I'm having a hard time figuring out how to instantiate a fixed array of structs inside a struct.
If I could do this, I'd be able to make a single call to AdjustTokenPrivileges, and could again sleep at night.
Here are the two structs I'm working with:
TOKEN_PRIVILEGES STRUCT
? PrivilegeCount? ? DWORD? ? ? ?
? Privileges? ? ? ? LUID_AND_ATTRIBUTES ANYSIZE_ARRAY dup(<>)
TOKEN_PRIVILEGES ENDS
LUID_AND_ATTRIBUTES STRUCT
? ? Luid LUID <>
? ? Attributes dd ?
LUID_AND_ATTRIBUTES ENDS
I'd like to instantiate a single TOKEN_PRIVILEGES struct with the Privileges member as an array of two LUID_AND_ATTRIBUTES structs. Is this possible?
My code is as follows:
==========================================================
main proc
LOCAL tokenHandle:HANDLE
LOCAL TP:TOKEN_PRIVILEGES
LOCAL RequiredPrivileges:PRIVILEGE_SET
LOCAL pid:DWORD
;;; open the process security token and add two privileges to enable RegLoadKey()
invoke GetCurrentProcess
mov pid, eax
invoke OpenProcessToken, pid, TOKEN_ADJUST_PRIVILEGES + TOKEN_QUERY, addr tokenHandle
mov TP.PrivilegeCount, 1
lea edi, TP.Privileges[0].Luid
invoke LookupPrivilegeValue, NULL, $CTA0("SeRestorePrivilege"), edi
mov TP.Privileges[0].Attributes, SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges, tokenHandle, FALSE, addr TP, NULL, NULL, NULL
.IF eax == 0
invoke CloseHandle, tokenHandle
invoke StdOut, $CTA0("Adding SeRestorePrivilege failed.\n")
invoke ExitProcess, 1
.ENDIF
mov TP.PrivilegeCount, 1
lea edi, TP.Privileges[0].Luid
invoke LookupPrivilegeValue, NULL, $CTA0("SeBackupPrivilege"), edi
mov TP.Privileges[0].Attributes, SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges, tokenHandle, FALSE, addr TP, NULL, NULL, NULL
.IF eax == 0
invoke CloseHandle, tokenHandle
invoke StdOut, $CTA0("Adding SeBackupPrivilege failed.\n")
invoke ExitProcess, 1
.ENDIF
invoke CloseHandle, tokenHandle
==========================================================
I've tried variations between using global and local instantiations, but to no avail.
Some attempts to accomplish this included:
.data
TP TOKEN_PRIVILEGES {2, <,>}
and
TP TOKEN_PRIVILEGES {2, <<>,<>>}
and
TP TOKEN_PRIVILEGES {2, <><>}
and
TP TOKEN_PRIVILEGES {2, <,>:LUID_AND_ATTRIBUTES}
I would be very relieved if someone could help clarify the proper LOCAL and/or .data definition semantics :)
Many thanks in advance!
-Jerome
If I could do this, I'd be able to make a single call to AdjustTokenPrivileges, and could again sleep at night.
Here are the two structs I'm working with:
TOKEN_PRIVILEGES STRUCT
? PrivilegeCount? ? DWORD? ? ? ?
? Privileges? ? ? ? LUID_AND_ATTRIBUTES ANYSIZE_ARRAY dup(<>)
TOKEN_PRIVILEGES ENDS
LUID_AND_ATTRIBUTES STRUCT
? ? Luid LUID <>
? ? Attributes dd ?
LUID_AND_ATTRIBUTES ENDS
I'd like to instantiate a single TOKEN_PRIVILEGES struct with the Privileges member as an array of two LUID_AND_ATTRIBUTES structs. Is this possible?
My code is as follows:
==========================================================
main proc
LOCAL tokenHandle:HANDLE
LOCAL TP:TOKEN_PRIVILEGES
LOCAL RequiredPrivileges:PRIVILEGE_SET
LOCAL pid:DWORD
;;; open the process security token and add two privileges to enable RegLoadKey()
invoke GetCurrentProcess
mov pid, eax
invoke OpenProcessToken, pid, TOKEN_ADJUST_PRIVILEGES + TOKEN_QUERY, addr tokenHandle
mov TP.PrivilegeCount, 1
lea edi, TP.Privileges[0].Luid
invoke LookupPrivilegeValue, NULL, $CTA0("SeRestorePrivilege"), edi
mov TP.Privileges[0].Attributes, SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges, tokenHandle, FALSE, addr TP, NULL, NULL, NULL
.IF eax == 0
invoke CloseHandle, tokenHandle
invoke StdOut, $CTA0("Adding SeRestorePrivilege failed.\n")
invoke ExitProcess, 1
.ENDIF
mov TP.PrivilegeCount, 1
lea edi, TP.Privileges[0].Luid
invoke LookupPrivilegeValue, NULL, $CTA0("SeBackupPrivilege"), edi
mov TP.Privileges[0].Attributes, SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges, tokenHandle, FALSE, addr TP, NULL, NULL, NULL
.IF eax == 0
invoke CloseHandle, tokenHandle
invoke StdOut, $CTA0("Adding SeBackupPrivilege failed.\n")
invoke ExitProcess, 1
.ENDIF
invoke CloseHandle, tokenHandle
==========================================================
I've tried variations between using global and local instantiations, but to no avail.
Some attempts to accomplish this included:
.data
TP TOKEN_PRIVILEGES {2, <,>}
and
TP TOKEN_PRIVILEGES {2, <<>,<>>}
and
TP TOKEN_PRIVILEGES {2, <><>}
and
TP TOKEN_PRIVILEGES {2, <,>:LUID_AND_ATTRIBUTES}
I would be very relieved if someone could help clarify the proper LOCAL and/or .data definition semantics :)
Many thanks in advance!
-Jerome
The following code should work, if it doesn't you can always just copy all the junk into a regular buff then after looking at how many bytes each struct is, use masms MemCopy to copy to a temp struct and go from there.
TOKEN_PRIVILEGES STRUCT
PrivilegeCount DWORD ?
Privileges TEMPSTRUCT <?>
TOKEN_PRIVILEGES ENDS
TEMPSTRUCT STRUCT
struct1 LUID_AND_ATTRIBUTES ANYSIZE_ARRAY dup(<>)
struct2 LUID_AND_ATTRIBUTES ANYSIZE_ARRAY dup(<>)
TEMPSTRUCT ENDS
LUID_AND_ATTRIBUTES STRUCT
Luid LUID <>
Attributes dd ?
LUID_AND_ATTRIBUTES ENDS
in TASM you can simply do:
struc LUID_AND_ATTRIBUTES
Luid dd ?
Attributes dd ?
ends LUID_AND_ATTRIBUTES
struc TOKEN_PRIVILEGES
PrivilegeCount dd ?
Privileges LUID_AND_ATTRIBUTES 2 DUP (?)
ends TOKEN_PRIVILEGES
data:
my_privs TOKEN_PRIVILEGES ?
code:
mov eax, .Attributes]
mov ecx, .Attributes]
struc LUID_AND_ATTRIBUTES
Luid dd ?
Attributes dd ?
ends LUID_AND_ATTRIBUTES
struc TOKEN_PRIVILEGES
PrivilegeCount dd ?
Privileges LUID_AND_ATTRIBUTES 2 DUP (?)
ends TOKEN_PRIVILEGES
data:
my_privs TOKEN_PRIVILEGES ?
code:
mov eax, .Attributes]
mov ecx, .Attributes]