This program won't run autoback because of permission issues while logged on as a limited user.

I can't understand since I run shutdown programs with no permission issues as a LU.

Thanks.



; regbk.asm Backup registry using Autoback.exe
;               
;               
             
    .386                               
    .model  flat, stdcall             
    option  casemap:none               

    include    \masm32\include\windows.inc
    include    \masm32\include\user32.inc
    include    \masm32\include\kernel32.inc
    include    \masm32\include\advapi32.inc

    include    \masm32\macros\macros.asm

    includelib  \masm32\lib\kernel32.lib
    includelib  \masm32\lib\user32.lib
    includelib  \masm32\lib\advapi32.lib

IsWinNT        PROTO
ReqNTPrivilege  PROTO :DWORD

CTEXT MACRO y:VARARG
LOCAL sym

CONST segment
IFIDNI <y>,<>
sym db 0
ELSE
sym db y,0
ENDIF
CONST ends

EXITM <OFFSET sym>
ENDM

.CONST

.DATA

szCommandLine  BYTE  "C:\Program Files\ERUNT\autoback.exe C:\ERDNT_Backup\ /noconfirmdelete /days:2",0

dwMaskNT      DWORD  2
msg_NotNT      BYTE    "This is NOT an NT system.", 0
msg_NotPL      BYTE    "Privilege requested NOT granted.",13,"Unable to shutdown.", 0
AppName        BYTE    "Win NT Shutdown", 0

.data?

szComspec byte MAX_PATH dup(?)
ProcessInfo PROCESS_INFORMATION<?>
StartupInfo STARTUPINFO<?>

.code

start:

      invoke GetStartupInfo, addr StartupInfo

      invoke GetEnvironmentVariable, CTEXT('ComSpec'), addr szComspec, sizeof szComspec

invoke CreateProcess, 0, addr szCommandLine, 0, 0, FALSE, \
NORMAL_PRIORITY_CLASS, 0, 0, addr StartupInfo, addr ProcessInfo
invoke WaitForSingleObject, ProcessInfo.hProcess, INFINITE

      invoke      IsWinNT 
     
; If is not an NT system we don't need other stuff and we can directly call ExitWindowsEx()

    .if eax == FALSE
      invoke  MessageBox, NULL, addr msg_NotNT, addr AppName, MB_OK
      invoke  ExitProcess, NULL
    .endif

; With ReqNTPrivilege call, we ask for the 'SeShutdownPrivilege,' note string
; names of possible privilege can be found in the windows.inc file.

    invoke ReqNTPrivilege, SADD("SeShutdownPrivilege")
    .if eax == FALSE
      invoke  MessageBox, NULL, addr msg_NotPL, addr AppName, MB_OK
      invoke  ExitProcess, NULL
    .endif

invoke  ExitProcess,NULL

IsWinNT proc
   
; return TRUE (not zero) in eax if we are in a Win NT system.
   
    LOCAL  osvi:OSVERSIONINFO

    mov    osvi.dwOSVersionInfoSize, sizeof osvi
    invoke  GetVersionEx, addr osvi
    .if eax == 0
      ret
    .endif
    mov    eax, osvi.dwPlatformId
    and    eax, dwMaskNT
    ret
   
IsWinNT endp

ReqNTPrivilege proc lpPrivilegeName:DWORD
   
; Return TRUE (not zero) in eax if the privilege is granted, lpPrivilegeName
; parameter points to a string with request privilege name
   
    LOCAL  hProcess:DWORD
    LOCAL  hToken:DWORD
    LOCAL  phToken:DWORD
    LOCAL  RetLen:DWORD
    LOCAL  pRetLen:DWORD
    LOCAL  tkp:TOKEN_PRIVILEGES
    LOCAL  tkp_old:TOKEN_PRIVILEGES
;
    invoke  GetCurrentProcess
    mov    hProcess, eax
    lea    eax, hToken
    mov    phToken, eax
    invoke  OpenProcessToken, hProcess, \
            TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, \
            phToken

  .if eax != FALSE
      lea    eax, tkp.Privileges[0].Luid
      invoke  LookupPrivilegeValue, NULL, \
              lpPrivilegeName, \
              eax
      lea    eax, RetLen
      mov    pRetLen, eax
      mov    tkp.PrivilegeCount, 1
      mov    tkp.Privileges[0].Attributes, SE_PRIVILEGE_ENABLED
      invoke  AdjustTokenPrivileges, hToken, \
              NULL, \
              addr tkp, \
              sizeof tkp_old, \
              addr tkp_old, \
              pRetLen
  .endif

    ret
   
ReqNTPrivilege endp
   
end    start


Posted on 2010-04-12 20:25:06 by skywalker