Package lib :: Package core :: Module privileges
[hide private]
[frames] | no frames]

Source Code for Module lib.core.privileges

 1  # Copyright (C) 2010-2013 Claudio Guarnieri. 
 2  # Copyright (C) 2014-2016 Cuckoo Foundation. 
 3  # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 
 4  # See the file 'docs/LICENSE' for copying permission. 
 5   
 6  from ctypes import wintypes, POINTER 
 7   
 8  from lib.common.defines import ADVAPI32, KERNEL32, SE_PRIVILEGE_ENABLED 
 9  from lib.common.defines import LUID, TOKEN_PRIVILEGES, PROCESS_ALL_ACCESS 
10  from lib.common.defines import TOKEN_ALL_ACCESS, LUID_AND_ATTRIBUTES 
11   
12 -def grant_debug_privilege(pid=None):
13 """Grant debug privileges. 14 @param pid: PID. 15 @return: operation status. 16 """ 17 ADVAPI32.OpenProcessToken.argtypes = (wintypes.HANDLE, 18 wintypes.DWORD, 19 POINTER(wintypes.HANDLE)) 20 21 ADVAPI32.LookupPrivilegeValueW.argtypes = (wintypes.LPWSTR, 22 wintypes.LPWSTR, 23 POINTER(LUID)) 24 25 ADVAPI32.AdjustTokenPrivileges.argtypes = (wintypes.HANDLE, 26 wintypes.BOOL, 27 POINTER(TOKEN_PRIVILEGES), 28 wintypes.DWORD, 29 POINTER(TOKEN_PRIVILEGES), 30 POINTER(wintypes.DWORD)) 31 32 if pid is None: 33 h_process = KERNEL32.GetCurrentProcess() 34 else: 35 h_process = KERNEL32.OpenProcess(PROCESS_ALL_ACCESS, False, pid) 36 37 if not h_process: 38 return False 39 40 h_current_token = wintypes.HANDLE() 41 if not ADVAPI32.OpenProcessToken(h_process, 42 TOKEN_ALL_ACCESS, 43 h_current_token): 44 return False 45 46 se_original_luid = LUID() 47 if not ADVAPI32.LookupPrivilegeValueW(None, 48 "SeDebugPrivilege", 49 se_original_luid): 50 return False 51 52 luid_attributes = LUID_AND_ATTRIBUTES() 53 luid_attributes.Luid = se_original_luid 54 luid_attributes.Attributes = SE_PRIVILEGE_ENABLED 55 token_privs = TOKEN_PRIVILEGES() 56 token_privs.PrivilegeCount = 1 57 token_privs.Privileges = luid_attributes 58 59 if not ADVAPI32.AdjustTokenPrivileges(h_current_token, False, token_privs, 60 0, None, None): 61 return False 62 63 KERNEL32.CloseHandle(h_current_token) 64 KERNEL32.CloseHandle(h_process) 65 return True
66