petrsnd/SetOwner.cpp

## SetOwner.cpp
#include <Windows.h>
#include <AclAPI.h>
#include <Sddl.h>
#include <stdio.h>

static
BOOL
SetPrivilege(HANDLE hToken, LPCTSTR lpszPrivilege, BOOL bEnablePrivilege) {
    TOKEN_PRIVILEGES newState = { 0 };
    LUID luid;
    if (!LookupPrivilegeValue(NULL, lpszPrivilege, &luid)) {
        return FALSE;
    }
    newState.PrivilegeCount = 1;
    newState.Privileges[0].Luid = luid;
    if (bEnablePrivilege) {
        newState.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    }
    else {
        newState.Privileges[0].Attributes = 0;
    }
    /* If this returns a failure then your process does not have the ability to grant the privilege. */
    if (!AdjustTokenPrivileges(hToken, FALSE, &newState, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) {
        return FALSE;
    }
    if (GetLastError() == ERROR_NOT_ALL_ASSIGNED) {
        return FALSE;
    }
    return TRUE;
}


static
PSID
GetGuestSid() {
    SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
    int ret = ERROR_SUCCESS;
    PSID guest = NULL;
    AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_USER_RID_GUEST, 0, 0, 0, 0, 0, 0, &guest);
    return guest;
}


static BYTE s_admins[SECURITY_MAX_SID_SIZE] = { 0 };
static
PSID
GetAdministratorsSid() {
    DWORD sz = SECURITY_MAX_SID_SIZE;
    CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, (PSID)s_admins, &sz);
    return (PSID)s_admins;
}


static
void
PrintSecurityDescriptor(PSECURITY_DESCRIPTOR desc, SECURITY_INFORMATION info) {
    PSID sid = NULL;
    BOOL inherited = FALSE;
    LPTSTR str = NULL;
    ULONG len = 0;
    ConvertSecurityDescriptorToStringSecurityDescriptor(desc, 1, info, &str, &len);
    fwprintf(stdout, L"\r\nSecurity Descriptor\r\n%s\r\n", str);
    LocalFree(str);
    GetSecurityDescriptorOwner(desc, &sid, &inherited);
    ConvertSidToStringSid(sid, &str);
    fwprintf(stdout, L"Owner: %s (%s)\r\n", str, inherited ? L"true" : L"false");
    LocalFree(str);
    GetSecurityDescriptorGroup(desc, &sid, &inherited);
    ConvertSidToStringSid(sid, &str);
    fwprintf(stdout, L"Group Owner: %s (%s)\r\n", str, inherited ? L"true" : L"false");
    LocalFree(str);
}


static
void
ReportFileOwnership(wchar_t* filename, SECURITY_INFORMATION info) {
    DWORD bufSize = 0;
    GetFileSecurity(filename, info, NULL, 0, &bufSize);
    PSECURITY_DESCRIPTOR desc = (PSECURITY_DESCRIPTOR)calloc(bufSize, sizeof(BYTE));
    GetFileSecurity(filename, info, desc, bufSize, &bufSize);
    fwprintf(stdout, L"\r\nNew ownership reported as:\r\n");
    PrintSecurityDescriptor(desc, info);
    free(desc);
}


int
wmain(int argc, wchar_t* argv[]) {
    wchar_t* filename = L"test.txt";
    HANDLE hFile = CreateFile(filename, GENERIC_READ | GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
    HANDLE hToken = NULL;
    OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken);
    SetPrivilege(hToken, SE_BACKUP_NAME, TRUE);
    SetPrivilege(hToken, SE_RESTORE_NAME, TRUE);
    SetPrivilege(hToken, SE_SECURITY_NAME, TRUE);
    SetPrivilege(hToken, SE_TAKE_OWNERSHIP_NAME, TRUE);
    DWORD bufSize = 0;
    SECURITY_INFORMATION info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION;
    GetKernelObjectSecurity(hFile, info, NULL, 0, &bufSize); /* get buffer size */
    PSECURITY_DESCRIPTOR desc = (PSECURITY_DESCRIPTOR)calloc(bufSize, sizeof(BYTE));
    GetKernelObjectSecurity(hFile, info, desc, bufSize, &bufSize);
    TRUSTEE trustee = { 0 };
    /* PSID guestSid = GetGuestSid(); */
    PSID adminsSid = GetAdministratorsSid();
    BuildTrusteeWithSid(&trustee, adminsSid);
    PSECURITY_DESCRIPTOR newdesc = NULL;
    BuildSecurityDescriptor(&trustee, NULL, 0, NULL, 0, NULL, desc, &bufSize, &newdesc);
    fwprintf(stdout, L"Current Security is:\r\n");
    PrintSecurityDescriptor(desc, info);
    fwprintf(stdout, L"\r\n\r\nConverting Security to:\r\n");
    PrintSecurityDescriptor(newdesc, info);
    int ret = ERROR_SUCCESS;
    if (SetKernelObjectSecurity(hFile, info, newdesc)) {
        ret = GetLastError();
    }
    /* FreeSid(guestSid); */
    LocalFree(newdesc);
    CloseHandle(hToken);
    CloseHandle(hFile);
    if (ret == ERROR_SUCCESS) {
        fwprintf(stdout, L"\r\nOperation succeeded.\r\n");
        ReportFileOwnership(filename, info);
    }
    else {
        fwprintf(stderr, L"\r\nOperation failed!\r\n");
    }
    return ret;
}
	#include <Windows.h>
	#include <AclAPI.h>
	#include <Sddl.h>
	#include <stdio.h>

	static
	BOOL
	SetPrivilege(HANDLE hToken, LPCTSTR lpszPrivilege, BOOL bEnablePrivilege) {
	TOKEN_PRIVILEGES newState = { 0 };
	LUID luid;
	if (!LookupPrivilegeValue(NULL, lpszPrivilege, &luid)) {
	return FALSE;
	}
	newState.PrivilegeCount = 1;
	newState.Privileges[0].Luid = luid;
	if (bEnablePrivilege) {
	newState.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
	}
	else {
	newState.Privileges[0].Attributes = 0;
	}
	/* If this returns a failure then your process does not have the ability to grant the privilege. */
	if (!AdjustTokenPrivileges(hToken, FALSE, &newState, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) {
	return FALSE;
	}
	if (GetLastError() == ERROR_NOT_ALL_ASSIGNED) {
	return FALSE;
	}
	return TRUE;
	}


	static
	PSID
	GetGuestSid() {
	SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
	int ret = ERROR_SUCCESS;
	PSID guest = NULL;
	AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_USER_RID_GUEST, 0, 0, 0, 0, 0, 0, &guest);
	return guest;
	}


	static BYTE s_admins[SECURITY_MAX_SID_SIZE] = { 0 };
	static
	PSID
	GetAdministratorsSid() {
	DWORD sz = SECURITY_MAX_SID_SIZE;
	CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, (PSID)s_admins, &sz);
	return (PSID)s_admins;
	}


	static
	void
	PrintSecurityDescriptor(PSECURITY_DESCRIPTOR desc, SECURITY_INFORMATION info) {
	PSID sid = NULL;
	BOOL inherited = FALSE;
	LPTSTR str = NULL;
	ULONG len = 0;
	ConvertSecurityDescriptorToStringSecurityDescriptor(desc, 1, info, &str, &len);
	fwprintf(stdout, L"\r\nSecurity Descriptor\r\n%s\r\n", str);
	LocalFree(str);
	GetSecurityDescriptorOwner(desc, &sid, &inherited);
	ConvertSidToStringSid(sid, &str);
	fwprintf(stdout, L"Owner: %s (%s)\r\n", str, inherited ? L"true" : L"false");
	LocalFree(str);
	GetSecurityDescriptorGroup(desc, &sid, &inherited);
	ConvertSidToStringSid(sid, &str);
	fwprintf(stdout, L"Group Owner: %s (%s)\r\n", str, inherited ? L"true" : L"false");
	LocalFree(str);
	}


	static
	void
	ReportFileOwnership(wchar_t* filename, SECURITY_INFORMATION info) {
	DWORD bufSize = 0;
	GetFileSecurity(filename, info, NULL, 0, &bufSize);
	PSECURITY_DESCRIPTOR desc = (PSECURITY_DESCRIPTOR)calloc(bufSize, sizeof(BYTE));
	GetFileSecurity(filename, info, desc, bufSize, &bufSize);
	fwprintf(stdout, L"\r\nNew ownership reported as:\r\n");
	PrintSecurityDescriptor(desc, info);
	free(desc);
	}


	int
	wmain(int argc, wchar_t* argv[]) {
	wchar_t* filename = L"test.txt";
	HANDLE hFile = CreateFile(filename, GENERIC_READ \| GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
	HANDLE hToken = NULL;
	OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken);
	SetPrivilege(hToken, SE_BACKUP_NAME, TRUE);
	SetPrivilege(hToken, SE_RESTORE_NAME, TRUE);
	SetPrivilege(hToken, SE_SECURITY_NAME, TRUE);
	SetPrivilege(hToken, SE_TAKE_OWNERSHIP_NAME, TRUE);
	DWORD bufSize = 0;
	SECURITY_INFORMATION info = OWNER_SECURITY_INFORMATION \| GROUP_SECURITY_INFORMATION \| DACL_SECURITY_INFORMATION;
	GetKernelObjectSecurity(hFile, info, NULL, 0, &bufSize); /* get buffer size */
	PSECURITY_DESCRIPTOR desc = (PSECURITY_DESCRIPTOR)calloc(bufSize, sizeof(BYTE));
	GetKernelObjectSecurity(hFile, info, desc, bufSize, &bufSize);
	TRUSTEE trustee = { 0 };
	/* PSID guestSid = GetGuestSid(); */
	PSID adminsSid = GetAdministratorsSid();
	BuildTrusteeWithSid(&trustee, adminsSid);
	PSECURITY_DESCRIPTOR newdesc = NULL;
	BuildSecurityDescriptor(&trustee, NULL, 0, NULL, 0, NULL, desc, &bufSize, &newdesc);
	fwprintf(stdout, L"Current Security is:\r\n");
	PrintSecurityDescriptor(desc, info);
	fwprintf(stdout, L"\r\n\r\nConverting Security to:\r\n");
	PrintSecurityDescriptor(newdesc, info);
	int ret = ERROR_SUCCESS;
	if (SetKernelObjectSecurity(hFile, info, newdesc)) {
	ret = GetLastError();
	}
	/* FreeSid(guestSid); */
	LocalFree(newdesc);
	CloseHandle(hToken);
	CloseHandle(hFile);
	if (ret == ERROR_SUCCESS) {
	fwprintf(stdout, L"\r\nOperation succeeded.\r\n");
	ReportFileOwnership(filename, info);
	}
	else {
	fwprintf(stderr, L"\r\nOperation failed!\r\n");
	}
	return ret;
	}