1
2
3
4
5
6 from ctypes import wintypes, POINTER
7
8 from lib.common.defines import ADVAPI32, KERNEL32, SE_PRIVILEGE_ENABLED
9 from lib.common.defines import LUID, TOKEN_PRIVILEGES, PROCESS_ALL_ACCESS
10 from lib.common.defines import TOKEN_ALL_ACCESS, LUID_AND_ATTRIBUTES
11
13 """Grant debug privileges.
14 @param pid: PID.
15 @return: operation status.
16 """
17 ADVAPI32.OpenProcessToken.argtypes = (wintypes.HANDLE,
18 wintypes.DWORD,
19 POINTER(wintypes.HANDLE))
20
21 ADVAPI32.LookupPrivilegeValueW.argtypes = (wintypes.LPWSTR,
22 wintypes.LPWSTR,
23 POINTER(LUID))
24
25 ADVAPI32.AdjustTokenPrivileges.argtypes = (wintypes.HANDLE,
26 wintypes.BOOL,
27 POINTER(TOKEN_PRIVILEGES),
28 wintypes.DWORD,
29 POINTER(TOKEN_PRIVILEGES),
30 POINTER(wintypes.DWORD))
31
32 if pid is None:
33 h_process = KERNEL32.GetCurrentProcess()
34 else:
35 h_process = KERNEL32.OpenProcess(PROCESS_ALL_ACCESS, False, pid)
36
37 if not h_process:
38 return False
39
40 h_current_token = wintypes.HANDLE()
41 if not ADVAPI32.OpenProcessToken(h_process,
42 TOKEN_ALL_ACCESS,
43 h_current_token):
44 return False
45
46 se_original_luid = LUID()
47 if not ADVAPI32.LookupPrivilegeValueW(None,
48 "SeDebugPrivilege",
49 se_original_luid):
50 return False
51
52 luid_attributes = LUID_AND_ATTRIBUTES()
53 luid_attributes.Luid = se_original_luid
54 luid_attributes.Attributes = SE_PRIVILEGE_ENABLED
55 token_privs = TOKEN_PRIVILEGES()
56 token_privs.PrivilegeCount = 1
57 token_privs.Privileges = luid_attributes
58
59 if not ADVAPI32.AdjustTokenPrivileges(h_current_token, False, token_privs,
60 0, None, None):
61 return False
62
63 KERNEL32.CloseHandle(h_current_token)
64 KERNEL32.CloseHandle(h_process)
65 return True
66