#!/usr/bin/perl -w
use strict;
use Win32::OLE;
use Win32::API;

my $PROCESS_QUERY_INFORMATION 	= 0x0400;
my $TOKEN_QUERY                	= 0x0008;
my $TOKEN_ADJUST_PRIVILEGES    	= 0x0020;
my $SE_PRIVILEGE_ENABLED       	= 0x02;
my $SE_DEBUG_NAME              	= "SeDebugPrivilege";

my $objWMIService;
my $colItems;
my $iResult;

unless ($objWMIService = Win32::OLE->GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\localhost\\root\\cimv2"))
{
	throw Error::Simple("Could not connect to WMI Service on 'localhost'while attempting to collect a remote item.  The error returned was: " . Win32::OLE->LastError() . ".");
}

unless($colItems= $objWMIService->ExecQuery("SELECT * FROM Win32_Process", "WQL",0x10 | 0x20))
{
	throw Error::Simple("Could not extract notification query from WMI Service on 'localhost'. The error returned was: " . Win32::OLE->LastError() . ".");
}

my $OpenProcess = Win32::API->new('kernel32.dll', 'OpenProcess', 'NIN', 'N') or die $^E;
my $CloseHandle = new Win32::API( 'kernel32.dll', 'CloseHandle', 'N', 'I' ) || die "Can not link to CloseHandle()";
my $GetProcessDEPPolicy = Win32::API->new('kernel32.dll', 'GetProcessDEPPolicy', 'NPP', 'I' ) or die $^E;
my $GetCurrentProcess = new Win32::API( 'Kernel32.dll', 'GetCurrentProcess', [], 'N' ) || die;
my $OpenProcessToken = new Win32::API( 'AdvApi32.dll', 'OpenProcessToken', 'NNP', 'I' ) || die;
my $AdjustTokenPrivileges = new Win32::API( 'AdvApi32.dll', 'AdjustTokenPrivileges', 'NIPNPP', 'I' ) || die;
my $LookupPrivilegeValue = new Win32::API( 'AdvApi32.dll', 'LookupPrivilegeValue', 'PPP', 'I' ) || die;
 

foreach my $objItem (in $colItems) 
{
	if(defined($objItem->{CommandLine}))
	{
		if($objItem->{CommandLine} ne '')
		{
			print "pid: " . $objItem->{'ProcessId'} ."\n";
			my $pid = sprintf("%d", $objItem->{'ProcessId'});
			my $phToken = pack( "L", 0 );
			my $dep = pack( "L", 0 );
			if( $OpenProcessToken->Call( $GetCurrentProcess->Call(), $TOKEN_ADJUST_PRIVILEGES | $TOKEN_QUERY, $phToken ) )
			{
				my $hToken = unpack( "L", $phToken );
				if( SetPrivilege( $hToken, $SE_DEBUG_NAME, 1 ) )
				{
					my $hProcess = $OpenProcess->Call( $PROCESS_QUERY_INFORMATION, 0, $pid );
					if( $hProcess )
					{
						print "handle: " . $hProcess ."\n";
						my $return = $GetProcessDEPPolicy->Call($hProcess, $dep, 0);
						if ($return == 0) #return always equals 0, GetLastError: The parameter is incorrect.
						{
							
							print "GetProcessDEPPolicy failed with error: " . Win32::FormatMessage(Win32::GetLastError());
						}
						SetPrivilege( $hToken, $SE_DEBUG_NAME, 0 );
						$CloseHandle->Call( $hProcess );    
					}
					else
					{
						print "OpenProcess failed with error: " . Win32::FormatMessage(Win32::GetLastError());					
					}
				}
				$CloseHandle->Call( $hToken );
			}
			else
			{
				print "OpenProcessToken failed with error: " . Win32::FormatMessage(Win32::GetLastError());					
			}
			print "System_Functions->getProcessInfo collected dep: " . $dep ."\n";
			print "System_Functions->getProcessInfo collected primary_window_text: " . $objItem->{'Caption'} ."\n";
		}
	}
}

sub SetPrivilege
{
    my( $hToken, $pszPriv, $bSetFlag ) = @_;
    my $pLuid = pack( "Ll", 0, 0 );
    if( $LookupPrivilegeValue->Call( "\x00\x00", $pszPriv, $pLuid ) )
    {
        my $pPrivStruct = pack( "LLlL", 1, unpack( "Ll", $pLuid ), ( ( $bSetFlag )? $SE_PRIVILEGE_ENABLED : 0 ) );
        $iResult = ( 0 != $AdjustTokenPrivileges->Call( $hToken, 0,$pPrivStruct, length( $pPrivStruct ), 0, 0 ) );
    }
	print "iResult: $iResult\n";
	return( $iResult );
}