I'm having a hard time figuring out how to instantiate a fixed array of structs inside a struct.
If I could do this, I'd be able to make a single call to AdjustTokenPrivileges, and could again sleep at night.

Here are the two structs I'm working with:

TOKEN_PRIVILEGES STRUCT
? PrivilegeCount? ? DWORD? ? ? ?
? Privileges? ? ? ? LUID_AND_ATTRIBUTES ANYSIZE_ARRAY dup(<>)
TOKEN_PRIVILEGES ENDS

LUID_AND_ATTRIBUTES STRUCT
? ? Luid LUID <>
? ? Attributes dd ?
LUID_AND_ATTRIBUTES ENDS

I'd like to instantiate a single TOKEN_PRIVILEGES struct with the Privileges member as an array of two LUID_AND_ATTRIBUTES structs. Is this possible?


My code is as follows:
==========================================================

main proc
LOCAL tokenHandle:HANDLE
LOCAL TP:TOKEN_PRIVILEGES
LOCAL RequiredPrivileges:PRIVILEGE_SET
LOCAL pid:DWORD

;;; open the process security token and add two privileges to enable RegLoadKey()
invoke GetCurrentProcess
mov pid, eax
invoke OpenProcessToken, pid, TOKEN_ADJUST_PRIVILEGES + TOKEN_QUERY, addr tokenHandle

mov TP.PrivilegeCount, 1
lea edi, TP.Privileges[0].Luid
invoke LookupPrivilegeValue, NULL, $CTA0("SeRestorePrivilege"), edi
mov TP.Privileges[0].Attributes, SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges, tokenHandle, FALSE, addr TP, NULL, NULL, NULL
.IF eax == 0
invoke CloseHandle, tokenHandle
invoke StdOut, $CTA0("Adding SeRestorePrivilege failed.\n")
invoke ExitProcess, 1
.ENDIF

mov TP.PrivilegeCount, 1
lea edi, TP.Privileges[0].Luid
invoke LookupPrivilegeValue, NULL, $CTA0("SeBackupPrivilege"), edi
mov TP.Privileges[0].Attributes, SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges, tokenHandle, FALSE, addr TP, NULL, NULL, NULL
.IF eax == 0
invoke CloseHandle, tokenHandle
invoke StdOut, $CTA0("Adding SeBackupPrivilege failed.\n")
invoke ExitProcess, 1
.ENDIF

invoke CloseHandle, tokenHandle
==========================================================


I've tried variations between using global and local instantiations, but to no avail.
Some attempts to accomplish this included:
.data
TP TOKEN_PRIVILEGES {2, <,>}
and
TP TOKEN_PRIVILEGES {2, <<>,<>>}
and
TP TOKEN_PRIVILEGES {2, <><>}
and
TP TOKEN_PRIVILEGES {2, <,>:LUID_AND_ATTRIBUTES}

I would be very relieved if someone could help clarify the proper LOCAL and/or .data definition semantics :)

Many thanks in advance!

-Jerome
Posted on 2005-06-08 12:17:07 by jackal651
The following code should work, if it doesn't you can always just copy all the junk into a regular buff then after looking at how many bytes each struct is, use masms MemCopy to copy to a temp struct and go from there.


TOKEN_PRIVILEGES STRUCT
  PrivilegeCount    DWORD      ?
  Privileges      TEMPSTRUCT <?>
TOKEN_PRIVILEGES ENDS

TEMPSTRUCT STRUCT
struct1        LUID_AND_ATTRIBUTES ANYSIZE_ARRAY dup(<>)
struct2        LUID_AND_ATTRIBUTES ANYSIZE_ARRAY dup(<>)
TEMPSTRUCT ENDS

LUID_AND_ATTRIBUTES STRUCT
    Luid LUID <>
    Attributes dd ?
LUID_AND_ATTRIBUTES ENDS
Posted on 2005-06-08 14:21:39 by Webring
in TASM you can simply do:

struc LUID_AND_ATTRIBUTES
    Luid dd ?
    Attributes dd ?
ends LUID_AND_ATTRIBUTES

struc TOKEN_PRIVILEGES
  PrivilegeCount  dd ?
  Privileges      LUID_AND_ATTRIBUTES 2 DUP (?)
ends TOKEN_PRIVILEGES


data:

my_privs    TOKEN_PRIVILEGES  ?

code:

mov eax, .Attributes]
mov ecx, .Attributes]
Posted on 2005-06-08 15:22:22 by ti_mo_n