本文介绍了VB中如何实现进程权限提升,通过调用Windows API函数进行权限调整,包括OpenProcessToken、LookupPrivilegeValue、AdjustTokenPrivileges等,允许执行如调试、关闭等需要高权限的操作。
Attribute VB_Name
=
"
Enable_Privileges
"
Option
Explicit
Option
Base
0
'Powered by barenx
Private
Declare
Sub CloseHandle()
Sub CloseHandle Lib "kernel32" (ByVal hPass As Long)
Private Declare Function LookupPrivilegeValue()Function LookupPrivilegeValue Lib "advapi32" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LUID) As Long
Private Declare Function AdjustTokenPrivileges()Function AdjustTokenPrivileges Lib "advapi32" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long
Private Declare Function OpenProcessToken()Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Const ANYSIZE_ARRAY = 1
Private Const TOKEN_ADJUST_PRIVILEGES = &H20
Private Const TOKEN_QUERY = &H8
Private Type LUID
LowPart As Long
HighPart As Long
End Type
Private Type LUID_AND_ATTRIBUTES
pLuid As LUID
Attributes As Long
End Type
Private Type TOKEN_PRIVILEGES
PrivilegeCount As Long
Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES
End Type
Public Const SE_DEBUG_NAME = "SeDebugPrivilege"
Public Const SE_ASSIGNPRIMARYTOKEN_NAME = "SeAssignPrimaryTokenPrivilege"
Public Const SE_AUDIT_NAME = "SeAuditPrivilege"
Public Const SE_BACKUP_NAME = "SeBackupPrivilege"
Public Const SE_CHANGE_NOTIFY_NAME = "SeChangeNotifyPrivilege"
Public Const SE_CREATE_PAGEFILE_NAME = "SeCreatePagefilePrivilege"
Public Const SE_CREATE_PERMANENT_NAME = "SeCreatePermanentPrivilege"
Public Const SE_CREATE_TOKEN_NAME = "SeCreateTokenPrivilege"
Public Const SE_INC_BASE_PRIORITY_NAME = "SeIncreaseBasePriorityPrivilege"
Public Const SE_INCREASE_QUOTA_NAME = "SeIncreaseQuotaPrivilege"
Public Const SE_LOAD_DRIVER_NAME = "SeLoadDriverPrivilege"
Public Const SE_LOCK_MEMORY_NAME = "SeLockMemoryPrivilege"
Public Const SE_MACHINE_ACCOUNT_NAME = "SeMachineAccountPrivilege"
Public Const SE_PROF_SINGLE_PROCESS_NAME = "SeProfileSingleProcessPrivilege"
Public Const SE_REMOTE_SHUTDOWN_NAME = "SeRemoteShutdownPrivilege"
Public Const SE_RESTORE_NAME = "SeRestorePrivilege"
Public Const SE_SECURITY_NAME = "SeSecurityPrivilege"
Public Const SE_SHUTDOWN_NAME = "SeShutdownPrivilege"
Public Const SE_SYSTEM_ENVIRONMENT_NAME = "SeSystemEnvironmentPrivilege"
Public Const SE_SYSTEM_PROFILE_NAME = "SeSystemProfilePrivilege"
Public Const SE_SYSTEMTIME_NAME = "SeSystemtimePrivilege"
Public Const SE_TAKE_OWNERSHIP_NAME = "SeTakeOwnershipPrivilege"
Public Const SE_TCB_NAME = "SeTcbPrivilege"
Public Const SE_UNSOLICITED_INPUT_NAME = "SeUnsolicitedInputPrivilege"
Private Const SE_DACL_DEFAULTED = &H8
Private Const SE_DACL_PRESENT = &H4
Private Const SE_ERR_ACCESSDENIED = 5
Private Const SE_ERR_ASSOCINCOMPLETE = 27
Private Const SE_ERR_DDEBUSY = 30
Private Const SE_ERR_DDEFAIL = 29
Private Const SE_ERR_DDETIMEOUT = 28
Private Const SE_ERR_DLLNOTFOUND = 32
Private Const SE_ERR_FNF = 2
Private Const SE_ERR_NOASSOC = 31
Private Const SE_ERR_OOM = 8
Private Const SE_ERR_PNF = 3
Private Const SE_ERR_SHARE = 26
Private Const SE_GROUP_DEFAULTED = &H2
Private Const SE_GROUP_ENABLED = &H4
Private Const SE_GROUP_ENABLED_BY_DEFAULT = &H2
Private Const SE_GROUP_LOGON_ID = &HC0000000
Private Const SE_GROUP_MANDATORY = &H1
Private Const SE_GROUP_OWNER = &H8
Private Const SE_OWNER_DEFAULTED = &H1
Private Const SE_PRIVILEGE_ENABLED = &H2
Private Const SE_PRIVILEGE_ENABLED_BY_DEFAULT = &H1
Private Const SE_PRIVILEGE_USED_FOR_ACCESS = &H80000000
Private Const SE_SELF_RELATIVE = &H8000
Private Const SE_SACL_DEFAULTED = &H20
Private Const SE_SACL_PRESENT = &H10
'***************************************************************************************************************
Public Sub EnablePrivileges()Sub EnablePrivileges(hProc As Long, PrivilegeName As String)
Dim hToken As Long
Dim mLUID As LUID
Dim mPriv As TOKEN_PRIVILEGES
Dim mNewPriv As TOKEN_PRIVILEGES
OpenProcessToken hProc, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hToken
LookupPrivilegeValue "", PrivilegeName, mLUID
mPriv.PrivilegeCount = 1
mPriv.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
mPriv.Privileges(0).pLuid = mLUID
AdjustTokenPrivileges hToken, False, mPriv, 4 + (12 * mPriv.PrivilegeCount), mNewPriv, 4 + (12 * mNewPriv.PrivilegeCount)
CloseHandle hToken
End Sub
Private
Declare
Sub CloseHandle()
Sub CloseHandle Lib "kernel32" (ByVal hPass As Long)Private Declare Function LookupPrivilegeValue()Function LookupPrivilegeValue Lib "advapi32" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LUID) As LongPrivate Declare Function AdjustTokenPrivileges()Function AdjustTokenPrivileges Lib "advapi32" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As LongPrivate Declare Function OpenProcessToken()Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As LongPrivate Const ANYSIZE_ARRAY = 1Private Const TOKEN_ADJUST_PRIVILEGES = &H20Private Const TOKEN_QUERY = &H8Private Type LUID LowPart As Long HighPart As LongEnd TypePrivate Type LUID_AND_ATTRIBUTES pLuid As LUID Attributes As LongEnd TypePrivate Type TOKEN_PRIVILEGES PrivilegeCount As Long Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTESEnd TypePublic Const SE_DEBUG_NAME = "SeDebugPrivilege"Public Const SE_ASSIGNPRIMARYTOKEN_NAME = "SeAssignPrimaryTokenPrivilege"Public Const SE_AUDIT_NAME = "SeAuditPrivilege"Public Const SE_BACKUP_NAME = "SeBackupPrivilege"Public Const SE_CHANGE_NOTIFY_NAME = "SeChangeNotifyPrivilege"Public Const SE_CREATE_PAGEFILE_NAME = "SeCreatePagefilePrivilege"Public Const SE_CREATE_PERMANENT_NAME = "SeCreatePermanentPrivilege"Public Const SE_CREATE_TOKEN_NAME = "SeCreateTokenPrivilege"Public Const SE_INC_BASE_PRIORITY_NAME = "SeIncreaseBasePriorityPrivilege"Public Const SE_INCREASE_QUOTA_NAME = "SeIncreaseQuotaPrivilege"Public Const SE_LOAD_DRIVER_NAME = "SeLoadDriverPrivilege"Public Const SE_LOCK_MEMORY_NAME = "SeLockMemoryPrivilege"Public Const SE_MACHINE_ACCOUNT_NAME = "SeMachineAccountPrivilege"Public Const SE_PROF_SINGLE_PROCESS_NAME = "SeProfileSingleProcessPrivilege"Public Const SE_REMOTE_SHUTDOWN_NAME = "SeRemoteShutdownPrivilege"Public Const SE_RESTORE_NAME = "SeRestorePrivilege"Public Const SE_SECURITY_NAME = "SeSecurityPrivilege"Public Const SE_SHUTDOWN_NAME = "SeShutdownPrivilege"Public Const SE_SYSTEM_ENVIRONMENT_NAME = "SeSystemEnvironmentPrivilege"Public Const SE_SYSTEM_PROFILE_NAME = "SeSystemProfilePrivilege"Public Const SE_SYSTEMTIME_NAME = "SeSystemtimePrivilege"Public Const SE_TAKE_OWNERSHIP_NAME = "SeTakeOwnershipPrivilege"Public Const SE_TCB_NAME = "SeTcbPrivilege"Public Const SE_UNSOLICITED_INPUT_NAME = "SeUnsolicitedInputPrivilege"Private Const SE_DACL_DEFAULTED = &H8Private Const SE_DACL_PRESENT = &H4Private Const SE_ERR_ACCESSDENIED = 5Private Const SE_ERR_ASSOCINCOMPLETE = 27Private Const SE_ERR_DDEBUSY = 30Private Const SE_ERR_DDEFAIL = 29Private Const SE_ERR_DDETIMEOUT = 28Private Const SE_ERR_DLLNOTFOUND = 32Private Const SE_ERR_FNF = 2Private Const SE_ERR_NOASSOC = 31Private Const SE_ERR_OOM = 8Private Const SE_ERR_PNF = 3Private Const SE_ERR_SHARE = 26Private Const SE_GROUP_DEFAULTED = &H2Private Const SE_GROUP_ENABLED = &H4Private Const SE_GROUP_ENABLED_BY_DEFAULT = &H2Private Const SE_GROUP_LOGON_ID = &HC0000000Private Const SE_GROUP_MANDATORY = &H1Private Const SE_GROUP_OWNER = &H8Private Const SE_OWNER_DEFAULTED = &H1Private Const SE_PRIVILEGE_ENABLED = &H2Private Const SE_PRIVILEGE_ENABLED_BY_DEFAULT = &H1Private Const SE_PRIVILEGE_USED_FOR_ACCESS = &H80000000Private Const SE_SELF_RELATIVE = &H8000Private Const SE_SACL_DEFAULTED = &H20Private Const SE_SACL_PRESENT = &H10'***************************************************************************************************************Public Sub EnablePrivileges()Sub EnablePrivileges(hProc As Long, PrivilegeName As String) Dim hToken As Long Dim mLUID As LUID Dim mPriv As TOKEN_PRIVILEGES Dim mNewPriv As TOKEN_PRIVILEGES OpenProcessToken hProc, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hToken LookupPrivilegeValue "", PrivilegeName, mLUID mPriv.PrivilegeCount = 1 mPriv.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED mPriv.Privileges(0).pLuid = mLUID AdjustTokenPrivileges hToken, False, mPriv, 4 + (12 * mPriv.PrivilegeCount), mNewPriv, 4 + (12 * mNewPriv.PrivilegeCount) CloseHandle hTokenEnd Sub
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
