win32 - 检查权限
检查当前句柄是否有指定的权限。
#include <iostream> #include <windows.h> #include <tchar.h> //#pragma comment(lib, "cmcfg32.lib") HANDLE hProcess; BOOL CheckWindowsPrivilege(const TCHAR* Privilege) { /* Checks for Privilege and returns True or False. */ LUID luid; PRIVILEGE_SET privs; HANDLE hToken; hProcess = GetCurrentProcess(); if (!OpenProcessToken(hProcess, TOKEN_QUERY, &hToken)) return FALSE; if (!LookupPrivilegeValue(NULL, Privilege, &luid)) return FALSE; privs.PrivilegeCount = 1; privs.Control = PRIVILEGE_SET_ALL_NECESSARY; privs.Privilege[0].Luid = luid; privs.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED; BOOL bResult; PrivilegeCheck(hToken, &privs, &bResult); return bResult; } int main(void) { if (!CheckWindowsPrivilege(SE_ASSIGNPRIMARYTOKEN_NAME)) { wprintf(L"I do not have SeAssignPrimaryTokenPrivilege!\n"); return 1; } wprintf(L"I do have SeAssignPrimaryTokenPrivilege!\n"); return 0; }
打印当前句柄所有的权限。
void print_privileges(HANDLE hToken) { DWORD size = 0; if (!GetTokenInformation(hToken, TokenPrivileges, NULL, 0, &size) && GetLastError() == ERROR_INSUFFICIENT_BUFFER) { PTOKEN_PRIVILEGES tp = (PTOKEN_PRIVILEGES)malloc(size); if (tp != NULL && GetTokenInformation(hToken, TokenPrivileges, tp, size, &size)) { size_t i; for (i = 0; i < tp->PrivilegeCount; ++i) { char name[64] = "?"; DWORD name_size = sizeof name; LookupPrivilegeNameA(0, &tp->Privileges[i].Luid, name, &name_size); PRIVILEGE_SET ps = { 1, PRIVILEGE_SET_ALL_NECESSARY, { { { tp->Privileges[i].Luid.LowPart, tp->Privileges[i].Luid.HighPart } } } }; BOOL fResult; PrivilegeCheck(hToken, &ps, &fResult); printf("%-*s %s\n", 32, name, fResult ? "Enabled" : "Disabled"); } } free(tp); } }
启用或禁用特定的权限。
BOOL SetPrivilege( HANDLE hToken, // access token handle LPCTSTR lpszPrivilege, // name of privilege to enable/disable BOOL bEnablePrivilege // to enable or disable privilege ) { TOKEN_PRIVILEGES tp; LUID luid; if (!LookupPrivilegeValue( NULL, // lookup privilege on local system lpszPrivilege, // privilege to lookup &luid)) // receives LUID of privilege { printf("LookupPrivilegeValue error: %u\n", GetLastError()); return FALSE; } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; if (bEnablePrivilege) tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; else tp.Privileges[0].Attributes = 0; // Enable the privilege or disable all privileges. if (!AdjustTokenPrivileges( hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, (PDWORD)NULL)) { printf("AdjustTokenPrivileges error: %u\n", GetLastError()); return FALSE; } if (GetLastError() == ERROR_NOT_ALL_ASSIGNED) { printf("The token does not have the specified privilege. \n"); return FALSE; } return TRUE; }