I have knowledge of java and python ,but any language containing C in its name is so hard to understand and learn. Recently i was trying to create BSOD in windows using NtRaiseHardError and after few (unsuccessful) tries in c++ I turned to c#.
Using code from here i was able to make a program and cause bsod. Later i tried to fully understand the code but i can not understand what RtlAdjustPrivilege is doing.
I see that it is some kind of privilege changing but while program is running i see no administrator password prompts despite the fact that i am using user account so i believe that it is not escalating to admin privileges. If someone know what exactly this function does or how it works please explain it. This is how it is implemented:
To import it:
[DllImport("ntdll.dll")]
private static extern uint RtlAdjustPrivilege
(
int Privilege,
bool bEnablePrivilege,
bool IsThreadPrivilege,
out bool PreviousValue
);
And later use it:
RtlAdjustPrivilege(19, true, false, out bool previousValue);
19 is SE_SHUTDOWN_PRIVILEGE - declared in wdm.h.
RtlAdjustPrivilege open current process (if IsThreadPrivilege := false ) or current thread (if IsThreadPrivilege := true )token, then call ZwAdjustPrivilegeToken (AdjustTokenPrivileges is thin shell over this api) and finally close open token.
The ZwAdjustPrivilegeToken (AdjustTokenPrivileges) function enables or disables privileges in the specified access token. but privilege must be already in token