本文探讨了如何通过C++代码调整Windows系统权限,深入解释了使用OpenThreadToken、OpenProcessToken、LookupPrivilegeValue、PrivilegeCheck和SetPrivilege函数实现系统级权限提升的过程。详细介绍了权限检查、获取、设置和撤销的完整流程,适用于系统管理、安全研究等场景。
#include <Windows.h>
class AdjustPrivilege
{
public:
AdjustPrivilege():m_bEnble(FALSE)
{
HANDLE hToken = NULL;
if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken))
{
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
{
return;
}
}
LUID luid;
BOOL bRet = ::LookupPrivilegeValue(NULL,
SE_DEBUG_NAME, &luid);
PRIVILEGE_SET privs;
privs.PrivilegeCount = 1;
privs.Control = PRIVILEGE_SET_ALL_NECESSARY;
privs.Privilege[0].Luid = luid;
privs.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
BOOL bresult = FALSE;
BOOL bret = ::PrivilegeCheck(hToken, &privs, &bresult);
if (bresult)
{
m_bEnble = TRUE;
}
else
{
m_bEnble = FALSE;
SetPrivilege(TRUE, SE_DEBUG_NAME);
}
}
~AdjustPrivilege()
{
if (m_bEnble == FALSE)
{
SetPrivilege(FALSE, SE_DEBUG_NAME);
}
}
private:
BOOL SetPrivilege(BOOL bSet, LPCWSTR lpszPri)
{
HANDLE hTokenProc = NULL;
BOOL bRet = ::OpenProcessToken( ::GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES, &hTokenProc);
if (bRet)
{
bRet = SetPrivilegeToken(hTokenProc, lpszPri, bSet);
}
::CloseHandle(hTokenProc);
return bRet;
}
BOOL SetPrivilegeToken(HANDLE hToken, LPCWSTR lpszPrivilege, BOOL bEnablePrivilege)
{
LUID luid;
BOOL bRet = ::LookupPrivilegeValue(NULL,
lpszPrivilege, &luid);
if (!bRet)
{
return FALSE;
}
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = bEnablePrivilege?SE_PRIVILEGE_ENABLED:SE_PRIVILEGE_REMOVED;
return ::AdjustTokenPrivileges( hToken, FALSE, &tp, 0, NULL, NULL );
}
private:
BOOL m_bEnble;
};
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
