C# – How to enable SeDebugPrivilege?

I’m writing a small application to recognize which processes are using a define file. The reason to start this project is sometimes I can not delete some folder because it was accessed by any program. I can not figure out which program are accessing that folder. It makes me really annoyed so it is good if I can find out which application are trying to access my folder and terminate it or close its access.To achieve this idea I must enable SeDebugPrivilege for my tool.

By setting the SeDebugPrivilege privilege on the running process, you can obtain the process handle of any running application. When obtaining the handle to a process, you can then specify the PROCESS_ALL_ACCESS flag, which will allow the calling of various Win32 APIs upon that process handle, which you normally could not do.

It is pretty easy to enable SeDebugPrivilege with help of Pinvoke.net. However I would like to share it for anyone who needs it.


IntPtr hToken;
LUID luidSEDebugNameValue;
TOKEN_PRIVILEGES tkpPrivileges;

if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out hToken))
{
Console.WriteLine("OpenProcessToken() failed, error = {0} . SeDebugPrivilege is not available", Marshal.GetLastWin32Error());
return;
}
else
{
Console.WriteLine("OpenProcessToken() successfully");
}

if (!LookupPrivilegeValue(null, SE_DEBUG_NAME, out luidSEDebugNameValue))
{
Console.WriteLine("LookupPrivilegeValue() failed, error = {0} .SeDebugPrivilege is not available", Marshal.GetLastWin32Error());
CloseHandle(hToken);
return;
}
else
{
Console.WriteLine("LookupPrivilegeValue() successfully");
}

tkpPrivileges.PrivilegeCount = 1;
tkpPrivileges.Luid = luidSEDebugNameValue;
tkpPrivileges.Attributes = SE_PRIVILEGE_ENABLED;

if (!AdjustTokenPrivileges(hToken,false,ref tkpPrivileges, 0,IntPtr.Zero,IntPtr.Zero))
{
Console.WriteLine("LookupPrivilegeValue() failed, error = {0} .SeDebugPrivilege is not available", Marshal.GetLastWin32Error());
}
else
{
Console.WriteLine("SeDebugPrivilege is now available");
}
CloseHandle(hToken);
Console.ReadLine();

As you can see, there are 3 steps to enable SeDebugPrivilege. First we need to get the token of current process, then we use this token handle to query its debug name and at last we adjust it with the new one. For a complete working source code you cand find at this c# file How to enable SeDebugPrivilege source code.

3 thoughts on “C# – How to enable SeDebugPrivilege?”

  1. >> However I would like to share it for anyone who needs it.
    THANKS!
    Thank you so much for posting the code.

    I apprechiate it alot!

  2. Hello,
    congratulations again for your great blog !

    We wait for new posts !! :-)

    Here is a shortcut for this method :

    System.Diagnostics.Process.EnterDebugMode();

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>