-2

I am trying to create an elevated token with SetTokenInformation, but it fails and keeps returning error code 87.

This is my code:

#include <Windows.h>

int main()
{
    HANDLE currentProcessToken, newTok;
    OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &currentProcessToken);
    DuplicateTokenEx(currentProcessToken, TOKEN_ALL_ACCESS, nullptr, SecurityImpersonation, TokenPrimary, &newTok);
    CloseHandle(currentProcessToken);
    TOKEN_ELEVATION elev = { 1 };
    BOOL setTokenInfo = SetTokenInformation(newTok, TokenElevation, &elev, sizeof(TOKEN_ELEVATION));
    DWORD error = GetLastError(); // is 87 which is "the parameter is incorrect"
    return 0;
}
  • No idea, but it's possible that the error refers to one of the previous Win32 API calls. Try checking the error code after each call. – john Jul 18 '18 at 20:46
  • You don't do any error checking so any of these calls, or none of them, could be failing – David Heffernan Jul 18 '18 at 21:58

1 Answers1

3

TokenElevation is valid information class only for GetTokenInformation function. you can query are TokenIsElevated but you can not set it. NtSetInformationToken return STATUS_INVALID_INFO_CLASS in this case. the SetTokenInformation convert this error to ERROR_INVALID_PARAMETER. original NTSTATUS error code you can got by calling RtlGetLastNtStatus(). and anyway you can not "elevate" already existing token. this is by design

RbMm
  • 31,280
  • 3
  • 35
  • 56
  • Alright, but then just wondering how does the system create elevated tokens when you run an app as an admin? –  Jul 18 '18 at 21:27
  • 1
    @ArushAgarampur - we can ask how system create token at all. `NtCreateToken`. with interactive admin login - system usually filter admin token (remove some privileges, disable admin group) from initially created token. so not elevate but downgrade existing. and create 2 linked logon sessions. you can get elevated linked token by query `TokenLinkedToken`. but unless you have TCB privilege - system return to you impersonation token with `SecurityIdentification` only. if any program can so easy elevate yourself - uac lost sense – RbMm Jul 18 '18 at 21:33