Hello,
I try to make work TerminateProcess in windows 10 and it fail even with a level "requireAdministrator" (MANIFEST).
MSDN say that the process need the SE_DEBUG_NAME property to make it work.
So i use AdjustTokenPrivileges to try done it.
I try a code given by a "Code Guru" sample,I have compare it the code given here.
I use it in a dll,not in dll with always the same result,failed.
Is anyone had made it work in Windows 10 (It work on other system) ?.
I've made in console program - it's accept debug privelegies ...
Hi TouEnMasm,
What happens when you disable the user account control?
Quote
What happens when you disable the user account control?
How Can I do That ?
https://winaero.com/how-to-turn-off-and-disable-uac-in-windows-10/
I have find it in french and made test with no more result.
I win gpedit.msc (groupe policy edit)
Nothing seem disable.
Find a compound solution with all samples
Quote
.if CreatedprocessInfo.hProcess != 0 ;If a created process is running
invoke MessageBox,NULL,ADDR MesDetruireProcess,TXT("Un Process est en cours d'éxécution"),MB_YESNO
.if eax == IDYES
; ne pas lancer deux programmes en meme temps
;le process peut s'etre terminé le temps de la messagebox
invoke OpenProcess,DELETE or PROCESS_TERMINATE, FALSE,CreatedprocessInfo.dwProcessId
.if eax != 0
mov CreatedprocessInfo.hProcess,eax
invoke TerminateProcess,CreatedprocessInfo.hProcess,0 ;pas de retour
;invoke RetrouveMessageErreur,TXT(" TerminateProcess")
invoke ResumeThread, CreatedprocessInfo.hThread
invoke CloseHandle, CreatedprocessInfo.hThread
invoke CloseHandle, CreatedprocessInfo.hProcess
;.else
;invoke RetrouveMessageErreur,TXT(" OpenProcess")
.endif
But this,don't give me the soluce to change the privileges.
You can use native api - in this case this is simpler. But in Windows 10 there are several system processes that cannot be terminated with any privileges.
.686
.model flat, stdcall
option casemap :none
include \masm32\include\windows.inc
include \masm32\macros\macros.asm
uselib ntdll,kernel32,user32
.const
SE_DEBUG_PRIVILEGE equ 20
.data
pid dd 2492 ;PUT HERE YOU PID PROCESS
.data?
hProc dd ?
OldPrivilege dd ?
.code
start:
invoke RtlAdjustPrivilege, SE_DEBUG_PRIVILEGE,TRUE,FALSE,addr OldPrivilege
invoke OpenProcess,PROCESS_TERMINATE,0,pid
.if eax
mov hProc,eax
invoke TerminateProcess,hProc,0
.if !eax
fn MessageBox,0,LastError$(),"TerminateProcess error",MB_OK
.else
fn MessageBox,0,LastError$(),"TerminateProcess suxxess",MB_OK
.endif
.else
fn MessageBox,0,LastError$(),"OpenProcess error",MB_OK
.endif
exit
end start
user AW have done a good job in this, did you check this link?
http://masm32.com/board/index.php?topic=8259.0
It seems there is a problem with the return value of AdjustTokenPrivileges
https://docs.microsoft.com/en-us/windows/win32/secauthz/enabling-and-disabling-privileges-in-c-- (https://docs.microsoft.com/en-us/windows/win32/secauthz/enabling-and-disabling-privileges-in-c--)
The GetLastError function return 0 even when the function don't return ERROR_SUCCESS
Here a piece of prog to test it.
and the compiled microsoft sample
SetPrivilege proc hToken:dword,lpszPrivilege:dword,bEnablePrivilege:dword
local tp:TOKEN_PRIVILEGES
local luid:LUID
invoke LookupPrivilegeValue,0,lpszPrivilege,addr luid
test eax,eax
jz @err
mov tp.PrivilegeCount,1
push luid.LowPart
pop tp.Privileges[0].Luid.LowPart
push luid.HighPart
pop tp.Privileges[0].Luid.HighPart
mov eax,bEnablePrivilege
.if eax == 1
mov tp.Privileges[0].Attributes,SE_PRIVILEGE_ENABLED
.else
xor eax,eax
mov tp.Privileges[0].Attributes,eax
.endif
invoke AdjustTokenPrivileges,hToken,FALSE,addr tp,sizeof TOKEN_PRIVILEGES,0,0
test eax,eax
jz @err
invoke GetLastError
cmp eax,ERROR_NOT_ALL_ASSIGNED
je @err
;ALL OK, return TRUE
xor eax,eax
inc eax
jmp @ex
@err:
fn MessageBox,0,LastError$(),"Last Error Text",MB_OK
xor eax,eax ;else return FALSE
@ex:
ret
SetPrivilege endp
usage
invoke SetPrivilege,hToken,chr$("SeDebugPrivilege"),TRUE
It seems there is plentifull of help pages on the subject (too much for me).
I finally think than to avoid microsoft changes another method is a best way.
Createprocees give the processInfo.dwProcessId.
This one can be compare with the one given by EnumWindows.
EnumWindows give the handle (hwnd) of the created process.
And when you have this one,you can do what you want (sendmessge,hwnd,WM_CLOSE,0 or oher thing)
Quote
invoke EnumWindows,EnumWindowsProc,NULL
;-----------------------------------------------------------------------------------------------------
;################################################################
EnumWindowsProc PROC hwnd:DWORD, lParam:DWORD
Local dwProcessId:DWORD,lenclass,rexecuteclass[100]:BYTE
Local infowin:WINDOWINFO
Local classname[50]:BYTE
mov dwProcessId,1
;plusieurs instances peuvent exister
invoke GetWindowThreadProcessId,hwnd,addr dwProcessId
mov eax,dwProcessId
;.if eax == processInfo.dwProcessId || eax == processInfo.dwThreadId ;c'est le même,on a sa fenêtre
;PuPo HwndEdit,hwnd
;avec sa fenêtre on a sa class
invoke GetWindowInfo,hwnd,addr infowin
invoke GetClassName,hwnd,addr rexecuteclass,sizeof rexecuteclass
;invoke MessageBox,NULL,addr rexecuteclass,TXT("ClassName"),MB_OK
invoke EcrireRapport,addr rexecuteclass
mov eax,FALSE ;arréter la boucle
;.else
mov eax,TRUE
;.endif
ret
EnumWindowsProc ENDP