def init_acls(): # A process that tries to read or write a SACL needs # to have and enable the SE_SECURITY_NAME privilege. # And inorder to backup/restore, the SE_BACKUP_NAME and # SE_RESTORE_NAME privileges are needed. import win32api try: hnd = OpenProcessToken(win32api.GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY) except win32api.error as exc: log.Log("Warning: unable to open Windows process token: %s" % exc, 5) return try: try: def lpv(priv): return LookupPrivilegeValue(None, priv) # enable the SE_*_NAME privileges SecurityName = lpv(SE_SECURITY_NAME) AdjustTokenPrivileges( hnd, False, [(SecurityName, SE_PRIVILEGE_ENABLED), (lpv(SE_BACKUP_NAME), SE_PRIVILEGE_ENABLED), (lpv(SE_RESTORE_NAME), SE_PRIVILEGE_ENABLED)]) except win32api.error as exc: log.Log("Warning: unable to enable SE_*_NAME privileges: %s" % exc, 5) return for name, enabled in GetTokenInformation(hnd, TokenPrivileges): if name == SecurityName and enabled: # now we *may* access the SACL (sigh) ACL.flags |= SACL_SECURITY_INFORMATION break finally: win32api.CloseHandle(hnd)
def logoff_and_shutdown(): shutdown_privilege = ((LookupPrivilegeValue(None, SE_SHUTDOWN_NAME), SE_PRIVILEGE_ENABLED), ) token_handle = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY) AdjustTokenPrivileges(token_handle, 0, shutdown_privilege) ExitWindowsEx(EWX_LOGOFF | EWX_SHUTDOWN | EWX_FORCE, 0)
def adjust_windows_shutdown_privileges(self): if not windows_check(): log.error("Only usable on Windows platform") return flags = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY htoken = OpenProcessToken(GetCurrentProcess(), flags) id = LookupPrivilegeValue(None, SE_SHUTDOWN_NAME) newPrivileges = [(id, SE_PRIVILEGE_ENABLED)] AdjustTokenPrivileges(htoken, 0, newPrivileges)
import sys import array # Get the ReadProcessMemory function ReadProcessMemory = windll.kernel32.ReadProcessMemory # Constants CONNECTION_PTR_OFFSET = 0x01139F94 SESSIONKEY_OFFSET = 0x508 SESSIONKEY_LENGTH = 40 # Adjust current process privileges hToken = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY) luid = LookupPrivilegeValue(None, SE_DEBUG_NAME) AdjustTokenPrivileges(hToken, False, [(luid, SE_PRIVILEGE_ENABLED)]) CloseHandle(hToken) # Get an handle on wow windowHandle = FindWindow(None, 'World of Warcraft') if not windowHandle: print('ERROR : Unable to find WoW window') sys.exit(0) threadID, processID = GetWindowThreadProcessId(windowHandle) wowHandle = OpenProcess(PROCESS_VM_READ, False, processID) # Get a pointer to the sessionkey lpBuffer = c_ulong() nSize = 4 lpNumberOfBytesRead = c_long(0)