降进程权限

// test1.cpp : Defines the entry point for the console application. // #include "stdafx.h" #pragma comment(lib,"Advapi32.lib") void CreateLowProcess(); int _tmain(int argc, _TCHAR* argv[]) { CreateLowProcess(); return 0; } void CreateLowProcess() { BOOL bRet; HANDLE hToken; HANDLE hNewToken; // Notepad is used as an example WCHAR wszProcessName[MAX_PATH] = L"C://Windows//System32//Notepad.exe"; // Low integrity SID WCHAR wszIntegritySid[20] = L"S-1-16-4096"; PSID pIntegritySid = NULL; TOKEN_MANDATORY_LABEL TIL = {0}; PROCESS_INFORMATION ProcInfo = {0}; STARTUPINFO StartupInfo = {0}; ULONG ExitCode = 0; if (OpenProcessToken(GetCurrentProcess(),MAXIMUM_ALLOWED, &hToken)) { if (DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL, SecurityImpersonation, TokenPrimary, &hNewToken)) { if (ConvertStringSidToSid(wszIntegritySid, &pIntegritySid)) { TIL.Label.Attributes = SE_GROUP_INTEGRITY; TIL.Label.Sid = pIntegritySid; // Set the process integrity level if (SetTokenInformation(hNewToken, TokenIntegrityLevel, &TIL, sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(pIntegritySid))) { // Create the new process at Low integrity bRet = CreateProcessAsUser(hNewToken, NULL, wszProcessName, NULL, NULL, FALSE, 0, NULL, NULL, &StartupInfo, &ProcInfo); if(bRet) { MessageBox(NULL,L"123",L"123",MB_OK); } else { MessageBox(NULL,L"222",L"123",MB_OK); } } LocalFree(pIntegritySid); } CloseHandle(hNewToken); } CloseHandle(hToken); } }

 

降进程权限