Today I will show you how to enables or disables privileges with FASM.
The Windows 10 come with Authorization and this is the right granted an individual to use the system and the data stored on it.
This is based on the Windows Server and Windows operating systems that control access to resources.
The example is a shutdown application tool make with FASM version 1.71.61.
I used functions from MSDN like: GetCurrentProcess, OpenProcessToken, LookupPrivilegeValue, AdjustTokenPrivileges and CloseHandle.
These functions need to be filled with parameters.
For example, the OpenProcessToken function needs these parameters:
1 2 3 4 5 | BOOL WINAPI OpenProcessToken( _In_ HANDLE ProcessHandle, _In_ DWORD DesiredAccess, _Out_ PHANDLE TokenHandle ); |
You can take a look at this function at the MSDN website.
The base of assembly file comes with include win32ax.inc file.
The ..\include\ let the FASM get this file and use these functions.
The SE_PRIVILEGE_ENABLED set with 2 makes the privilege enabled.
The TOKEN_ADJUST_PRIVILEGES is required to enable or disable the privileges in an access token.
This two is used to make the executable application.
Into .data area I put the data need by application – messages to show.
For example if I want to put a string into my application then I will use this:
1 | title_msg db 'tool_shutdown_cmd',0 |
The title_msg is used by the application to take the string tool_shutdown_cmd and 0 is used to end the string into the application.
I need the SeShutdownPrivilege parameter required to shut down a local system..
The application will run into the loop from .code to enable_privilege.
It starts with a .code start: show the window with message box make by MessageBox and ask us the option to shutdown or not.
IN this area will run some MSDN functions like MessageBox, InitiateSystemShutdown and ExitProcess.
When the user will press the Yes button then the application will run the enable_privilege area.
The cmp, jne, jc and jmp is used to take decisions into the application.
The invoke is used to invoke can be used to call the procedures through pointers defined in the import tables.
Example of this line:
1 | invoke MessageBox,0,szText,szCaption,MB_OK |
is equivalent to:
1 | stdcall [MessageBox],0,szText,szCaption,MB_OK |
The start: , exit: , fail: , enable_privilege: is used by FASM to know points of application.
The .end start is put to end the program of FASM language.
You have a question about the FASM the take a look at fasm manual.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 | include '..\include\win32ax.inc' TOKEN_ADJUST_PRIVILEGES = 0x0020 SE_PRIVILEGE_ENABLED = 2 .data text_msg db 'Do you want to restart this PC?',0 error_txt db 'Cannot get Shutdown Privilege',0 title_msg db 'tool_shutdown_cmd',0 SHUTDOWN db 'SeShutdownPrivilege',0 .code start: invoke MessageBox, NULL, text_msg, title_msg, MB_YESNO cmp EAX, IDYES jne exit stdcall enable_privilege jc fail invoke InitiateSystemShutdown, NULL, text_msg, 10, FALSE, TRUE exit: invoke ExitProcess,0 fail: invoke MessageBox, NULL, error_txt, title_msg, NULL jmp exit enable_privilege: virtual at esp .handle dd ? .tokens dd ? .luid dq ? .attr dd ? .stack_size=$-$$ end virtual sub esp,.stack_size invoke GetCurrentProcess invoke OpenProcessToken,eax,TOKEN_ADJUST_PRIVILEGES,addr .handle test eax,eax jz .fail invoke LookupPrivilegeValue,0,SHUTDOWN,addr .luid test eax,eax jz .fail mov [.tokens],1 mov [.attr],SE_PRIVILEGE_ENABLED mov eax,[.handle] invoke AdjustTokenPrivileges,eax,0,addr .tokens+12,0,0,0 test eax,eax jz .fail invoke CloseHandle,[.handle] add esp,.stack_size clc ret .fail: invoke CloseHandle,[.handle] add esp,.stack_size stc ret .end start |