win32 - 检查权限

检查当前句柄是否有指定的权限。

#include <iostream>
#include <windows.h>
#include <tchar.h>
//#pragma comment(lib, "cmcfg32.lib")

HANDLE hProcess;

BOOL CheckWindowsPrivilege(const TCHAR* Privilege)
{
    /* Checks for Privilege and returns True or False. */
    LUID luid;
    PRIVILEGE_SET privs;
    HANDLE hToken;
    hProcess = GetCurrentProcess();
    if (!OpenProcessToken(hProcess, TOKEN_QUERY, &hToken)) return FALSE;
    if (!LookupPrivilegeValue(NULL, Privilege, &luid)) return FALSE;
    privs.PrivilegeCount = 1;
    privs.Control = PRIVILEGE_SET_ALL_NECESSARY;
    privs.Privilege[0].Luid = luid;
    privs.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
    BOOL bResult;
    PrivilegeCheck(hToken, &privs, &bResult);
    return bResult;
}

int main(void)
{
    if (!CheckWindowsPrivilege(SE_ASSIGNPRIMARYTOKEN_NAME))
    {
        wprintf(L"I do not have SeAssignPrimaryTokenPrivilege!\n");
        return 1;
    }

    wprintf(L"I do have SeAssignPrimaryTokenPrivilege!\n");
    return 0;
}

打印当前句柄所有的权限。

void print_privileges(HANDLE hToken)
{
    DWORD size = 0;
    if (!GetTokenInformation(hToken, TokenPrivileges, NULL, 0, &size) && GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
        PTOKEN_PRIVILEGES tp = (PTOKEN_PRIVILEGES)malloc(size);
        if (tp != NULL && GetTokenInformation(hToken, TokenPrivileges, tp, size, &size)) {
            size_t i;
            for (i = 0; i < tp->PrivilegeCount; ++i) {
                char name[64] = "?";
                DWORD name_size = sizeof name;
                LookupPrivilegeNameA(0, &tp->Privileges[i].Luid, name, &name_size);
                PRIVILEGE_SET ps = {
                    1, PRIVILEGE_SET_ALL_NECESSARY, {
                        { { tp->Privileges[i].Luid.LowPart, tp->Privileges[i].Luid.HighPart } }
                    }
                };
                BOOL fResult;
                PrivilegeCheck(hToken, &ps, &fResult);
                printf("%-*s %s\n", 32, name, fResult ? "Enabled" : "Disabled");
            }
        }
        free(tp);
    }
}

启用或禁用特定的权限。

BOOL SetPrivilege(
    HANDLE hToken,          // access token handle
    LPCTSTR lpszPrivilege,  // name of privilege to enable/disable
    BOOL bEnablePrivilege   // to enable or disable privilege
)
{
    TOKEN_PRIVILEGES tp;
    LUID luid;

    if (!LookupPrivilegeValue(
        NULL,            // lookup privilege on local system
        lpszPrivilege,   // privilege to lookup 
        &luid))        // receives LUID of privilege
    {
        printf("LookupPrivilegeValue error: %u\n", GetLastError());
        return FALSE;
    }

    tp.PrivilegeCount = 1;
    tp.Privileges[0].Luid = luid;
    if (bEnablePrivilege)
        tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    else
        tp.Privileges[0].Attributes = 0;

    // Enable the privilege or disable all privileges.

    if (!AdjustTokenPrivileges(
        hToken,
        FALSE,
        &tp,
        sizeof(TOKEN_PRIVILEGES),
        (PTOKEN_PRIVILEGES)NULL,
        (PDWORD)NULL))
    {
        printf("AdjustTokenPrivileges error: %u\n", GetLastError());
        return FALSE;
    }

    if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)

    {
        printf("The token does not have the specified privilege. \n");
        return FALSE;
    }

    return TRUE;
}

相关文档:Enabling and Disabling Privileges in C++

posted @ 2020-12-21 15:26  strive-sun  阅读(221)  评论(0编辑  收藏  举报