The function sets the specified or its own process, privileges, permissions to perform system operations of various types.
1 2 3 4 5 6 7 8 9 10 11 |
var procHandle: HWND; privStr: string; enable: Boolean; begin procHandle:= 0; privStr:= 'SeDebugPrivilege'; enable:= True; SetPrivilege(0, privStr, enable); end; |
Options
procHandle - handle of the process (if you specify 0, the function will set the privilege to its own process)
privStr is the name of the privilege
enable - if true, gives the privilege, false - takes away
Result
True if the operation is successful, False if not.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
function SetPrivilege(prochwnd: HWND; privilegeName: string; enable: boolean): boolean; var tpPrev, tp : TTokenPrivileges; token : THandle; dwRetLen : DWord; begin result := False; try if prochwnd = 0 then OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, token) else OpenProcessToken(prochwnd, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, token); tp.PrivilegeCount := 1; if LookupPrivilegeValue(nil, pchar(privilegeName), tp.Privileges[0].LUID) then begin if enable then tp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED else tp.Privileges[0].Attributes := 0; dwRetLen := 0; result := AdjustTokenPrivileges(token, False, tp, SizeOf(tpPrev), tpPrev, dwRetLen); end; finally try CloseHandle(token); except end; end; end; |
List of some privilege names
Name
|
Description
|
SeBackupPrivilege | Required to perform backup operations. This privilege forces the system to grant all read access control to any file, regardless of the access control list (ACL) specified for the file. |
SeDebugPrivilege | Required to access, debug, and tune the memory of a process owned by a different account. |
SeLoadDriverPrivilege | Required to load or unload a device driver. |
SeManageVolumePrivilege | Required to enable volume management privileges. |
SeRemoteShutdownPrivilege | Required to shutdown the system using a network request. |
SeRestorePrivilege | Required to perform restore operations. This privilege forces the system to grant all write access to any file, regardless of the ACL specified for the file. |
SeSecurityPrivilege | Required to perform a number of security related functions such as monitoring and viewing audit messages. This privilege identifies its holder as a security operator. |
SeShutdownPrivilege | Required to shutdown the local system. |
SeSystemEnvironmentPrivilege | Required to modify NVRAM systems that use this type of memory to store configuration information. |
SeSystemProfilePrivilege | Required to collect profiling information for the entire system. |
SeSystemtimePrivilege | Required to change the system time. |
SeTakeOwnershipPrivilege | Required to take ownership of an object without granting discretionary access. This privilege allows you to set the owner value only to values that the owner can legitimately assign as the owner of the object. |
SeTcbPrivilege | This privilege identifies its holder as part of a trusted computer base. Gives the right to act as part of the operating system. |
SeTimeZone | Required to set the time zone associated with the computer's internal clock. |
1 thought on “Set process privileges to perform system operations”
Comments are closed.