查看进程权限

仿PwoerTool的查看进程权限功能。

  1 #include <iostream>
  2 #include <Windows.h>
  3 #include <TlHelp32.h>
  4 
  5 using namespace std;
  6 
  7 DWORD Pro_NameGetPid(char *pName, BOOL isCase);
  8 
  9 DWORD Pro_GetPrivileges(HANDLE hPro, char ***pPowers);
 10 
 11 int main(void)
 12 {
 13     HANDLE hPro = NULL;
 14     char **a = NULL;
 15 
 16     hPro = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Pro_NameGetPid("测试程序.exe", FALSE));
 17     if (!hPro)
 18     {
 19         printf("进程打开失败:%d\n", GetLastError());
 20         return 1;
 21     }
 22     DWORD dwLen = Pro_GetPrivileges(hPro, &a);
 23     for (DWORD i = 0; i < dwLen; i++)
 24     {
 25         cout << a[i] << endl;
 26     }
 27     CloseHandle(hPro);
 28     return 0;
 29 }
 30 
 31 DWORD Pro_NameGetPid(char *pName, BOOL isCase)
 32 {
 33     PROCESSENTRY32 proInfo = { 0 };
 34     HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
 35     BOOL bOk = FALSE;
 36     DWORD dwPid = 0;
 37 
 38     proInfo.dwSize = sizeof(proInfo);
 39     if (!hSnap)
 40         return 0;
 41     bOk = Process32First(hSnap, &proInfo);
 42     if (isCase)
 43     {
 44         while (bOk)
 45         {
 46             if (!strcmp(proInfo.szExeFile, pName))
 47             {
 48                 dwPid = proInfo.th32ProcessID;
 49                 break;
 50             }
 51             bOk = Process32Next(hSnap, &proInfo);
 52         }
 53     }
 54     else {
 55         while (bOk)
 56         {
 57             char s1[MAX_PATH] = { 0 }, s2[MAX_PATH] = { 0 };
 58             lstrcpyn(s1, proInfo.szExeFile, strlen(proInfo.szExeFile));
 59             lstrcpyn(s2, pName, strlen(pName));
 60             _strupr_s(s1, strlen(s1) + 1);
 61             _strupr_s(s2, strlen(s2) + 1);
 62 
 63             if (!strcmp(s1, s2))
 64             {
 65                 dwPid = proInfo.th32ProcessID;
 66                 break;
 67             }
 68             bOk = Process32Next(hSnap, &proInfo);
 69         }
 70     }
 71     CloseHandle(hSnap);
 72     return dwPid;
 73 }
 74 
 75 DWORD Pro_GetPrivileges(HANDLE hPro, char ***pPowers)
 76 {
 77     HANDLE hToken = NULL;
 78     PTOKEN_PRIVILEGES pTp = NULL;
 79     DWORD dwNeededSize = 0, dwI = 0;
 80 
 81     if (!OpenProcessToken(hPro, TOKEN_ALL_ACCESS, &hToken))
 82     {
 83         printf("进程Token提取失败:%d\n", GetLastError());
 84         return -1;
 85     }
 86     // 试探一下需要分配多少内存
 87     GetTokenInformation(hToken, TokenPrivileges, NULL, dwNeededSize, &dwNeededSize);
 88     // 分配所需内存大小
 89     pTp = (PTOKEN_PRIVILEGES)malloc(dwNeededSize);
 90     if (!GetTokenInformation(hToken, TokenPrivileges, pTp, dwNeededSize, &dwNeededSize))
 91     {
 92         free(pTp);
 93         printf("获取进程权限失败!");
 94         return -2;
 95     }
 96     else
 97     {
 98         // 先计数权限
 99         for (DWORD i = 0; i < pTp->PrivilegeCount; i++)
100         {
101             if (pTp->Privileges[i].Attributes == SE_PRIVILEGE_ENABLED)
102             {
103                 dwI++;
104                 break;
105             }
106         }
107         /////////////////////////////////////////////////////////
108         // 枚举进程权限
109         /////////////////////////////////////////////////////////
110         *pPowers = (char **)malloc(dwI);
111         for (DWORD i = 0; i < pTp->PrivilegeCount; i++)
112         {
113             char *pUidName = NULL;    // 存权限名的指针
114             DWORD dwNameLen = 0;    // 权限名字长度
115 
116             // 试探uidName所需内存大小
117             LookupPrivilegeName(NULL, &pTp->Privileges[i].Luid, NULL, &dwNameLen);
118             // 分配需要的内存
119             pUidName = (char *)malloc(dwNameLen);
120             // 获取权限名
121             LookupPrivilegeName(NULL, &pTp->Privileges[i].Luid, pUidName, &dwNameLen);
122             // 如果该权限是启用状态就记录
123             if (pTp->Privileges[i].Attributes == SE_PRIVILEGE_ENABLED)
124             {
125                 *(*pPowers++) = pUidName;
126                 pUidName = NULL;
127                 break;
128             }
129             free(pUidName);
130         }
131     }
132     free(pTp);
133     CloseHandle(hToken);
134     return dwI;
135 }

 

给测试程序提权到Debug后的测试效果图:

 

posted @ 2018-06-16 01:29  BiaoGe  阅读(1698)  评论(0编辑  收藏  举报