The RegLoadKey function requires that I set both SE_BACKUP_NAME and SE_RESTORE_NAME to enabled. I'm currently trying, but I keep getting an error:
Run-Time Check Failure #2 - Stack around the variable 'tkp' was corrupted.
The code:
#include <windows.h>
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
{
HANDLE hToken = NULL;
LUID rLuid;
LUID bLuid;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, &hToken);
TOKEN_PRIVILEGES tkp;
LookupPrivilegeValue(NULL, SE_BACKUP_NAME, &tkp.Privileges[0].Luid);
LookupPrivilegeValue(NULL, SE_RESTORE_NAME, &tkp.Privileges[1].Luid);
tkp.PrivilegeCount = 2;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
tkp.Privileges[1].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, NULL, 0);
CloseHandle(hToken);
RegLoadKey(HKEY_USERS, L"Test\\", L"C:\\Documents and Settings\\test\\NTUSER.DAT");
return 0;
}
I'm just digging into WinAPI, and I only picked up c++ last semester, so I'm willing to bet that this is a fairly elementary mistake. But I can't seem to find it. I did track that the error occurs when I try to set anything to tkp.Privileges[1], so it's probably an array issue, but I just can't figure out exactly how to go about fixing this. Anyone?
4  6132 
The PriviledgeCount member of TOKEN_PRIVILEGES has the number of elements in the array. I would check that before assuming [0] or [1].
Exactly how is this getting set?
I'm setting that variable like so:
tkp.PrivilegeCount = 2;
declaring this before the LookupPrivilegeValue function doesn't change the issue. I found an article that essentially does what I'm trying to do in VB http://support.microsoft.com/kb/297060
I can't see where I'm going wrong.
the TOKEN_PRIVILEGES struct defines the Privileges as an ANY_SIZE array.
Which simply means that the array size is 1.
This allows the TOKEN_PRIVILEGES struct to be used to type cast an arbitrary sized buffer and access the Privilege member at any offset (the max being defined by the PrivilegeCount member)
If you simply access TOKEN_PRIVILEGES struct after a normal defination, the maximum Privileges can only be 1.
You can first do a GetTokenInformation() on the token handle returned by OpenProcessToken() with the TOKEN_INFORMATION_CLASS enum set to TokenPrivileges . This will return the actual privileges in the return buffer.
and then modify the returned TOKEN_PRIVILEGES using AdjustTokenPrivileges()
You may also skip the GetTokenInformation() altogether and directly go for AdjustTokenPrivileges(), but in that case use the PTOKEN_PRIVILEGES to typecast an adequately large buffer and then set the new privileges.
Thanks grayMist! I basically used your last suggestion, and allocated a larger buffer to fit both items in the array. It seems to work without error now!:
#include <windows.h>
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
{
HANDLE hToken = NULL;
LUID rLuid;
LUID bLuid;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, &hToken);
int offset = FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges[2]);
PTOKEN_PRIVILEGES tkp = (PTOKEN_PRIVILEGES) malloc(offset);
tkp->PrivilegeCount = 2;
tkp->Privileges[0];
LookupPrivilegeValue(NULL, SE_BACKUP_NAME, &bLuid);
tkp->Privileges[0].Luid = bLuid;
tkp->Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
LookupPrivilegeValue(NULL, SE_RESTORE_NAME, &rLuid);
tkp->Privileges[1].Luid = rLuid;
tkp->Privileges[1].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, tkp, 0, NULL, 0);
CloseHandle(hToken);
RegLoadKey(HKEY_USERS, L"Test\\", L"C:\\Documents and Settings\\test\\NTUSER.DAT");
return 0;
}
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Marc |
last post by:
Hello,
I have 3 users in my MySQL server. One of them has Grant access
(actually: all privileges). I cannot login as this user using
phpMyAdmin - my password is not accepted (though I' m sure it...
|
by: Amardeep Verma |
last post by:
Hi,
I have a quick question. Which role/privileges are required before
a user can give the statement "GRANT ALL PRIVILEGES"?
Thanking you in Advance
Have a nice day
|
by: Denis Martineau |
last post by:
Some user accounts have been created some time ago and we have just
found out that they were given privileges they should not have.
However, I have no idea which account was used to create them and...
|
by: Charles Cantrell |
last post by:
I have recently set up mySQL on a Mandrake release of Linux (Version 7 of
Mandrake, I believe), using the binary 4.0.13 standard release.
The set up and start up all were normal, as far as I...
|
by: Marc |
last post by:
Hello,
I have 3 users in my MySQL server. One of them has Grant access
(actually: all privileges). I cannot login as this user using
phpMyAdmin - my password is not accepted (though I' m sure it...
|
by: binary-nomad |
last post by:
How do I make a table with fields again, say, name, age, address, wife
etc. that I want people to be able to look at (with any client like
MysqlCC etc), but only be able to modify certain fields,...
|
by: virgilio |
last post by:
Hi all,
"Administrator Guide Implementation" DB2 8.2, chapter 7, section
"Indirect privileges through a package" states:
(highlight >>>>!!!<<<<)
"Privileges granted to individuals binding the...
|
by: Feldman Alex |
last post by:
Hi all,
I need to know the user privileges (does user have administrator privileges)
..
Which c# api's should i use?
Thanks a lot
|
by: steingold |
last post by:
Hi All.
Is it possible to define an external stored procedure to be executed
not with the executing user privileges, but instead with the user who
created the stored procedure privileges in db2...
|
by: EricBlair |
last post by:
Hello, I wrote a windows service that is supposed to start an interactive GUI app. I realize a service will not readily do this so I've pieced together the code below to bypass that. However, the...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
| |
