What is wrong with this SeBackupPrivilege (backup mode) implementation?

Question

(Background information: feel free to skip to last paragraph)

Current, I have a hard drive that is a full image of an O/S drive from another computer. It's an external USB drive and is connected to a write blocker and then my computer. I'm using it to test some code I have for copying files (among other things) and I've ran into a file that couldn't be copied with just administrator privileges.

After reading up on privileges in Windows, I determined that I needed back up privileges in order to access all files on a local drive. I've verified that this is what I needed by using robocopy with the "/b" flag which enables backup mode for the copy. Everything copied just fine with no problems. I just need to be able to have my own code be able to run under backup privileges.

In my code (C#) I've tried implementing the necessary winapi calls (AdjustTokenPrivileges) to give the current process backup privileges with unverified results. I used some code from this article (http://www.codeproject.com/Articles/21202/Reparse-Points-in-Vista) to use a known "working" implementation. In the code project, I've tried adding a File.Copy() with "Access denied" error. I've also tried using the winapi call CopyFileW() with the same error. At this point I'm out of ideas :(.

For reference (from the article), here's the code I'm using for the privilege escalation:

bool success;
IntPtr token;
TOKEN_PRIVILEGES tokenPrivileges = new TOKEN_PRIVILEGES();
tokenPrivileges.Privileges = new LUID_AND_ATTRIBUTES[1];
success = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, 
                           out token);
if (success)
{
    // null for local system

    success = LookupPrivilegeValue(null, SE_BACKUP_NAME, 
                                   out tokenPrivileges.Privileges[0].Luid);
    if (success)
    {
        tokenPrivileges.PrivilegeCount = 1;
        tokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
        success = AdjustTokenPrivileges(
            token,
            false,
            ref tokenPrivileges,
            Marshal.SizeOf(tokenPrivileges),
            IntPtr.Zero,
            IntPtr.Zero);
    }
    CloseHandle(token);
}

Edit: To add more information, the ReparsePoint code linked works just fine if I run the project as is. When I remove the call the AdjustTokenPrivilege, it throws "Access Denied" errors.

Answer 1

You still have to call CreateFile with the FILE_FLAG_BACKUP_SEMANTICS flag specified. This means you can't use standard Windows APIs, because they don't specify that flag.