[RESOLVED] Executing a InitiateSystemShutdown() from a service running as Local System
CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 10 of 10

Thread: [RESOLVED] Executing a InitiateSystemShutdown() from a service running as Local System

  1. #1
    Join Date
    Sep 2004
    Posts
    1,361

    [RESOLVED] Executing a InitiateSystemShutdown() from a service running as Local System

    We have this computer management tool that runs as a service, which runs as Local System. I have been asked, to write something that will enable some administrators to shut down a bunch of computers at some designated time. I think this is a bad idea, but my opinion in this matter is not being asked.

    The InitiateSystemShutdown Function requires the SE_SHUTDOWN_NAME privilege.

    Local System Account has this privilege, but it is disabled.

    I have been reading the API stuff on AdjustTokenPrivileges Function, but I am getting a bit confused.

    I am confused on two fronts. The first is, do I have all the privileges to enable the SE_SHUTDOWN_NAME privilege on "Local System".

    The next is, how do I do that? I am not sure how to get the current process access token. Furthermore, my experience with tokens is to get a token, and then to "CreateProcessWithTokenW".

    What is different here is that I want to affect the current token I am running under to execute an API call I am not normally allowed to call.

    To make it harder, I can't debug and test very well because I am not running as Local System. Admin users can shut down the system, so that would succeed for me if I were trying to test.

    If anyone has some code snippets I can build around, I would greatly appreciate it.

  2. #2
    Join Date
    Nov 2003
    Location
    Portland, OR
    Posts
    827

    Re: Executing a InitiateSystemShutdown() from a service running as Local System

    Quote Originally Posted by DeepT View Post
    The InitiateSystemShutdown Function requires the SE_SHUTDOWN_NAME privilege.
    .
    Well, if you follow your own link and scroll all the way down that page you'll see an example of how you can adjust that privilege:
    http://msdn.microsoft.com/en-us/libr...61(VS.85).aspx

  3. #3
    Join Date
    Sep 2004
    Posts
    1,361

    Re: Executing a InitiateSystemShutdown() from a service running as Local System

    I am not sure I understand that Java code, but I might make sense of it. That works for local system, right? It seems you just OpenProcessToken from the current process, then lookup the LIUD, and then adjust the privilege and in place, you instantly get the ability to use that function. No impersonation or anything.

    Ill pursue it and see.

    Oh, and that link isn't to any page I linked to.

  4. #4
    Join Date
    Nov 2003
    Location
    Portland, OR
    Posts
    827

    Re: Executing a InitiateSystemShutdown() from a service running as Local System

    Quote Originally Posted by DeepT View Post
    I am not sure I understand that Java code...
    You need the code sample from MSDN page, not the user comment at the bottom. The sample is written in C++, but if you need Java help then you're posting in the wrong forum.

  5. #5
    Join Date
    Sep 2004
    Posts
    1,361

    Re: Executing a InitiateSystemShutdown() from a service running as Local System

    No, this is a c++project.

  6. #6
    Join Date
    Aug 2009
    Posts
    5

    Re: [RESOLVED] Executing a InitiateSystemShutdown() from a service running as Local S

    Hi,

    It says [RESOLVED], but I don't see a hint of a solution?

    I'm currently trying to achieve the same thing, also from a service. Despite following the example to the letter, it doesn't work *IN A SERVICE*.

    HOWEVER... as a stand-alone EXE running from a normal admin account - no problems.

    HOW was this resolved? My code is in assembler, but those that understand C++ should at least see how it is working sufficiently to spot any errors with what I'm doing from an API stand-point:

    Code:
    	invoke GetCurrentProcessId
    
    	invoke OpenProcessToken, eax, TOKEN_ADJUST_PRIVILEGES, addr hToken
    
    	mov TP.PrivilegeCount, 1
    	mov TP.Privileges[0].Attributes, SE_PRIVILEGE_ENABLED
    
    	invoke LookupPrivilegeValue, ebx, addr SEShutName, addr TP.Privileges[0].Luid
    
    	invoke AdjustTokenPrivileges, hToken, FALSE, addr TP, NULL, NULL, NULL
    
    	invoke InitiateSystemShutdown, 0, 0, 0, TRUE, FALSE
    eax is a register, but you can consider it a 32-bit variable if it helps. Functions return their results in eax unless the API defines otherwise.

    I've also tried running the service as Administrator, and even permitted it to interact with the desktop, but none of this worked.

    Best regards,
    AstroTux.
    Last edited by AstroTux; September 12th, 2009 at 05:53 PM.

  7. #7
    Join Date
    Nov 2003
    Location
    Portland, OR
    Posts
    827

    Re: [RESOLVED] Executing a InitiateSystemShutdown() from a service running as Local S

    AstroTux, you have to follow the MSDN sample line by line. You have to call LookupPrivilegeValue() before you adjust the TOKEN_PRIVILEGES values.

    Here's the same once again:
    Code:
    BOOL AdjustSeDebugPrivilegePrivilege(void)
    {
        //Adjust SeDebugPrivilege privilege for this process
        //RETURN: - TRUE if done;
        //      - FALSE if privileges not adjusted
        BOOL bRes = FALSE;
    
        HANDLE hToken; 
        TOKEN_PRIVILEGES tkp; 
    
        //Get a token for this process. 
        if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
            return FALSE; 
    
        //Get the LUID for the shutdown privilege. 
        if(LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tkp.Privileges[0].Luid))
        {
            //One privilege to set
            tkp.PrivilegeCount = 1;  
            tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; 
    
            //Adjust it now
            if(AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0))
            {
                if(GetLastError() == ERROR_SUCCESS)
                    bRes = TRUE;
            }
    
            //Close handle
            VERIFY(CloseHandle(hToken));
        }
    
        return bRes;
    }
    The question is though -- why are you writing in assembler? Everyone stopped using it in the late 80's....

  8. #8
    Join Date
    Aug 2009
    Posts
    5

    Re: [RESOLVED] Executing a InitiateSystemShutdown() from a service running as Local S

    The question is though -- why are you writing in assembler?
    After my C++ DLL with 1 function call (CreateFile) weighed 45 kB and still required additional run-time support despite compiling it as native code, etc...

    My assembler coded Service app does everything I need in 2.5 kB, and requires no additional run-time support. Quite simply, you can't beat it.

    Your quote re-written in asm:

    .386
    .model flat,stdcall

    include \masm32\include\windows.inc
    include \masm32\include\kernel32.inc
    include \masm32\include\advapi32.inc
    includelib \masm32\lib\kernel32.lib
    includelib \masm32\lib\advapi32.lib

    .data?
    hToken dword ?
    tkp TOKEN_PRIVILEGES <>

    .data
    DBGNAME db "SeDebugName",0

    start:

    call GetCurrentProcess
    invoke OpenProcessToken, eax, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, addr hToken

    invoke LookupPrivilegeValue, NULL, addr DBGNAME, addr tkp.Privileges[0].Luid

    mov tkp.PrivilegeCount, 1
    mov tkp.Privileges[0].Attributes, SE_PRIVILEGE_ENABLED

    invoke AdjustTokenPrivileges, hToken, FALSE, addr tkp, 0, NULL, 0

    xor eax,eax
    ret

    end start
    What's not to like?

    Best regards,
    AstroTux.

  9. #9
    Join Date
    Aug 2009
    Posts
    5

    Re: [RESOLVED] Executing a InitiateSystemShutdown() from a service running as Local S

    EXCELLENT!!!

    Thanks for forcing me to re-read the example. (beer)(beer)(beer)

    This WORKS:

    Code:
    include \masm32\include\windows.inc
    include \masm32\include\advapi32.inc
    includelib \masm32\lib\advapi32.lib
    
    .data?
    tkp TOKEN_PRIVILEGES <>
    hToken dword ?
    
    .data
    SEShutName db "SeShutdownPrivilege",0
    
    ;-----------------------------------------------
    ; insert wherever you want the following
    
    call GetCurrentProcess
    invoke OpenProcessToken, eax, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, offset hToken
    
    invoke LookupPrivilegeValue, NULL, offset SEShutName, offset tkp.Privileges[0].Luid
    
    mov tkp.PrivilegeCount, 1
    mov tkp.Privileges[0].Attributes, SE_PRIVILEGE_ENABLED
    
    invoke AdjustTokenPrivileges, hToken, FALSE, offset tkp, 0, NULL, 0
    
    invoke InitiateSystemShutdown, 0, 0, 0, TRUE, FALSE
    
    ; end of snippet
    ;-----------------------------------------------
    Best regards,
    AstroTux.
    Last edited by AstroTux; September 12th, 2009 at 07:23 PM.

  10. #10
    Join Date
    Nov 2003
    Location
    Portland, OR
    Posts
    827

    Re: [RESOLVED] Executing a InitiateSystemShutdown() from a service running as Local S

    Quote Originally Posted by AstroTux View Post
    After my C++ DLL with 1 function call (CreateFile) weighed 45 kB and still required additional run-time support despite compiling it as native code, etc...

    My assembler coded Service app does everything I need in 2.5 kB, and requires no additional run-time support. Quite simply, you can't beat it.
    First off your assembler code is not the same what I've given you in C++ - you removed all the error checks and if's. There's a big difference in two.

    Secondly, even if you save greatly on the size of your executable file, do you also get portability? Readability? Ease of debugging? Development time? I wrote once a piece of code almost entirely on Assembler. Now it's a dead code, because I cannot adjust it to a newer CPUs, plus I have a hard time reading it and analyzing it.

    Thirdly, even if you save on your executable file size the rest of the Operating System and the libraries your code has to depend on (at least kernel, user, control and nt.dll) are not written like that, so your gain becomes practically canceled out.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Windows Mobile Development Center


Click Here to Expand Forum to Full Width

This is a CodeGuru survey question.


Featured


HTML5 Development Center