Translating from the C++

Much of the Win32 API has yet to become natively supported in the dotnet
Framework. So often we come across sample code that only works in C++.
What is the standard approach to making these calls from C#? Do I write a
DLL and decorate its call appropriately (and what would that entail) in C#?
I took that approach without luck. Do I use the interop namespace and
recode using IntPtr and such? What, exactly, is the translation of an
HRESULT in that case?

Is there a one-stop place for the deep down dirty direct way to make these
calls from C# without frustration?

I'd like to recode the following in C#, but I don't know how. Any help
would be appreciated.

// The following example can be used to enable or disable the

// backup privilege. By making the indicated substitutions, you can

// also use this example to enable or disable the restore privilege

// Use the following statement to enable the privilege:

// hr = ModifyPrivilege(SE_BACKUP_NAME, TRUE);

// Use the following statement to disable the privilege:

// hr = ModifyPrivilege(SE_BACKUP_NAME, FALSE);

// Use SE_RESTORE_NAME for the restore privilege.

// The main function in this example enables the backup privilege.



#include <windows.h>

#include <stdio.h>





HRESULT ModifyPrivilege(

IN LPCTSTR szPrivilege,

IN BOOL fEnable)

{

HRESULT hr = S_OK;

TOKEN_PRIVILEGES NewState;

LUID luid;

HANDLE hToken = NULL;



// Open the process token for this process.

if (!OpenProcessToken(GetCurrentProcess(),

TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,

&hToken ))

{

printf("Failed OpenProcessToken\n");

return ERROR_FUNCTION_FAILED;

}



// Get the local unique ID for the privilege.

if ( !LookupPrivilegeValue( NULL,

szPrivilege,

&luid ))

{

CloseHandle( hToken );

printf("Failed LookupPrivilegeValue\n");

return ERROR_FUNCTION_FAILED;

}



// Assign values to the TOKEN_PRIVILEGE structure.

NewState.PrivilegeCount = 1;

NewState.Privileges[0].Luid = luid;

NewState.Privileges[0].Attributes =

(fEnable ? SE_PRIVILEGE_ENABLED : 0);



// Adjust the token privilege.

if (!AdjustTokenPrivileges(hToken,

FALSE,

&NewState,

0,

NULL,

NULL))

{

printf("Failed AdjustTokenPrivileges\n");

hr = ERROR_FUNCTION_FAILED;

}



// Close the handle.

CloseHandle(hToken);



return hr;

}



void main(void)

{

HRESULT hr;



hr = ModifyPrivilege(SE_BACKUP_NAME, TRUE);



if (!SUCCEEDED(hr))

printf("\nFailed to modify privilege.\n");

else

printf("\nSuccessfully modified privilege.\n");

}


.

Relevant Pages

  • Re: posix capabilities inheritance
    ... >>I've been programming Windows for a long time, ... >>because everything enables them. ... Least privilege, and all that. ... Pretend that 'cap' is a bash builtin that did the obvious thing: ...
    (Linux-Kernel)
  • Re: Getting logged in user from a service?
    ... the service executes the service call, when WMI needs to "enable" a privilege, it' s up to the caller to ask the service to enable the required privilege, the user doesn't need to know the "privilege" required, WMI know which one as it's stored in it's metabase. ... All WMI's security levels are highly customizable, the namespaces are all protected by DACL's you can adjust, you can prevent certain user to access, read, write, execute etc...it's namespaces, if a user is allowed to execute a method, WMI will simply enable or add the privilege when needed on a per call basis. ... Some classes and methods need an impersonation token from the base client, if the token holds a needed privilege to execute or access a namespace class, WMI enables this privilege, when the token misses the privilege, the call fails. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Getting logged in user from a service?
    ... existing token since tokens are mostly immutable. ... class, WMI enables this privilege, when the token misses the privilege, ... the client, to run as an administrator, you are simply delegating the task ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Hibernate once - resume many
    ... Are you sure that it enables the SE_SHUTDOWN_NAME privilege? ... I think that this should work on principle if you have enough rights then ... Regards, ...
    (microsoft.public.windowsxp.embedded)
  • P/Invoke Fails To Function As Expected -- This is NOT COM-related
    ... // also use this example to enable or disable the restore privilege ... // The main function in this example enables the backup privilege. ... BOOL arg; ...
    (microsoft.public.dotnet.framework.interop)