Error 1313 for StartTrace

Today I was writing some code to start NT kernel logging using function StartTrace. I am sure the program was run with admin privilege on 64-bit Windows 7, but still I got error 1313 (A specified privilege does not exist). So the best guess is I need to turn on a default disabled privilege for the process. A quick look at available privileges using Process Explorer revealed “SeSystemProfilePrivilege“,  it is disabled and seems to be related with I am trying to do. Few minutes later with following code:

HANDLE hToken = 0;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
    memset(&tkp, 0, sizeof(tkp));
    tkp.PrivilegeCount = 1;
    tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    LookupPrivilegeValue(NULL, SE_SYSTEM_PROFILE_NAME, &tkp.Privileges[0].Luid);

    AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0);
    dwError = GetLastError();

Everything was working fine. I am just curious why this is not documented in MSDN.


Posted on August 6, 2012, in Uncategorized. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: