Question : SetPrivilege for a dll

Hello everyone,

I'm using the following function to elevate the privileges of a process (which access the registry...)

This function works great when tested in a stand-alone exe program; but if this function is moved into a dll and then referenced and called by an external program, it fails to elevate privileges.

for instance, this is called from within the dll:

bool ii = SetPrivilege(SE_BACKUP_NAME,TRUE);
// ii returns false

If anyone has insight on this, that would be really great.

         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:

           
           
          BOOL SetPrivilege(LPCTSTR lpszPrivilege, BOOL bEnablePrivilege)
{
 TOKEN_PRIVILEGES tp;
 LUID luid;
 HANDLE hToken;

 
 OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
 if ( !LookupPrivilegeValue(NULL, lpszPrivilege, &luid) )   
  return FALSE;
 
 tp.PrivilegeCount = 1;
 tp.Privileges[0].Luid = luid;
 
 if (bEnablePrivilege)
  tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
 else
     tp.Privileges[0].Attributes = 0;

 AdjustTokenPrivileges(hToken, FALSE, &tp, 0, (PTOKEN_PRIVILEGES) NULL, 0);

 return ( (GetLastError()!=ERROR_SUCCESS)?FALSE:TRUE);
}

           
         

Answer : SetPrivilege for a dll

That would be a security hole and thus is not possible. Please read what DLLs are really for: http://msdn.microsoft.com/en-us/library/ms682589%28VS.85%29.aspx

I still think that there is a difference between your applications (without and with DLL) that does not lie in the DLL call itself.
Please use ProcessExplorer to check your process privileges. I guess that SE_BACKUP_NAME is not one of them.