本文整理汇总了C++中OpenProcessToken函数的典型用法代码示例。如果您正苦于以下问题:C++ OpenProcessToken函数的具体用法?C++ OpenProcessToken怎么用?C++ OpenProcessToken使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了OpenProcessToken函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: main
int main(void)
{
// GetCurrentProcess cannot fail
HANDLE hProcess = GetCurrentProcess();
if (OpenProcessToken(hProcess, TOKEN_READ, &hProcess))
{
LUID seCreateSymbolicLinkPrivilege;
if (LookupPrivilegeValue(NULL, SE_CREATE_SYMBOLIC_LINK_NAME, &seCreateSymbolicLinkPrivilege))
{
DWORD length;
printf("SeCreateSymbolicLinkPrivilege = %ld, %ld\n", seCreateSymbolicLinkPrivilege.HighPart, seCreateSymbolicLinkPrivilege.LowPart);
if (!GetTokenInformation(hProcess, TokenPrivileges, NULL, 0, &length))
{
if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
{
TOKEN_PRIVILEGES* privileges = (TOKEN_PRIVILEGES*)malloc(length);
if (GetTokenInformation(hProcess, TokenPrivileges, privileges, length, &length))
{
BOOL found = FALSE;
DWORD count = privileges->PrivilegeCount;
printf("User has %ld privileges\n", count);
if (count > 0)
{
LUID_AND_ATTRIBUTES* privs = privileges->Privileges;
while (count-- > 0 && !luid_eq(privs->Luid, seCreateSymbolicLinkPrivilege))
privs++;
found = (count > 0);
}
printf("User does%s have the SeCreateSymbolicLinkPrivilege\n", (found ? "" : "n't"));
}
else
{
fprintf(stderr, "Second GetTokenInformation failed\n");
}
free(privileges);
}
else
{
fprintf(stderr, "First GetTokenInformation failed\n");
}
}
else
{
fprintf(stderr, "Impossible output from GetTokenInformation\n");
}
}
else
{
fprintf(stderr, "LookupPrivilegeValue failed\n");
}
CloseHandle(hProcess);
}
else
{
fprintf(stderr, "OpenProcessToken failed\n");
}
LSA_HANDLE hPolicy;
NTSTATUS r;
LSA_OBJECT_ATTRIBUTES attributes = {0, NULL, NULL, 0, NULL, NULL};
attributes.Length = sizeof(attributes);
LUID seCreateSymbolicLinkPrivilege;
if (LookupPrivilegeValue(NULL, SE_CREATE_SYMBOLIC_LINK_NAME, &seCreateSymbolicLinkPrivilege))
{
// POLICY_LOOKUP_NAMES: LsaLookupNames2, LsaEnumerateAccountRights, LsaLookupSids, LsaAddAccountRights
// POLICY_VIEW_LOCAL_INFORMATION: LsaEnumerateAccountsWithUserRight
// Elevation: LsaEnumerateAccountRights, LsaEnumerateAccountsWithUserRight, LsaRemoveAccountRights, LsaAddAccountRights
if (NT_SUCCESS(r = LsaOpenPolicy(NULL, &attributes, POLICY_LOOKUP_NAMES | POLICY_VIEW_LOCAL_INFORMATION, &hPolicy)))
{
LSA_REFERENCED_DOMAIN_LIST* referencedDomains;
LSA_TRANSLATED_SID2* sids;
LSA_UNICODE_STRING name;
name.Buffer = L"Users";
name.Length = wcslen(name.Buffer) * sizeof(WCHAR);
name.MaximumLength = name.Length + sizeof(WCHAR);
if (NT_SUCCESS(r = LsaLookupNames2(hPolicy, LSA_LOOKUP_ISOLATED_AS_LOCAL, 1, &name, &referencedDomains, &sids)))
{
LSA_UNICODE_STRING* rights;
ULONG count;
LsaFreeMemory(referencedDomains);
if (NT_SUCCESS(r = LsaEnumerateAccountRights(hPolicy, sids->Sid, &rights, &count)))
{
LSA_UNICODE_STRING* right = rights;
printf("%ld right%s found\n", count, PLURAL(count));
while (count-- > 0)
{
printf(" %.*S\n", right->Length / 2, right->Buffer);
//.........这里部分代码省略.........
开发者ID:dra27,项目名称:opam-experiments,代码行数:101,代码来源:symlink.c
示例2: Sleep
//.........这里部分代码省略.........
{
vncConnDialog *newconn = new vncConnDialog(_this->m_server);
if (newconn)
{
newconn->DoDialog();
// delete newconn; // NO ! Already done in vncConnDialog.
}
}
break;
case ID_KILLCLIENTS:
// Disconnect all currently connected clients
vnclog.Print(LL_INTINFO, VNCLOG("KillAuthClients() ID_KILLCLIENTS \n"));
_this->m_server->KillAuthClients();
break;
// [email protected]
case ID_LISTCLIENTS:
_this->m_ListDlg.Display();
break;
case ID_ABOUT:
// Show the About box
_this->m_about.Show(TRUE);
break;
case ID_VISITUSONLINE_HOMEPAGE:
{
HANDLE hProcess,hPToken;
DWORD id=GetExplorerLogonPid();
if (id!=0)
{
hProcess = OpenProcess(MAXIMUM_ALLOWED,FALSE,id);
if(!OpenProcessToken(hProcess,TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY
|TOKEN_DUPLICATE|TOKEN_ASSIGN_PRIMARY|TOKEN_ADJUST_SESSIONID
|TOKEN_READ|TOKEN_WRITE,&hPToken)) break;
char dir[MAX_PATH];
char exe_file_name[MAX_PATH];
GetModuleFileName(0, exe_file_name, MAX_PATH);
strcpy(dir, exe_file_name);
strcat(dir, " -openhomepage");
{
STARTUPINFO StartUPInfo;
PROCESS_INFORMATION ProcessInfo;
ZeroMemory(&StartUPInfo,sizeof(STARTUPINFO));
ZeroMemory(&ProcessInfo,sizeof(PROCESS_INFORMATION));
StartUPInfo.wShowWindow = SW_SHOW;
StartUPInfo.lpDesktop = "Winsta0\\Default";
StartUPInfo.cb = sizeof(STARTUPINFO);
CreateProcessAsUser(hPToken,NULL,dir,NULL,NULL,FALSE,DETACHED_PROCESS,NULL,NULL,&StartUPInfo,&ProcessInfo);
DWORD error=GetLastError();
if (ProcessInfo.hThread) CloseHandle(ProcessInfo.hThread);
if (ProcessInfo.hProcess) CloseHandle(ProcessInfo.hProcess);
//if (error==1314)
// {
// Open_homepage();
// }
}
}
}
break;
开发者ID:DennisHeerema,项目名称:ultravnc,代码行数:66,代码来源:vncmenu.cpp
示例3: _process_id
process::process(DWORD pid) : _process_id(pid)
{
// NT API Support:
// 5.0 GetModuleFileNameEx
// 5.1 GetProcessImageFileName
// 5.0 GetProcessTimes
// 5.0 GetTokenInformation
// 5.0 LookupAccountSid
// 5.0 OpenProcess
// 5.0 OpenProcessToken
// 6.0 QueryFullProcessImageName
#if _WIN32_WINNT < 0x0600
//HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
#else
//HANDLE hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pid);
#endif
HANDLE hProcess = OpenProcess(MAXIMUM_ALLOWED, FALSE, pid);
if (NULL != hProcess) {
FILETIME ctime = { 0, 0 };
FILETIME etime = { 0, 0 };
FILETIME ktime = { 0, 0 };
FILETIME utime = { 0, 0 };
if (GetProcessTimes(hProcess, &ctime, &etime, &ktime, &utime)) {
_creation_time = ctime;
} else {
std::tcerr << std::dec << pid << ": GetProcessTimes failed: " << std::hex << std::setw(8) << std::setfill(_T('0')) << GetLastError() << std::endl;
}
#if _WIN32_WINNT < 0x0600
std::tstring image(MAX_PATH, '\0');
// This needs PROCESS_VM_READ.
DWORD image_length = GetModuleFileNameEx(hProcess, NULL, &image[0], image.size());
if (image_length > 0) {
image.resize(image_length);
} else {
std::tcerr << std::dec << pid << ": GetModuleFileNameEx failed: " << std::hex << std::setw(8) << std::setfill(_T('0')) << GetLastError() << std::endl;
}
#else
std::tstring image(MAX_PATH, '\0');
DWORD image_length = image.size();
// This needs PROCESS_QUERY_LIMITED_INFORMATION.
if (QueryFullProcessImageName(hProcess, 0, &image[0], &image_length)) {
image.resize(image_length);
} else {
std::tcerr << std::dec << pid << ": QueryFullProcessImageName failed: " << std::hex << std::setw(8) << std::setfill(_T('0')) << GetLastError() << std::endl;
}
#endif
_image_filepath.assign(image);
std::tstring::size_type last_slash = _image_filepath.rfind('\\');
if (last_slash != std::tstring::npos) {
_image_filename = _image_filepath.substr(++last_slash, _image_filepath.size());
}
HANDLE hProcessToken;
if (OpenProcessToken(hProcess, TOKEN_QUERY, &hProcessToken)) {
DWORD data_length = 0;
if (!GetTokenInformation(hProcessToken, TokenUser, NULL, 0, &data_length) && (GetLastError() == ERROR_INSUFFICIENT_BUFFER)) {
void* data = new byte[data_length];
if (GetTokenInformation(hProcessToken, TokenUser, data, data_length, &data_length)) {
TOKEN_USER* user = static_cast<TOKEN_USER*>(data);
std::tstring name(MAX_NAME, '\0');
DWORD name_length = name.size();
std::tstring domain(MAX_NAME, '\0');
DWORD domain_length = domain.size();
SID_NAME_USE type;
if (LookupAccountSid(NULL, user->User.Sid, &name[0], &name_length, &domain[0], &domain_length, &type)) {
name.resize(name_length);
domain.resize(domain_length);
_username = _T("");
if (domain.size()) {
_username += domain;
_username += _T("\\");
}
_username += name;
} else {
std::tcerr << std::dec << pid << ": LookupAccountSid failed: " << std::hex << std::setw(8) << std::setfill(_T('0')) << GetLastError() << std::endl;
}
} else {
std::tcerr << std::dec << pid << ": GetTokenInformation(2) failed: " << std::hex << std::setw(8) << std::setfill(_T('0')) << GetLastError() << std::endl;
}
delete data;
} else {
std::tcerr << std::dec << pid << ": GetTokenInformation failed: " << std::hex << std::setw(8) << std::setfill(_T('0')) << GetLastError() << std::endl;
}
CloseHandle(hProcessToken);
} else {
std::tcerr << std::dec << pid << ": OpenProcessToken failed: " << std::hex << std::setw(8) << std::setfill(_T('0')) << GetLastError() << std::endl;
}
CloseHandle(hProcess);
}
}
开发者ID:ISergey256,项目名称:vmmap,代码行数:93,代码来源:process.cpp
示例4: GetAccountTypeHelper
char* GetAccountTypeHelper(BOOL CheckTokenForGroupDeny)
{
char *group = NULL;
HANDLE hToken = NULL;
struct group
{
DWORD auth_id;
char *name;
};
struct group groups[] =
{
{DOMAIN_ALIAS_RID_USERS, "User"},
// every user belongs to the users group, hence users come before guests
{DOMAIN_ALIAS_RID_GUESTS, "Guest"},
{DOMAIN_ALIAS_RID_POWER_USERS, "Power"},
{DOMAIN_ALIAS_RID_ADMINS, "Admin"}
};
if (GetVersion() & 0x80000000) // Not NT
{
return "Admin";
}
// First we must open a handle to the access token for this thread.
if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken) ||
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
{
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = {SECURITY_NT_AUTHORITY};
TOKEN_GROUPS *ptg = NULL;
BOOL ValidTokenGroups = FALSE;
DWORD cbTokenGroups;
DWORD i, j;
if (CheckTokenForGroupDeny)
// GetUserName is in advapi32.dll so we can avoid Load/Freelibrary
_CheckTokenMembership=
(CHECKTOKENMEMBERSHIP) GetProcAddress(
GetModuleHandle("ADVAPI32"), "CheckTokenMembership");
// Use "old school" membership check?
if (!CheckTokenForGroupDeny || _CheckTokenMembership == NULL)
{
// We must query the size of the group information associated with
// the token. Note that we expect a FALSE result from GetTokenInformation
// because we've given it a NULL buffer. On exit cbTokenGroups will tell
// the size of the group information.
if (!GetTokenInformation(hToken, TokenGroups, NULL, 0, &cbTokenGroups) &&
GetLastError() == ERROR_INSUFFICIENT_BUFFER)
{
// Allocate buffer and ask for the group information again.
// This may fail if an administrator has added this account
// to an additional group between our first call to
// GetTokenInformation and this one.
if ((ptg = GlobalAlloc(GPTR, cbTokenGroups)) &&
GetTokenInformation(hToken, TokenGroups, ptg, cbTokenGroups, &cbTokenGroups))
{
ValidTokenGroups=TRUE;
}
}
}
if (ValidTokenGroups || (CheckTokenForGroupDeny && _CheckTokenMembership))
{
PSID psid;
for (i = 0; i < sizeof(groups)/sizeof(struct group); i++)
{
// Create a SID for the local group and then check if it exists in our token
if (AllocateAndInitializeSid(
&SystemSidAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID,
groups[i].auth_id, 0, 0, 0, 0, 0, 0,&psid))
{
BOOL IsMember = FALSE;
if (CheckTokenForGroupDeny && _CheckTokenMembership)
{
_CheckTokenMembership(0, psid, &IsMember);
}
else if (ValidTokenGroups)
{
for (j = 0; j < ptg->GroupCount; j++)
{
if (EqualSid(ptg->Groups[j].Sid, psid))
{
IsMember = TRUE;
}
}
}
if (IsMember) group=groups[i].name;
FreeSid(psid);
}
}
}
if (ptg)
GlobalFree(ptg);
CloseHandle(hToken);
return group;
//.........这里部分代码省略.........
开发者ID:kichik,项目名称:nsis-1,代码行数:101,代码来源:UserInfo.c
示例5: _tmain
int _tmain(int argc, _TCHAR* argv[])
{
ARGUMENTS params = { 0 }; // Parsed program arguments
HANDLE hInDev = NULL;
HANDLE hOutDev = NULL;
// Disk Geometry
LONGLONG DiskSize = { 0 }; // disk size in bytes
DWORD SectorSize; // Physical sector size
std::queue <LPVOID> cola;
// Thread synchronization
HANDLE hMutex;
HANDLE hThread[2] = { 0 };
DWORD ThreadID[2] = { 0 };
if (!ParseProgramArguments(¶ms, argc, argv)) {
return 1;
}
BQUEUE data = { &cola, 0}; // data queue
#if (_WIN32_WINNT >= _WIN32_WINNT_VISTA)
HANDLE hToken;
OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &hToken);
DWORD infoLen;
TOKEN_ELEVATION elevation;
GetTokenInformation(hToken, TokenElevation, &elevation, sizeof(elevation), &infoLen);
if (!elevation.TokenIsElevated)
{
wprintf(L"This program must run in elevated mode\n");
return -1;
}
#else
#error you are using an old version of sdk or not supported operating system
#endif
if (!OpenDescriptors(params.sInDev, params.sOutDev, &hInDev, &hOutDev))
{
return -1;
}
if (!GetDescriptorGeometry(hInDev, &SectorSize, &DiskSize))
{
return -1;
}
/* Mutex Creation */
hMutex = CreateMutex(NULL, FALSE, NULL);
if (hMutex == NULL)
{
wprintf(L"CreateMutex() error: %d\n", GetLastError());
return -1;
}
/* The party start now */
wprintf(L">>> windd %s - By Luis Gonzalez Fernandez\n", VERSION);
if (!params.NoDisclaimer)
Disclaimer();
wprintf(L"%s => %s\n", params.sInDev, params.sOutDev);
/* Reader Thread */
TPARAMS ReaderParams = { 0 };
ReaderParams.hDev = hInDev;
ReaderParams.cola = &data;
ReaderParams.StartOffset = params.dwSkip; // skip n bytes at input
ReaderParams.EndOffset = DiskSize;
if (params.dwInBs)
ReaderParams.SectorSize = params.dwInBs;
else
ReaderParams.SectorSize = SectorSize;
ReaderParams.MemBuff = params.dwBuff;
ReaderParams.Mutex = hMutex;
ReaderParams.DiskSize = DiskSize;
ReaderParams.DataProcessed = 0;
ReaderParams.Verbose = params.Verbose;
hThread[0] = CreateThread(NULL, 0, ReadSect, &ReaderParams, 0, &ThreadID[0]);
/* Writer Thread */
TPARAMS WriterParams = { 0 };
WriterParams.hDev = hOutDev;
WriterParams.cola = &data;
WriterParams.StartOffset = params.dwSeek; // seek until this offset at write.
WriterParams.EndOffset = (DiskSize + params.dwSeek - params.dwSkip);
if (params.dwOutBs)
WriterParams.SectorSize = params.dwOutBs;
else
WriterParams.SectorSize = SectorSize;
WriterParams.Mutex = hMutex;
WriterParams.DiskSize = DiskSize;
WriterParams.DataProcessed = 0;
WriterParams.Verbose = params.Verbose;
//.........这里部分代码省略.........
开发者ID:hailuodev,项目名称:windd,代码行数:101,代码来源:windd64.cpp
示例6: sizeof
// Basically Microsoft 118626
// Needed for vista as it fakes the admin rights on the registry and screws everything up
bool CGlobalSettings::isAdmin()
{
static int isAd = 0;
bool fReturn = false;
DWORD dwStatus;
DWORD dwAccessMask;
DWORD dwAccessDesired;
DWORD dwACLSize;
DWORD dwStructureSize = sizeof(PRIVILEGE_SET);
PACL pACL = NULL;
PSID psidAdmin = NULL;
HANDLE hToken = NULL;
HANDLE hImpersonationToken = NULL;
PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;
PSECURITY_DESCRIPTOR psdAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
if(isAd)
return isAd>0?true:false;
__try
{
if (!OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE|TOKEN_QUERY, TRUE, &hToken))
{
if (GetLastError() != ERROR_NO_TOKEN)
__leave;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE|TOKEN_QUERY, &hToken))
__leave;
}
if (!DuplicateToken (hToken, SecurityImpersonation, &hImpersonationToken))
__leave;
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_ADMINS,0, 0, 0, 0, 0, 0, &psidAdmin))
__leave;
psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (psdAdmin == NULL)
__leave;
if (!InitializeSecurityDescriptor(psdAdmin, SECURITY_DESCRIPTOR_REVISION))
__leave;
// Compute size needed for the ACL.
dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(psidAdmin) - sizeof(DWORD);
pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
if (pACL == NULL)
__leave;
if (!InitializeAcl(pACL, dwACLSize, ACL_REVISION2))
__leave;
dwAccessMask = ACCESS_READ | ACCESS_WRITE;
if (!AddAccessAllowedAce(pACL, ACL_REVISION2, dwAccessMask, psidAdmin))
__leave;
if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE))
__leave;
SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE);
SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE);
if (!IsValidSecurityDescriptor(psdAdmin))
__leave;
dwAccessDesired = ACCESS_READ;
GenericMapping.GenericRead = ACCESS_READ;
GenericMapping.GenericWrite = ACCESS_WRITE;
GenericMapping.GenericExecute = 0;
GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE;
BOOL bRet;
if (!AccessCheck(psdAdmin, hImpersonationToken, dwAccessDesired,
&GenericMapping, &ps, &dwStructureSize, &dwStatus,
&bRet))
__leave;
fReturn = bRet?true:false;
}
__finally
{
// Clean up.
if (pACL) LocalFree(pACL);
if (psdAdmin) LocalFree(psdAdmin);
if (psidAdmin) FreeSid(psidAdmin);
if (hImpersonationToken) CloseHandle (hImpersonationToken);
if (hToken) CloseHandle (hToken);
}
isAd=fReturn?1:-1;
//.........这里部分代码省略.........
开发者ID:surfnzdotcom,项目名称:cvsnt-fork,代码行数:101,代码来源:GlobalSettings.cpp
示例7: main
int
main(int argc, char *argv[])
{
if (argc < 3) {
fprintf(stderr,
"usage:\n"
" inject <dllname.dll> <command> [args] ...\n"
" inject <dllname.dll> <process-id>\n"
" inject <dllname.dll> !<process-name>\n"
);
return 1;
}
BOOL bAttach = FALSE;
DWORD dwProcessId = ~0;
if (isNumber(argv[2])) {
dwProcessId = atol(argv[2]);
bAttach = TRUE;
} else if (argv[2][0] == '!') {
const char *szProcessName = &argv[2][1];
if (!getProcessIdByName(szProcessName, &dwProcessId)) {
fprintf(stderr, "error: failed to find process %s\n", szProcessName);
return 1;
}
bAttach = TRUE;
fprintf(stderr, "dwProcessId = %lu\n", dwProcessId);
}
HANDLE hSemaphore = NULL;
const char *szDll = argv[1];
if (!USE_SHARED_MEM) {
SetEnvironmentVariableA("INJECT_DLL", szDll);
} else {
hSemaphore = CreateSemaphore(NULL, 1, 1, "inject_semaphore");
if (hSemaphore == NULL) {
fprintf(stderr, "error: failed to create semaphore\n");
return 1;
}
DWORD dwWait = WaitForSingleObject(hSemaphore, 0);
if (dwWait == WAIT_TIMEOUT) {
fprintf(stderr, "info: waiting for another inject instance to finish\n");
dwWait = WaitForSingleObject(hSemaphore, INFINITE);
}
if (dwWait != WAIT_OBJECT_0) {
fprintf(stderr, "error: failed to enter semaphore gate\n");
return 1;
}
SetSharedMem(szDll);
}
BOOL bAttachDwm = FALSE;
PROCESS_INFORMATION processInfo;
HANDLE hProcess;
if (bAttach) {
BOOL bRet;
HANDLE hToken = NULL;
bRet = OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken);
if (!bRet) {
fprintf(stderr, "error: OpenProcessToken returned %u\n", (unsigned)bRet);
return 1;
}
LUID Luid;
bRet = LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &Luid);
if (!bRet) {
fprintf(stderr, "error: LookupPrivilegeValue returned %u\n", (unsigned)bRet);
return 1;
}
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = Luid;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
bRet = AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof tp, NULL, NULL);
if (!bRet) {
fprintf(stderr, "error: AdjustTokenPrivileges returned %u\n", (unsigned)bRet);
return 1;
}
DWORD dwDesiredAccess =
PROCESS_CREATE_THREAD |
PROCESS_QUERY_INFORMATION |
PROCESS_QUERY_LIMITED_INFORMATION |
PROCESS_VM_OPERATION |
PROCESS_VM_WRITE |
PROCESS_VM_READ |
PROCESS_TERMINATE;
hProcess = OpenProcess(
dwDesiredAccess,
FALSE /* bInheritHandle */,
dwProcessId);
if (!hProcess) {
logLastError("failed to open process");
return 1;
}
char szProcess[MAX_PATH];
DWORD dwRet = GetModuleFileNameEx(hProcess, 0, szProcess, sizeof szProcess);
//.........这里部分代码省略.........
开发者ID:Aganlengzi,项目名称:apitrace,代码行数:101,代码来源:injector.cpp
示例8: CreateRestrictedProcess
/*
* Create a restricted token and execute the specified process with it.
*
* Returns restricted token on success and 0 on failure.
*
* On NT4, or any other system not containing the required functions, will
* NOT execute anything.
*/
HANDLE
CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, const char *progname)
{
BOOL b;
STARTUPINFO si;
HANDLE origToken;
HANDLE restrictedToken;
SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
SID_AND_ATTRIBUTES dropSids[2];
__CreateRestrictedToken _CreateRestrictedToken = NULL;
HANDLE Advapi32Handle;
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
Advapi32Handle = LoadLibrary("ADVAPI32.DLL");
if (Advapi32Handle != NULL)
{
_CreateRestrictedToken = (__CreateRestrictedToken) GetProcAddress(Advapi32Handle, "CreateRestrictedToken");
}
if (_CreateRestrictedToken == NULL)
{
fprintf(stderr, _("%s: WARNING: cannot create restricted tokens on this platform\n"), progname);
if (Advapi32Handle != NULL)
FreeLibrary(Advapi32Handle);
return 0;
}
/* Open the current token to use as a base for the restricted one */
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &origToken))
{
fprintf(stderr, _("%s: could not open process token: error code %lu\n"), progname, GetLastError());
return 0;
}
/* Allocate list of SIDs to remove */
ZeroMemory(&dropSids, sizeof(dropSids));
if (!AllocateAndInitializeSid(&NtAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0,
0, &dropSids[0].Sid) ||
!AllocateAndInitializeSid(&NtAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS, 0, 0, 0, 0, 0,
0, &dropSids[1].Sid))
{
fprintf(stderr, _("%s: could not allocate SIDs: error code %lu\n"),
progname, GetLastError());
return 0;
}
b = _CreateRestrictedToken(origToken,
DISABLE_MAX_PRIVILEGE,
sizeof(dropSids) / sizeof(dropSids[0]),
dropSids,
0, NULL,
0, NULL,
&restrictedToken);
FreeSid(dropSids[1].Sid);
FreeSid(dropSids[0].Sid);
CloseHandle(origToken);
FreeLibrary(Advapi32Handle);
if (!b)
{
fprintf(stderr, _("%s: could not create restricted token: error code %lu\n"),
progname, GetLastError());
return 0;
}
#ifndef __CYGWIN__
AddUserToTokenDacl(restrictedToken);
#endif
if (!CreateProcessAsUser(restrictedToken,
NULL,
cmd,
NULL,
NULL,
TRUE,
CREATE_SUSPENDED,
NULL,
NULL,
&si,
processInfo))
{
fprintf(stderr, _("%s: could not start process for command \"%s\": error code %lu\n"), progname, cmd, GetLastError());
return 0;
}
ResumeThread(processInfo->hThread);
//.........这里部分代码省略.........
开发者ID:PJMODOS,项目名称:postgres,代码行数:101,代码来源:restricted_token.c
示例9: defined
static void *alloc_hugetlb(void *address){
void *map_address = (void *)-1;
#if defined(OS_LINUX) || defined(OS_AIX)
int shmid;
shmid = shmget(IPC_PRIVATE, BUFFER_SIZE,
#ifdef OS_LINUX
SHM_HUGETLB |
#endif
#ifdef OS_AIX
SHM_LGPAGE | SHM_PIN |
#endif
IPC_CREAT | SHM_R | SHM_W);
if (shmid != -1) {
map_address = (void *)shmat(shmid, address, SHM_RND);
#ifdef OS_LINUX
my_mbind(map_address, BUFFER_SIZE, MPOL_PREFERRED, NULL, 0, 0);
#endif
if (map_address != (void *)-1){
shmctl(shmid, IPC_RMID, 0);
}
}
#endif
#ifdef __sun__
struct memcntl_mha mha;
mha.mha_cmd = MHA_MAPSIZE_BSSBRK;
mha.mha_flags = 0;
mha.mha_pagesize = HUGE_PAGESIZE;
memcntl(NULL, 0, MC_HAT_ADVISE, (char *)&mha, 0, 0);
map_address = (BLASULONG)memalign(HUGE_PAGESIZE, BUFFER_SIZE);
#endif
#ifdef OS_WINDOWS
HANDLE hToken;
TOKEN_PRIVILEGES tp;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken) != TRUE) return (void *) -1;
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (LookupPrivilegeValue(NULL, SE_LOCK_MEMORY_NAME, &tp.Privileges[0].Luid) != TRUE) return (void *) -1;
if (AdjustTokenPrivileges(hToken, FALSE, (PTOKEN_PRIVILEGES)&tp, 0, NULL, NULL) != TRUE) return (void *) -1;
map_address = (void *)VirtualAlloc(address,
BUFFER_SIZE,
MEM_LARGE_PAGES | MEM_RESERVE | MEM_COMMIT,
PAGE_READWRITE);
AdjustTokenPrivileges(hToken, TRUE, &tp, 0, (PTOKEN_PRIVILEGES)NULL, NULL);
if (map_address == (void *)NULL) map_address = (void *)-1;
#endif
if (map_address != (void *)-1){
release_info[release_pos].address = map_address;
release_info[release_pos].func = alloc_hugetlb_free;
release_pos ++;
}
return map_address;
}
开发者ID:dennis12,项目名称:OpenBLAS,代码行数:73,代码来源:memory.c
示例10: pgwin32_is_service
/*
* We consider ourselves running as a service if one of the following is
* true:
*
* 1) We are running as Local System (only used by services)
* 2) Our token contains SECURITY_SERVICE_RID (automatically added to the
* process token by the SCM when starting a service)
*
* Return values:
* 0 = Not service
* 1 = Service
* -1 = Error
*
* Note: we can't report errors via either ereport (we're called too early)
* or write_stderr (because that calls this). We are therefore reduced to
* writing directly on stderr, which sucks, but we have few alternatives.
*/
int
pgwin32_is_service(void)
{
static int _is_service = -1;
HANDLE AccessToken;
char *InfoBuffer = NULL;
char errbuf[256];
PTOKEN_GROUPS Groups;
PTOKEN_USER User;
PSID ServiceSid;
PSID LocalSystemSid;
SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
UINT x;
/* Only check the first time */
if (_is_service != -1)
return _is_service;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &AccessToken))
{
fprintf(stderr, "could not open process token: error code %d\n",
(int) GetLastError());
return -1;
}
/* First check for local system */
if (!pgwin32_get_dynamic_tokeninfo(AccessToken, TokenUser, &InfoBuffer,
errbuf, sizeof(errbuf)))
{
fprintf(stderr, "%s", errbuf);
return -1;
}
User = (PTOKEN_USER) InfoBuffer;
if (!AllocateAndInitializeSid(&NtAuthority, 1,
SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0,
&LocalSystemSid))
{
fprintf(stderr, "could not get SID for local system account\n");
CloseHandle(AccessToken);
return -1;
}
if (EqualSid(LocalSystemSid, User->User.Sid))
{
FreeSid(LocalSystemSid);
free(InfoBuffer);
CloseHandle(AccessToken);
_is_service = 1;
return _is_service;
}
FreeSid(LocalSystemSid);
free(InfoBuffer);
/* Now check for group SID */
if (!pgwin32_get_dynamic_tokeninfo(AccessToken, TokenGroups, &InfoBuffer,
errbuf, sizeof(errbuf)))
{
fprintf(stderr, "%s", errbuf);
return -1;
}
Groups = (PTOKEN_GROUPS) InfoBuffer;
if (!AllocateAndInitializeSid(&NtAuthority, 1,
SECURITY_SERVICE_RID, 0, 0, 0, 0, 0, 0, 0,
&ServiceSid))
{
fprintf(stderr, "could not get SID for service group\n");
free(InfoBuffer);
CloseHandle(AccessToken);
return -1;
}
_is_service = 0;
for (x = 0; x < Groups->GroupCount; x++)
{
if (EqualSid(ServiceSid, Groups->Groups[x].Sid))
{
_is_service = 1;
break;
//.........这里部分代码省略.........
开发者ID:GisKook,项目名称:Gis,代码行数:101,代码来源:security.c
示例11: pgwin32_is_admin
/*
* Returns nonzero if the current user has administrative privileges,
* or zero if not.
*
* Note: this cannot use ereport() because it's called too early during
* startup.
*/
int
pgwin32_is_admin(void)
{
HANDLE AccessToken;
char *InfoBuffer = NULL;
char errbuf[256];
PTOKEN_GROUPS Groups;
PSID AdministratorsSid;
PSID PowerUsersSid;
SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
UINT x;
BOOL success;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &AccessToken))
{
write_stderr("could not open process token: error code %d\n",
(int) GetLastError());
exit(1);
}
if (!pgwin32_get_dynamic_tokeninfo(AccessToken, TokenGroups,
&InfoBuffer, errbuf, sizeof(errbuf)))
{
write_stderr("%s", errbuf);
exit(1);
}
Groups = (PTOKEN_GROUPS) InfoBuffer;
CloseHandle(AccessToken);
if (!AllocateAndInitializeSid(&NtAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0,
0, &AdministratorsSid))
{
write_stderr("could not get SID for Administrators group: error code %d\n",
(int) GetLastError());
exit(1);
}
if (!AllocateAndInitializeSid(&NtAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS, 0, 0, 0, 0, 0,
0, &PowerUsersSid))
{
write_stderr("could not get SID for PowerUsers group: error code %d\n",
(int) GetLastError());
exit(1);
}
success = FALSE;
for (x = 0; x < Groups->GroupCount; x++)
{
if ((EqualSid(AdministratorsSid, Groups->Groups[x].Sid) && (Groups->Groups[x].Attributes & SE_GROUP_ENABLED)) ||
(EqualSid(PowerUsersSid, Groups->Groups[x].Sid) && (Groups->Groups[x].Attributes & SE_GROUP_ENABLED)))
{
success = TRUE;
break;
}
}
free(InfoBuffer);
FreeSid(AdministratorsSid);
FreeSid(PowerUsersSid);
return success;
}
开发者ID:GisKook,项目名称:Gis,代码行数:73,代码来源:security.c
示例12: yr_process_get_memory
int yr_process_get_memory(
int pid,
YR_MEMORY_BLOCK** first_block)
{
PVOID address;
SIZE_T read;
unsigned char* data;
int result = ERROR_SUCCESS;
SYSTEM_INFO si;
MEMORY_BASIC_INFORMATION mbi;
YR_MEMORY_BLOCK* new_block;
YR_MEMORY_BLOCK* current_block = NULL;
TOKEN_PRIVILEGES tokenPriv;
LUID luidDebug;
HANDLE hProcess = NULL;
HANDLE hToken = NULL;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken) &&
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luidDebug))
{
tokenPriv.PrivilegeCount = 1;
tokenPriv.Privileges[0].Luid = luidDebug;
tokenPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(
hToken,
FALSE,
&tokenPriv,
sizeof(tokenPriv),
NULL,
NULL);
}
hProcess = OpenProcess(
PROCESS_VM_READ | PROCESS_QUERY_INFORMATION,
FALSE,
pid);
*first_block = NULL;
if (hProcess == NULL)
{
if (hToken != NULL)
CloseHandle(hToken);
return ERROR_COULD_NOT_ATTACH_TO_PROCESS;
}
GetSystemInfo(&si);
address = si.lpMinimumApplicationAddress;
while (address < si.lpMaximumApplicationAddress &&
VirtualQueryEx(hProcess, address, &mbi, sizeof(mbi)) != 0)
{
if (mbi.State == MEM_COMMIT && ((mbi.Protect & PAGE_NOACCESS) == 0))
{
data = (unsigned char*) yr_malloc(mbi.RegionSize);
if (data == NULL)
{
result = ERROR_INSUFICIENT_MEMORY;
break;
}
if (ReadProcessMemory(
hProcess,
mbi.BaseAddress,
data,
mbi.RegionSize,
&read))
{
new_block = (YR_MEMORY_BLOCK*) yr_malloc(sizeof(YR_MEMORY_BLOCK));
if (new_block == NULL)
{
yr_free(data);
result = ERROR_INSUFICIENT_MEMORY;
break;
}
if (*first_block == NULL)
*first_block = new_block;
new_block->base = (size_t) mbi.BaseAddress;
new_block->size = mbi.RegionSize;
new_block->data = data;
new_block->next = NULL;
if (current_block != NULL)
current_block->next = new_block;
current_block = new_block;
}
else
{
//.........这里部分代码省略.........
开发者ID:plutec,项目名称:yara,代码行数:101,代码来源:proc.c
示例13: GetProcessHandleWithEnoughRights
HANDLE GetProcessHandleWithEnoughRights(DWORD PID, DWORD AccessRights)
{
HANDLE hProcess = ::OpenProcess(AccessRights, FALSE, PID);
if (hProcess == NULL)
{
HANDLE hpWriteDAC = OpenProcess(WRITE_DAC, FALSE, PID);
if (hpWriteDAC == NULL)
{
// hmm, we don't have permissions to modify the DACL...
// time to take ownership...
HANDLE htok;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &htok))
return(FALSE);
TOKEN_PRIVILEGES tpOld;
if (EnableTokenPrivilege(htok, SE_TAKE_OWNERSHIP_NAME, tpOld))
{
// SeTakeOwnershipPrivilege allows us to open objects with
// WRITE_OWNER, but that's about it, so we'll update the owner,
// and dup the handle so we can get WRITE_DAC permissions.
HANDLE hpWriteOwner = OpenProcess(WRITE_OWNER, FALSE, PID);
if (hpWriteOwner != NULL)
{
BYTE buf[512]; // this should always be big enough
DWORD cb = sizeof buf;
if (GetTokenInformation(htok, TokenUser, buf, cb, &cb))
{
DWORD err =
SetSecurityInfo(
hpWriteOwner,
SE_KERNEL_OBJECT,
OWNER_SECURITY_INFORMATION,
reinterpret_cast<TOKEN_USER*>(buf)->User.Sid,
0, 0, 0
);
if (err == ERROR_SUCCESS)
{
// now that we're the owner, we've implicitly got WRITE_DAC
// permissions, so ask the system to reevaluate our request,
// giving us a handle with WRITE_DAC permissions
if (
!DuplicateHandle(
GetCurrentProcess(),
hpWriteOwner,
GetCurrentProcess(),
&hpWriteDAC,
WRITE_DAC, FALSE, 0
)
)
hpWriteDAC = NULL;
}
}
// don't forget to close handle
::CloseHandle(hpWriteOwner);
}
// not truly necessary in this app,
// but included for completeness
RestoreTokenPrivilege(htok, tpOld);
}
// don't forget to close the token handle
::CloseHandle(htok);
}
if (hpWriteDAC)
{
// we've now got a handle that allows us WRITE_DAC permission
AdjustDacl(hpWriteDAC, AccessRights);
// now that we've granted ourselves permission to access
// the process, ask the system to reevaluate our request,
// giving us a handle with right permissions
if (
!DuplicateHandle(
GetCurrentProcess(),
hpWriteDAC,
GetCurrentProcess(),
&hProcess,
AccessRights,
FALSE,
0
)
)
hProcess = NULL;
CloseHandle(hpWriteDAC);
}
}
return(hProcess);
}
开发者ID:carbonleegood,项目名称:POEMapServer,代码行数:93,代码来源:Helpers.cpp
示例14: OsIsAdmin
BOOL OsIsAdmin(void)
{
BOOL fReturn = FALSE;
DWORD dwStatus;
DWORD dwAccessMask;
DWORD dwAccessDesired;
DWORD dwACLSize;
DWORD dwStructureSize = sizeof(PRIVILEGE_SET);
PACL pACL = NULL;
PSID psidAdmin = NULL;
HANDLE hToken = NULL;
HANDLE hImpersonationToken = NULL;
PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;
PSECURITY_DESCRIPTOR psdAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
const DWORD ACCESS_READ = 1;
const DWORD ACCESS_WRITE = 2;
__try
{
/*
AccessCheck() requires an impersonation token. We first get a
primary
token and then create a duplicate impersonation token. The
impersonation token is not actually assigned to the thread, but is
used in the call to AccessCheck. Thus, this function itself never
impersonates, but does use the identity of the thread. If the
thread
was impersonating already, this function uses that impersonation
context.
*/
if (!OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE|TOKEN_QUERY,
TRUE, &hToken))
{
if (GetLastError() != ERROR_NO_TOKEN)
__leave;
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_DUPLICATE|TOKEN_QUERY, &hToken))
__leave;
}
if (!DuplicateToken (hToken, SecurityImpersonation,
&hImpersonationToken))
__leave;
/*
Create the binary representation of the well-known SID that
represents the local administrators group. Then create the
security
descriptor and DACL with an ACE that allows only local admins
access.
After that, perform the access check. This will determine whether
the current user is a local admin.
*/
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &psidAdmin))
__leave;
psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (psdAdmin == NULL)
__leave;
if (!InitializeSecurityDescriptor(psdAdmin,
SECURITY_DESCRIPTOR_REVISION))
__leave;
// Compute size needed for the ACL.
dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) +
GetLengthSid(psidAdmin) - sizeof(DWORD);
pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
if (pACL == NULL)
__leave;
if (!InitializeAcl(pACL, dwACLSize, ACL_REVISION2))
__leave;
dwAccessMask= ACCESS_READ | ACCESS_WRITE;
if (!AddAccessAllowedAce(pACL, ACL_REVISION2, dwAccessMask,
//.........这里部分代码省略.........
开发者ID:kilitary,项目名称:zerofox,代码行数:101,代码来源:info.cpp
示例15: IsUserAdmin
/**************************************************************************
* IsUserAdmin [[email protected]]
*
* Checks whether the current user is a member of the Administrators group.
*
* PARAMS
* None
*
* RETURNS
* Success: TRUE
* Failure: FALSE
*/
BOOL WINAPI IsUserAdmin(VOID)
{
SID_IDENTIFIER_AUTHORITY Authority = {SECURITY_NT_AUTHORITY};
HANDLE hToken;
DWORD dwSize;
PTOKEN_GROUPS lpGroups;
PSID lpSid;
DWORD i;
BOOL bResult = FALSE;
TRACE("\n");
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
{
return FALSE;
}
if (!GetTokenInformation(hToken, TokenGroups, NULL, 0, &dwSize))
{
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
CloseHandle(hToken);
return FALSE;
}
}
lpGroups = MyMalloc(dwSize);
if (lpGroups == NULL)
{
CloseHandle(hToken);
return FALSE;
}
if (!GetTokenInformation(hToken, TokenGroups, lpGroups, dwSize, &dwSize))
{
MyFree(lpGroups);
CloseHandle(hToken);
return FALSE;
}
CloseHandle(hToken);
if (!AllocateAndInitializeSid(&Authority, 2, SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0,
&lpSid))
{
MyFree(lpGroups);
return FALSE;
}
for (i = 0; i < lpGroups->GroupCount; i++)
{
if (EqualSid(lpSid, lpGroups->Groups[i].Sid))
{
bResult = TRUE;
break;
}
}
FreeSid(lpSid);
MyFree(lpGroups);
return bResult;
}
开发者ID:NVIDIA,项目名称:winex_lgpl,代码行数:76,代码来源:misc.c
示例16: TakeOwnershipOfFile
/**************************************************************************
* TakeOwnershipOfFile [[email protected]]
*
* Takes the ownership of the given file.
*
* PARAMS
* lpFileName [I] Name of the file
*
* RETURNS
* Success: ERROR_SUCCESS
* Failure: other
|
客服电话
APP下载
官方微信
请发表评论