本文介绍了一个使用MASM32实现的简单程序,该程序用于检测当前运行进程是否具有管理员权限。程序通过尝试获取当前线程或进程的令牌并检查令牌中的组信息来确定权限状态。
;Function:Demothewaytodetermineifyouhaveadministratorprivileges
;Author:PurpleEndurer
;Dev:WinXPSP2+MASM32v8
;
;log
;---------
;2006-12-06Passed!
;2006-12-05Created!
.486
.modelflat,stdcall
optioncasemap:none;casesensitive
include/masm32/include/windows.inc
include/masm32/include/kernel32.inc
includelib/masm32/lib/kernel32.lib
include/masm32/include/user32.inc
includelib/masm32/lib/user32.lib
include/masm32/include/advapi32.inc
includelib/masm32/lib/advapi32.lib
IsAdminPROTO
d_UseGlobeVarequ0
.data
g_szAppNamedb"IsAdmin",0
g_szHaveAdminPrivdb"YouhaveAdminprivileges!",0
g_szNoAdminPrivdb"Youdon'thaveAdminprivileges!",0
ifd_UseGlobeVareq1
g_stSiaNtAuthoritySID_IDENTIFIER_AUTHORITY<SECURITY_NT_AUTHORITY>
endif
.code
Start:
invokeIsAdmin
.ifeax==TRUE
moveax,offsetg_szHaveAdminPriv
.else
moveax,offsetg_szNoAdminPriv
.endif
invokeMessageBox,NULL,eax,offsetg_szAppName,MB_OK
invokeExitProcess,0
IsAdminproc
localhCurrentThread,hAccessToken,hCurrentProcess:HANDLE
localdwInfoBufferSize,pInfoBuffer,dwSuccess,psidAdministrators:dword
ifd_UseGlobeVareq0
localstSiaNtAuthority:SID_IDENTIFIER_AUTHORITY
endif
invokeGetCurrentThread
movhCurrentThread,eax
invokeOpenThreadToken,hCurrentThread,TOKEN_QUERY,TRUE,ADDRhAccessToken
.ifeax==0
invokeGetLastError
cmpeax,ERROR_NO_TOKEN
je@F
moveax,FALSE
jmp@IsAdminRet
@@:
invokeGetCurrentProcess
movhCurrentProcess,eax
invokeOpenProcessToken,hCurrentProcess,TOKEN_QUERY,ADDRhAccessToken
oreax,eax
jnz@F
moveax,FALSE
jmp@IsAdminRet
.endif
@@:
invokeGetTokenInformation,hAccessToken,TokenGroups,NULL,NULL,ADDRdwInfoBufferSize
.ifdwInfoBufferSize>0
invokeGlobalAlloc,GMEM_FIXED,dwInfoBufferSize
movpInfoBuffer,eax
invokeGetTokenInformation,hAccessToken,TokenGroups,pInfoBuffer,dwInfoBufferSize,ADDRdwInfoBufferSize
.endif
movdwSuccess,eax
invokeCloseHandle,hAccessToken
cmpdwSuccess,0
jne@F
moveax,FALSE
jmp@IsAdminRet
@@:
ifd_UseGlobeVareq1
invokeAllocateAndInitializeSid,offsetg_stSiaNtAuthority,2,SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_ADMINS,0,0,0,0,0,0,ADDRpsidAdministrators
else
invokeRtlZeroMemory,addrstSiaNtAuthority,sizeofstSiaNtAuthority
movbyteptr[stSiaNtAuthority+5],5;SECURITY_NT_AUTHORITYequ{0,0,0,0,0,5}
invokeAllocateAndInitializeSid,addrstSiaNtAuthority,2,SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_ADMINS,0,0,0,0,0,0,ADDRpsidAdministrators
endif
oreax,eax
jnz@F
moveax,FALSE
jmp@IsAdminRet
@@:
movdwSuccess,FALSE
movebx,pInfoBuffer
movecx,TOKEN_GROUPS.GroupCount[ebx]
xoresi,esi
.whileesi<ecx
pushesi
pushecx
movecx,TOKEN_GROUPS.Groups.Sid[ebx]
moveax,sizeofTOKEN_GROUPS.Groups
xoredx,edx
mulesi ;eax * esi -> eax
addecx,eax
invokeEqualSid,psidAdministrators,ecx
popecx
popesi
.ifeax!=0
movdwSuccess,TRUE
.break
.endif
incesi
.endw
invokeFreeSid,psidAdministrators
invokeGlobalFree,pInfoBuffer
moveax,dwSuccess
@IsAdminRet:
ret
IsAdminendp
endStart
;Author:PurpleEndurer
;Dev:WinXPSP2+MASM32v8
;
;log
;---------
;2006-12-06Passed!
;2006-12-05Created!
.486
.modelflat,stdcall
optioncasemap:none;casesensitive
include/masm32/include/windows.inc
include/masm32/include/kernel32.inc
includelib/masm32/lib/kernel32.lib
include/masm32/include/user32.inc
includelib/masm32/lib/user32.lib
include/masm32/include/advapi32.inc
includelib/masm32/lib/advapi32.lib
IsAdminPROTO
d_UseGlobeVarequ0
.data
g_szAppNamedb"IsAdmin",0
g_szHaveAdminPrivdb"YouhaveAdminprivileges!",0
g_szNoAdminPrivdb"Youdon'thaveAdminprivileges!",0
ifd_UseGlobeVareq1
g_stSiaNtAuthoritySID_IDENTIFIER_AUTHORITY<SECURITY_NT_AUTHORITY>
endif
.code
Start:
invokeIsAdmin
.ifeax==TRUE
moveax,offsetg_szHaveAdminPriv
.else
moveax,offsetg_szNoAdminPriv
.endif
invokeMessageBox,NULL,eax,offsetg_szAppName,MB_OK
invokeExitProcess,0
IsAdminproc
localhCurrentThread,hAccessToken,hCurrentProcess:HANDLE
localdwInfoBufferSize,pInfoBuffer,dwSuccess,psidAdministrators:dword
ifd_UseGlobeVareq0
localstSiaNtAuthority:SID_IDENTIFIER_AUTHORITY
endif
invokeGetCurrentThread
movhCurrentThread,eax
invokeOpenThreadToken,hCurrentThread,TOKEN_QUERY,TRUE,ADDRhAccessToken
.ifeax==0
invokeGetLastError
cmpeax,ERROR_NO_TOKEN
je@F
moveax,FALSE
jmp@IsAdminRet
@@:
invokeGetCurrentProcess
movhCurrentProcess,eax
invokeOpenProcessToken,hCurrentProcess,TOKEN_QUERY,ADDRhAccessToken
oreax,eax
jnz@F
moveax,FALSE
jmp@IsAdminRet
.endif
@@:
invokeGetTokenInformation,hAccessToken,TokenGroups,NULL,NULL,ADDRdwInfoBufferSize
.ifdwInfoBufferSize>0
invokeGlobalAlloc,GMEM_FIXED,dwInfoBufferSize
movpInfoBuffer,eax
invokeGetTokenInformation,hAccessToken,TokenGroups,pInfoBuffer,dwInfoBufferSize,ADDRdwInfoBufferSize
.endif
movdwSuccess,eax
invokeCloseHandle,hAccessToken
cmpdwSuccess,0
jne@F
moveax,FALSE
jmp@IsAdminRet
@@:
ifd_UseGlobeVareq1
invokeAllocateAndInitializeSid,offsetg_stSiaNtAuthority,2,SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_ADMINS,0,0,0,0,0,0,ADDRpsidAdministrators
else
invokeRtlZeroMemory,addrstSiaNtAuthority,sizeofstSiaNtAuthority
movbyteptr[stSiaNtAuthority+5],5;SECURITY_NT_AUTHORITYequ{0,0,0,0,0,5}
invokeAllocateAndInitializeSid,addrstSiaNtAuthority,2,SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_ADMINS,0,0,0,0,0,0,ADDRpsidAdministrators
endif
oreax,eax
jnz@F
moveax,FALSE
jmp@IsAdminRet
@@:
movdwSuccess,FALSE
movebx,pInfoBuffer
movecx,TOKEN_GROUPS.GroupCount[ebx]
xoresi,esi
.whileesi<ecx
pushesi
pushecx
movecx,TOKEN_GROUPS.Groups.Sid[ebx]
moveax,sizeofTOKEN_GROUPS.Groups
xoredx,edx
mulesi ;eax * esi -> eax
addecx,eax
invokeEqualSid,psidAdministrators,ecx
popecx
popesi
.ifeax!=0
movdwSuccess,TRUE
.break
.endif
incesi
.endw
invokeFreeSid,psidAdministrators
invokeGlobalFree,pInfoBuffer
moveax,dwSuccess
@IsAdminRet:
ret
IsAdminendp
endStart
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
