This Blog Has Been Moved !

This Blog Has been moved to http://aleemkhan.wordpress.com

It is really amazing how the .NET Framework has made the development tasks easier. The Framework Class Library is undoubtedly an extremely rich set of API’s. I wanted to dump the entire address space of any process. So, I thought of doing a small Dump Tool in the free time which I get occasionally in the evenings or on weekends. I’ll post the complete code when it’s complete.

Anyway I wrote the following C++ code to get SeDebugPrivilige for a process. SeDebugPrivilige allows any process to access memory and other information of operating system processes which you do not have access to otherwise.

BOOL CTaskManagerDlg::SetPrivilege()

{

   HANDLE hToken;
   TOKEN_PRIVILEGES tp;
   LUID luid;
   TOKEN_PRIVILEGES tpPrevious;
   DWORD cbPrevious=sizeof(TOKEN_PRIVILEGES);

   if(!OpenProcessToken(::GetCurrentProcess(),
   TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken))
     return FALSE;

   if(!LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &luid ))
     return FALSE;
   tp.PrivilegeCount           = 1;
   tp.Privileges[0].Luid       = luid;
   tp.Privileges[0].Attributes = 0;

   AdjustTokenPrivileges(hToken,FALSE,&tp,
   sizeof(TOKEN_PRIVILEGES),&tpPrevious,&cPrevious);
   if (GetLastError() != ERROR_SUCCESS)
     return FALSE;

   tpPrevious.PrivilegeCount       = 1;
   tpPrevious.Privileges[0].Luid   = luid;
   tpPrevious.Privileges[0].Attributes|=(SE_PRIVILEGE_ENABLED);

   AdjustTokenPrivileges(hToken,FALSE, &tpPrevious,cbPrevious,
   NULL,NULL);
   if (GetLastError() != ERROR_SUCCESS)
     return FALSE;

   CloseHandle(hToken);
   return TRUE;

}

This code has been taken mostly from the MSDN Article Article ID: Q131065

To do all this from C# you just need to call a simple function J

 

System.Diagnostics.Process.EnterDebugMode();

Yes ! Its that easy. The Base Class Library is quite rich but you only have to find the things. However, I still could not find the equivalent of Functions from the native ToolHelp32 library defined in the Kernel32.dll. So, I have to write a complete PInvoke wrapper for that. I will post the complete code on the weekend.

 

Can anyone tell me where to find .NET Equivalents of  ToolHelp32 Functions ?

 

Comments

4 comments have been posted.