如何修改Windows程序的权限?
修改程序的权限需要用到3个函数:
1. 获取进程的令牌句柄: OpenProcessToken
2. 查找特权类型的ID: LookupPrivilegeValue
3. 修改进程的特权:AdjustTokenPrivilege
下面详细介绍每个函数的参数及使用方法:
BOOL OpenProcessToken( HANDLE ProcessHandle,
DWORD DesiredAccess,
PHANDLE TokenHandle );
Parameters
ProcessHandle
A handle to the process whose access token is opened. The process must have the PROCESS_QUERY_INFORMATION access permission.
for example: GetCurrentProcess() will return the handle of current process.
DesiredAccess
Specifies an access mask that specifies the requested types of access to the access token. These requested access types are compared with the discretionary access control list (DACL) of the token to determine which accesses are granted or denied.
For a list of access rights for access tokens, see Access Rights for Access-Token Objects.
TokenHandle
A pointer to a handle that identifies the newly opened access token when the function returns.
Return Value
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
BOOL LookupPrivilegeValueA( LPCSTR lpSystemName,
LPCSTR lpName,
PLUID lpLuid);
Parameters
lpSystemName
A pointer to a null-terminated string that specifies the name of the system on which the privilege name is retrieved. If a null string is specified, the function attempts to find the privilege name on the local system.
lpName
A pointer to a null-terminated string that specifies the name of the privilege, as defined in the Winnt.h header file. For example, this parameter could specify the constant, SE_SECURITY_NAME, or its corresponding string, "SeSecurityPrivilege".
lpLuid
A pointer to a variable that receives the LUID by which the privilege is known on the system specified by the lpSystemNameparameter.
Return Value
If the function succeeds, the function returns nonzero.
If the function fails, it returns zero. To get extended error information, call GetLastError.
BOOL AdjustTokenPrivileges( HANDLE TokenHandle,
BOOL DisableAllPrivileges,
PTOKEN_PRIVILEGES NewState,
DWORD BufferLength,
PTOKEN_PRIVILEGES PreviousState,
PDWORD ReturnLength);
Parameters
TokenHandle
A handle to the access token that contains the privileges to be modified. The handle must have TOKEN_ADJUST_PRIVILEGES access to the token. If the PreviousState parameter is not NULL, the handle must also have TOKEN_QUERY access.
DisableAllPrivileges
Specifies whether the function disables all of the token's privileges. If this value is TRUE, the function disables all privileges and ignores the NewState parameter. If it is FALSE, the function modifies privileges based on the information pointed to by the NewStateparameter.
NewState
A pointer to a TOKEN_PRIVILEGES structure that specifies an array of privileges and their attributes. If the DisableAllPrivilegesparameter is FALSE, the AdjustTokenPrivileges function enables, disables, or removes these privileges for the token. The following table describes the action taken by the AdjustTokenPrivileges function, based on the privilege attribute.
| Value | Meaning |
|---|---|
|
SE_PRIVILEGE_ENABLED |
The function enables the privilege. |
|
SE_PRIVILEGE_REMOVED |
The privilege is removed from the list of privileges in the token. The other privileges in the list are reordered to remain contiguous. SE_PRIVILEGE_REMOVED supersedes SE_PRIVILEGE_ENABLED. Because the privilege has been removed from the token, attempts to reenable the privilege result in the warning ERROR_NOT_ALL_ASSIGNED as if the privilege had never existed. Attempting to remove a privilege that does not exist in the token results in ERROR_NOT_ALL_ASSIGNED being returned. Privilege checks for removed privileges result in STATUS_PRIVILEGE_NOT_HELD. Failed privilege check auditing occurs as normal. The removal of the privilege is irreversible, so the name of the removed privilege is not included in the PreviousState parameter after a call to AdjustTokenPrivileges. Windows XP with SP1: The function cannot remove privileges. This value is not supported. |
|
None |
The function disables the privilege. |
If DisableAllPrivileges is TRUE, the function ignores this parameter.
BufferLength
Specifies the size, in bytes, of the buffer pointed to by the PreviousState parameter. This parameter can be zero if the PreviousStateparameter is NULL.
PreviousState
A pointer to a buffer that the function fills with a TOKEN_PRIVILEGES structure that contains the previous state of any privileges that the function modifies. That is, if a privilege has been modified by this function, the privilege and its previous state are contained in the TOKEN_PRIVILEGES structure referenced by PreviousState. If the PrivilegeCount member of TOKEN_PRIVILEGES is zero, then no privileges have been changed by this function. This parameter can be NULL.
If you specify a buffer that is too small to receive the complete list of modified privileges, the function fails and does not adjust any privileges. In this case, the function sets the variable pointed to by the ReturnLength parameter to the number of bytes required to hold the complete list of modified privileges.
ReturnLength
A pointer to a variable that receives the required size, in bytes, of the buffer pointed to by the PreviousState parameter. This parameter can be NULL if PreviousState is NULL.
Return Value
If the function succeeds, the return value is nonzero. To determine whether the function adjusted all of the specified privileges, callGetLastError, which returns one of the following values when the function succeeds:
| Return code | Description |
|---|---|
|
The function adjusted all specified privileges. |
|
The token does not have one or more of the privileges specified in the NewStateparameter. The function may succeed with this error value even if no privileges were adjusted. The PreviousState parameter indicates the privileges that were adjusted. |
If the function fails, the return value is zero. To get extended error information, call GetLastError.
完成实例:
#include <windows.h>
#include <iostream>
using namespace std; void main()
{
BOOL retn;
HANDLE hToken;
retn = OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken);
if(retn != TRUE)
{
cout<<"获取令牌句柄失败!"<<endl;
return;
} TOKEN_PRIVILEGES tp; //新特权结构体
LUID Luid;
retn = LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&Luid); if(retn != TRUE)
{
cout<<"获取Luid失败"<<endl;
return;
}
//给TP和TP里的LUID结构体赋值
tp.PrivilegeCount = ;
tp.Privileges[].Attributes = SE_PRIVILEGE_ENABLED;
tp.Privileges[].Luid = Luid; AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL);
if(GetLastError() != ERROR_SUCCESS)
{
cout<<"修改特权不完全或失败!"<<endl;
}
else
{
cout<<"修改成功!"<<endl;
}
}
最新文章
- html meta标签使用总结
- 2.1 C#的关键字
- linux更改 DNS 的一般方式
- Map接口
- CURL详解(转载)
- selenium webdriver读取excel进行数据驱动测试
- Linux运维初级教程(二)账户与安全
- 《oracle每日一练》免安装Oracle客户端使用PL/SQL
- SystemServer相关
- iOS高仿城觅应用客户端项目(开发思路和代码)
- 修改UI中的值,无反应解决办法
- linux下开发c++第二弹--helloworld与makefile
- HTML5新增结构标签
- Java正则表达式详解教程
- JS年月日三级联动下拉框日期选择代码
- (转)Go语言并发模型:使用 context
- Javascript面向对象编程:非构造函数的继承
- asp在线压缩和解压缩文件(文件夹)
- SquishIt引起的HTTP Error 500.0 - Internal Server Error
- 【WP8.1】系统控件的bug及修复方案