flat assembler
Message board for the users of flat assembler.
![]() Goto page 1, 2 Next |
Author |
|
revolution 20 Feb 2017, 12:01
You'll need this:
MS docs wrote: To shut down the local computer, the calling process must have the SE_SHUTDOWN_NAME privilege. NOTE: I didn't try it because I don't want to restart my PC. |
|||
![]() |
|
Fullnewb1234567 20 Feb 2017, 12:44
thanks sir, for the fast reply. i pointed out in the original OP that i ran the app as admin hence it should have full priviledge. how else do i can go about granting the App the SE_SHUTDOWN priv?
|
|||
![]() |
|
revolution 20 Feb 2017, 13:02
The admin login does not necessarily have all privileges. But it does have the ability to add all privileges when needed.
Here is some code that might work for you: Code: enable_privilege: virtual at esp .hndle dd ? .tokens dd ? .luid dq ? .attr dd ? .stack_size=$-$$ end virtual sub esp,.stack_size invoke GetCurrentProcess invoke OpenProcessToken,eax,TOKEN_ADJUST_PRIVILEGES,addr .hndle test eax,eax jz .fail invoke LookupPrivilegeValue,0,SE_SHUTDOWN_NAME,addr .luid test eax,eax jz .fail mov [.tokens],1 mov [.attr],SE_PRIVILEGE_ENABLED mov eax,[.hndle] invoke AdjustTokenPrivileges,eax,0,addr .tokens+12,0,0,0 test eax,eax jz .fail invoke CloseHandle,[.hndle] add esp,.stack_size clc ret .fail: invoke CloseHandle,[.hndle] add esp,.stack_size stc ret |
|||
![]() |
|
revolution 20 Feb 2017, 13:07
Oh, BTW, the constants are:
Code: SE_SHUTDOWN_NAME db 'SeShutdownPrivilege',0 TOKEN_ADJUST_PRIVILEGES = 0x0020 SE_PRIVILEGE_ENABLED = 2 |
|||
![]() |
|
Fullnewb1234567 22 Feb 2017, 05:46
sir thanks for your help, well i incorporated that in my code and the result is below
Code: include '%fasminc%\win32ax.inc' .data msgTxt DB 'Restart PC?',0 msgTitle DB 'idris' virtual at esp .handle dd ? .tokens dd ? .luid dq ? .attr dd ? .stack_size = 25 end virtual SE_SHUTDOWN_NAME db 'SeShutdownPrivilege', 0 TOKEN_ADJUST_PRIVILEDGE = 0x0020 TOKEN_ADJUST_PRIVILEDGE = 2 section '.code' readable writable executable start: sub esp, .stack_size invoke GetCurrentProcess invoke OpenProcessToken, EAX, TOKEN_ADJUST_PRIVILEDGES, addr .handle test eax, eax jz .fail invoke LookUpPrivilegeValue, 0, SE_SHUTDOWN_NAME, ADDR .luid test eax, eax jz .fail mov [.tokens], 1 mov [.attr] , SE_PRIVILEGE_ENABLED mov eax, [.handle] invoke AdjusTokenPrivilges, eax, 0, addr .tokens+12, 0, 0, 0 test eax, eax jz .fail invoke CloseHandle, [.handle] add esp, stack_size clc ret invoke MessageBox, NULL, msgTxt, msgTitle, MB_YESNO cmp EAX, IDYES jne exit invoke InitiateSystemShutdown, NULL, msgTxt, 10, FALSE, TRUE exit: invoke ExitProcess,0 fail: invoke CloseHandle, [.handle] add esp, stack_size stc ret .end start when i try to assemble, i get this error Code: Error: Undefined symbol 'start.stack_size' |
|||
![]() |
|
revolution 22 Feb 2017, 05:53
To use the code like that you have to move the virtual block after the start label.
But I suggest you don't try to incorporate the code like that. Instead just leave it as a separate function that you call from the main entry. |
|||
![]() |
|
revolution 22 Feb 2017, 05:57
Maybe like this:
Code: include '%fasminc%\win32ax.inc' TOKEN_ADJUST_PRIVILEGES = 0x0020 SE_PRIVILEGE_ENABLED = 2 .data msgTxt db 'Restart PC?',0 failTxt db 'Cannot get Shutdown Privilege',0 msgTitle db 'idris',0 SE_SHUTDOWN_NAME db 'SeShutdownPrivilege',0 .code start: invoke MessageBox, NULL, msgTxt, msgTitle, MB_YESNO cmp EAX, IDYES jne exit stdcall enable_privilege jc fail invoke InitiateSystemShutdown, NULL, msgTxt, 10, FALSE, TRUE exit: invoke ExitProcess,0 fail: invoke MessageBox, NULL, failTxt, msgTitle, NULL jmp exit enable_privilege: virtual at esp .hndle dd ? .tokens dd ? .luid dq ? .attr dd ? .stack_size=$-$$ end virtual sub esp,.stack_size invoke GetCurrentProcess invoke OpenProcessToken,eax,TOKEN_ADJUST_PRIVILEGES,addr .hndle test eax,eax jz .fail invoke LookupPrivilegeValue,0,SE_SHUTDOWN_NAME,addr .luid test eax,eax jz .fail mov [.tokens],1 mov [.attr],SE_PRIVILEGE_ENABLED mov eax,[.hndle] invoke AdjustTokenPrivileges,eax,0,addr .tokens+12,0,0,0 test eax,eax jz .fail invoke CloseHandle,[.hndle] add esp,.stack_size clc ret .fail: invoke CloseHandle,[.hndle] add esp,.stack_size stc ret .end start |
|||
![]() |
|
Fullnewb1234567 22 Feb 2017, 06:49
wow, learned new stuff already. this code now assembles
Code: include '%fasminc%\win32ax.inc' TOKEN_ADJUST_PRIVILEGE = 0x0020 SE_PRIVILEGE_ENABLED = 2 .data msgTxt DB 'Restart PC?',0 msgTitle DB 'idris', 0 failTxt DB 'failed to get shutdown privilege',0 SE_SHUTDOWN_NAME db 'SeShutdownPrivilege', 0 .code start: invoke MessageBox, NULL, msgTxt, msgTitle, MB_YESNO cmp EAX, IDYES jne exit stdcall enable_privilege jc fail invoke InitiateSystemShutdown, NULL, msgTxt, 10, FALSE, TRUE exit: invoke ExitProcess,0 fail: invoke MessageBox, NULL, failTxt, msgTitle, NULL jmp exit enable_privilege: virtual at esp .handle dd ? .tokens dd ? .luid dq ? .attr dd ? .stack_size = $$-$ end virtual sub esp, .stack_size invoke GetCurrentProcess invoke OpenProcessToken, EAX, TOKEN_ADJUST_PRIVILEGE, addr .handle test eax, eax jz .fail invoke LookupPrivilegeValue, 0, SE_SHUTDOWN_NAME, addr .luid test eax, eax jz .fail mov [.tokens], 1 mov [.attr] , SE_PRIVILEGE_ENABLED mov eax, [.handle] invoke AdjustTokenPrivileges, eax, 0, addr .tokens+12, 0, 0, 0 test eax, eax jz .fail invoke CloseHandle, [.handle] add esp, .stack_size clc ret .fail: invoke CloseHandle, [.handle] add esp, .stack_size stc ret .end start it runs, asks if i want to restart, clicked YES and it still does nothing. I ran as admin, btw ![]() ![]() ![]() |
|||
![]() |
|
revolution 22 Feb 2017, 13:44
What is the return value from InitiateSystemShutdown? If it is zero then what is returned by GetLastError?
The error codes can tell you what is going wrong. |
|||
![]() |
|
Fullnewb1234567 23 Feb 2017, 07:20
sir, this is the new code:
Code: include '%fasminc%\win32ax.inc' TOKEN_ADJUST_PRIVILEGE = 0x0020 SE_PRIVILEGE_ENABLED = 2 .data msgTxt DB 'Restart PC?',0 msgTitle DB 'idris', 0 failTxt DB 'failed to get shutdown privilege',0 SE_SHUTDOWN_NAME db 'SeShutdownPrivilege', 0 .code start: invoke MessageBox, NULL, msgTxt, msgTitle, MB_YESNO cmp EAX, IDYES jne exit stdcall enable_privilege jc fail invoke InitiateSystemShutdown, NULL, msgTxt, 10, FALSE, TRUE cmp eax, 0 je check_error exit: invoke ExitProcess,0 fail: invoke MessageBox, NULL, failTxt, msgTitle, NULL jmp exit check_error: invoke GetLastError invoke MessageBox, NULL, eax, msgTitle, NULL enable_privilege: virtual at esp .handle dd ? .tokens dd ? .luid dq ? .attr dd ? .stack_size = $$-$ end virtual sub esp, .stack_size invoke GetCurrentProcess invoke OpenProcessToken, EAX, TOKEN_ADJUST_PRIVILEGE, addr .handle test eax, eax jz .fail invoke LookupPrivilegeValue, 0, SE_SHUTDOWN_NAME, addr .luid test eax, eax jz .fail mov [.tokens], 1 mov [.attr] , SE_PRIVILEGE_ENABLED mov eax, [.handle] invoke AdjustTokenPrivileges, eax, 0, addr .tokens+12, 0, 0, 0 test eax, eax jz .fail invoke CloseHandle, [.handle] add esp, .stack_size clc ret .fail: invoke CloseHandle, [.handle] add esp, .stack_size stc ret .end start it runs, asks if 'i want to restart pc' then ends abruptly after i clicked yes. i included code to check the error but still confused ![]() |
|||
![]() |
|
revolution 23 Feb 2017, 07:30
Okay, the error code from GetLastError is just a number, so if you want to display it then it needs to be converted to text form. But in the meantime you can just replace the eax part with some random text like "Could not initiate shutdown" or something just to see if the API call succeeds or not.
Code: invoke GetLastError invoke MessageBox, NULL, "Could not initiate shutdown", msgTitle, NULL |
|||
![]() |
|
Fullnewb1234567 23 Feb 2017, 07:35
made the correction, the program still ends abruptly
|
|||
![]() |
|
revolution 23 Feb 2017, 07:54
Just to confirm things are happening as expected you can add a MessageBox after the call to InitiateSystemShutdown just to show that the API returned and there was no error reported. Assuming that is all fine then you might need to do some research into the InitiateSystemShutdown API details to figure out why it won't do it's thing for you.
Code: ;... invoke InitiateSystemShutdown, NULL, msgTxt, 10, FALSE, TRUE cmp eax, 0 je check_error invoke MessageBox, NULL, "Shutdown was initiated", msgTitle, NULL ;... |
|||
![]() |
|
Fullnewb1234567 25 Feb 2017, 07:13
thanks REV for the help so far . so this is the whole code
Code: include '%fasminc%\win32ax.inc' TOKEN_ADJUST_PRIVILEGE = 0x0020 SE_PRIVILEGE_ENABLED = 2 .data msgTxt DB 'Restart PC?',0 msgTitle DB 'idris', 0 failTxt DB 'failed to get shutdown privilege',0 SE_SHUTDOWN_NAME db 'SeShutdownPrivilege', 0 .code start: invoke MessageBox, NULL, msgTxt, msgTitle, MB_YESNO cmp EAX, IDYES jne exit stdcall enable_privilege jc fail invoke InitiateSystemShutdown, NULL, msgTxt, 0, FALSE, TRUE cmp eax, 0 je check_error invoke MessageBox, NULL, "shutdown initiated", msgTitle, NULL exit: invoke ExitProcess,0 fail: invoke MessageBox, NULL, failTxt, msgTitle, NULL jmp exit check_error: invoke GetLastError invoke MessageBox, NULL, "Could not initiate shutdown", msgTitle, NULL enable_privilege: virtual at esp .handle dd ? .tokens dd ? .luid dq ? .attr dd ? .stack_size = $$-$ end virtual sub esp, .stack_size invoke GetCurrentProcess invoke OpenProcessToken, EAX, TOKEN_ADJUST_PRIVILEGE, addr .handle test eax, eax jz .fail invoke LookupPrivilegeValue, 0, SE_SHUTDOWN_NAME, addr .luid test eax, eax jz .fail mov [.tokens], 1 mov [.attr] , SE_PRIVILEGE_ENABLED mov eax, [.handle] invoke AdjustTokenPrivileges, eax, 0, addr .tokens+12, 0, 0, 0 test eax, eax jz .fail invoke CloseHandle, [.handle] add esp, .stack_size clc ret .fail: invoke CloseHandle, [.handle] add esp, .stack_size stc ret .end start i started looking for the error by putting Code: invoke MessageBox, NULL, "sup?", msgTitle, NULL after each API function call and assembled then execute (one at a time, not all at once), this is to ascertain if they execute successfully, no problem. i still stepped into the "stdcall enable_privilege" and placed the same " Code: invoke MessageBox, NULL, "sup?", msgTitle, NULL after each of the API calls inside the enable_privilege, it all assembled and executed. even placed it just before the "ret" and it still worked, however if i return to the main procedure and placed Code: invoke MessageBox, NULL, "sup?", msgTitle, NULL after Code: stdcall enable_privilege it assembles but when i run the program, it crashes before the "Sup" messagebox is displayed so i'm assuming that the enable_privilege procedure is not returning control to the main. i'm confused sir ![]() |
|||
![]() |
|
revolution 25 Feb 2017, 07:24
Yup, you have reversed the stack size calculation from $-$$ to $$-$. I am not surprised it crashes.
BTW: Your debugging would be much faster with a real debugger. Although using this basic "print message debugging" works also, but it is more tedious. |
|||
![]() |
|
Fullnewb1234567 25 Feb 2017, 11:00
Wow, it's works, flawlessly now.. Thanks. Btw can you recommend a good debugger ?
|
|||
![]() |
|
revolution 25 Feb 2017, 11:34
I use Ollydbg. There are others also. Note that Olly doesn't work for 64-bit code.
|
|||
![]() |
|
Fullnewb1234567 25 Feb 2017, 12:18
Thanks rev. Now I'm about to ask some questions.
First, what does The "STC" instruction does? Also what's the work of "addr .token+12". And how is it different from using " .token+12" alone. |
|||
![]() |
|
revolution 25 Feb 2017, 13:37
stc is a basic CPU instruction. Set the carry flag. If you don't already have either the Intel, or the AMD, instruction manuals then I encourage you to download them.
.token is not a plain numeric value. It has an embedded offset from esp. If you look in the debugger you will see that the generated instruction is lea edx,[esp+offset] followed by push edx. So simply trying to push .token+12 will fail because of the embedded esp register and the offset. push esp+offset: there is no such instruction when offset is not zero. |
|||
![]() |
|
Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.