BackupRead problem

[Stefan Sonnenberg-Carstens]

Am 15.01.2011 16:06, schrieb Stefan Sonnenberg-Carstens:
> I'm trying to create a Backup/Restore app.
> I'm really struggeling for a long time.
>
> I can successfully read directories, but not files.
> Every time, I'll try I get "Access denied", Error 5.
>
> It's running with admin privs.
>
> Any ideas ?
>
> #!python
> import sys
> import os
> import os.path
> import getopt
> import time
>
>
> DELETE=0x00010000
> READ_CONTROL=0x00020000
> WRITE_DAC=0x00040000
> WRITE_OWNER=0x00080000
> SYNCHRONIZE=0x00100000
> STANDARD_RIGHTS_REQUIRED=0x000F0000L
> STANDARD_RIGHTS_READ=READ_CONTROL
> STANDARD_RIGHTS_WRITE=READ_CONTROL
> STANDARD_RIGHTS_EXECUTE=READ_CONTROL
> STANDARD_RIGHTS_ALL=0x001F0000
> SPECIFIC_RIGHTS_ALL=0x0000FFFF
>
> FILE_ATTRIBUTE_REPARSE_POINT=0x400
>
> from ctypes import *
>
> if os.name == 'nt':
>
>     import win32security
>     import win32process
>     import win32file
>
>     try:
>         import win32api
>     except ImportError,e:
>         print >>sys.stderr,'Could not load win32api module. Can not 
> continue'
>         os._exit(1)
>     try:
>         import wmi
>     except ImportError,e:
>         print >>sys.stderr,'Could not load wmi module. Can not continue'
>         os._exit(1)
>     try:
>         import ctypes
>     except ImportError,e:
>         print >>sys.stderr,'Could not load ctypes module. Can not 
> continue'
>         os._exit(1)
> else:
>     print >>sys.stderr,'Sorry, your platform %s is not supported' % 
> os.name
>     os._exit(1)
>
> if len(sys.argv) >= 1:
>     try:
>         opts,args = getopt.getopt(sys.argv[1:],'h',('help',))
>     except getopt.GetoptError,e:
>         print str(e)
>     if not ctypes.windll.shell32.IsUserAnAdmin():
>         win32api.ShellExecute(None,'runas',sys.executable,' 
> '.join(sys.argv),r'C:\WINDOWS',0)
>     else:
>         print >>sys.stderr,'Running with administrative privileges'
>         token = 
> win32security.OpenProcessToken(win32process.GetCurrentProcess(),win32security.TOKEN_ADJUST_PRIVILEGES|win32security.TOKEN_QUERY)
>         if token:
>             for priv in 
> (win32security.SE_BACKUP_NAME,win32security.SE_RESTORE_NAME):
>                 luid = win32security.LookupPrivilegeValue(None,priv)
>                 newState = [(luid,win32security.SE_PRIVILEGE_ENABLED)]
>                 try:
>                     win32security.AdjustTokenPrivileges(token,0,newState)
>                 except:
>                     print >>sys.stderr,'Could not get (some) required 
> priviledge(s): ',win32api.FormatMessage(win32api.GetLastError())
>                     os._exit(1)
>             win32api.CloseHandle(token)
>         else:
>             print >>sys.stderr,'Could not get token for running process'
>             os._exit(1)
>         print >>sys.stderr,'Acquired backup/restore context 
> (SeRestorePrivilege and SeBackupPrivilege enabled)'
>         inf = 
> win32file.CreateFile(r'C:\Windows\System32\drivers\etc\hosts',READ_CONTROL,0,None,win32file.OPEN_EXISTING,win32file.FILE_FLAG_BACKUP_SEMANTICS,None)
>         buf = win32file.AllocateReadBuffer(4096)
>         ctx = 0
>         (bytes_read,buf,ctx) = 
> win32file.BackupRead(inf,4096,buf,False,True,ctx)
MS's documenation sucks.
Just found some code on the web regarding root-kits,
but after changing

win32file.CreateFile(r'C:\Windows\System32\drivers\etc\hosts',READ_CONTROL,0,None,win32file.OPEN_EXISTING,win32file.FILE_FLAG_BACKUP_SEMANTICS,None)

to

win32file.CreateFile(r'C:\Windows\System32\drivers\etc\hosts',win32file.GENERIC_READ,0,None,win32file.OPEN_EXISTING,win32file.FILE_FLAG_BACKUP_SEMANTICS,None)


it works.