_PRIVILEGE_ENABLED);
end;
finally
FreeMem(TokenInformation, Size);
end;
finally
CloseHandle(TokenHandle);
end;
end;
end.