HackSql

1.0.1

Enable-SeAssignPrimaryTokenPrivilege.ps1

                                #Enable SeAssignPrimaryTokenPrivilege, needed to query security information for desktop DACL

function Enable-SeAssignPrimaryTokenPrivilege

{

    [IntPtr]$ThreadHandle = $GetCurrentThread.Invoke()

    if ($ThreadHandle -eq [IntPtr]::Zero)

    {

        Throw "Unable to get the handle to the current thread"

    }

    [IntPtr]$ThreadToken = [IntPtr]::Zero

    [Bool]$Result = $OpenThreadToken.Invoke($ThreadHandle, $Win32Constants.TOKEN_QUERY -bor $Win32Constants.TOKEN_ADJUST_PRIVILEGES, $false, [Ref]$ThreadToken)

    $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()

    if ($Result -eq $false)

    {

        if ($ErrorCode -eq $Win32Constants.ERROR_NO_TOKEN)

        {

            $Result = $ImpersonateSelf.Invoke($Win32Constants.SECURITY_DELEGATION)

            if ($Result -eq $false)

            {

                Throw (New-Object ComponentModel.Win32Exception)

            }

            $Result = $OpenThreadToken.Invoke($ThreadHandle, $Win32Constants.TOKEN_QUERY -bor $Win32Constants.TOKEN_ADJUST_PRIVILEGES, $false, [Ref]$ThreadToken)

            if ($Result -eq $false)

            {

                Throw (New-Object ComponentModel.Win32Exception)

            }

        }

        else

        {

            Throw ([ComponentModel.Win32Exception] $ErrorCode)

        }

    }

    $CloseHandle.Invoke($ThreadHandle) | Out-Null

    $LuidSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$LUID)

    $LuidPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($LuidSize)

    $LuidObject = [System.Runtime.InteropServices.Marshal]::PtrToStructure($LuidPtr, [Type]$LUID)

    [System.Runtime.InteropServices.Marshal]::FreeHGlobal($LuidPtr)

    $Result = $LookupPrivilegeValue.Invoke($null, "SeAssignPrimaryTokenPrivilege", [Ref] $LuidObject)

    if ($Result -eq $false)

    {

        Throw (New-Object ComponentModel.Win32Exception)

    }

    [UInt32]$LuidAndAttributesSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$LUID_AND_ATTRIBUTES)

    $LuidAndAttributesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($LuidAndAttributesSize)

    $LuidAndAttributes = [System.Runtime.InteropServices.Marshal]::PtrToStructure($LuidAndAttributesPtr, [Type]$LUID_AND_ATTRIBUTES)

    [System.Runtime.InteropServices.Marshal]::FreeHGlobal($LuidAndAttributesPtr)

    $LuidAndAttributes.Luid = $LuidObject

    $LuidAndAttributes.Attributes = $Win32Constants.SE_PRIVILEGE_ENABLED

    [UInt32]$TokenPrivSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$TOKEN_PRIVILEGES)

    $TokenPrivilegesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenPrivSize)

    $TokenPrivileges = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenPrivilegesPtr, [Type]$TOKEN_PRIVILEGES)

    [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TokenPrivilegesPtr)

    $TokenPrivileges.PrivilegeCount = 1

    $TokenPrivileges.Privileges = $LuidAndAttributes

    $Global:TokenPriv = $TokenPrivileges

    $Result = $AdjustTokenPrivileges.Invoke($ThreadToken, $false, [Ref] $TokenPrivileges, $TokenPrivSize, [IntPtr]::Zero, [IntPtr]::Zero)

    if ($Result -eq $false)

    {

        Throw (New-Object ComponentModel.Win32Exception)

    }

    $CloseHandle.Invoke($ThreadToken) | Out-Null

}