Page 1 of 1

Some code doesn't works with SYSTEM priv.

PostPosted:Sat Mar 23, 2019 1:23 pm
by zer0cat
Hello
There is a program that runs with the SYSTEM privileges .
But it don't works with some actions in Windows, such as enumerate network shares, etc.

What I can do ?

Re: Some code doesn't works with SYSTEM priv.

PostPosted:Sat Mar 23, 2019 4:22 pm
by R136a1
Can you please elaborate a bit more? Which progam? You have the source code? etc.

Re: Some code doesn't works with SYSTEM priv.

PostPosted:Sat Mar 23, 2019 7:17 pm
by zer0cat
Yes, I have the source code, but the program is so large as to publish the code on the forum.

The program is written in C, it searches for files by mask (and tracks the creation of new ones) and deletes / changes depending on the task. The problem is that it works from SYSTEM, but at the same time it cannot access the network shares. I see error - ERROR_NO_SUCH_LOGON_SESSION.

Re: Some code doesn't works with SYSTEM priv.

PostPosted:Sat Mar 23, 2019 9:59 pm
by Brock
Are you positive that the error isn't correct?

You might try impersonating the logged on user while you access the network shares. It's kind of a bit hackish but it may work for you
Code: Select all
HANDLE hToken = 0;
ULONG SessionId = WTSGetActiveConsoleSessionId();

if (WTSQueryUserToken(SessionId, &hToken))
{
if (ImpersonateLoggedOnUser(hToken))
{
 // do network share stuff here
 RevertToSelf();
}
 CloseHandle(hToken);
}

Re: Some code doesn't works with SYSTEM priv.

PostPosted:Sat Mar 23, 2019 11:35 pm
by Vrtule
As far as I know, network drives are local to the user that connects them, meaning they are not (directly) visible to oth.er users. That also implies a network drive, e.g. Q:, can be mapped to place A for user X and to place B for user Y.