码迷,mamicode.com
首页 > 系统相关 > 详细

查看进程权限

时间:2018-06-16 10:28:52      阅读:203      评论:0      收藏:0      [点我收藏+]

标签:ret   功能   lse   als   AC   color   sentry   snapshot   return   

仿PwoerTool的查看进程权限功能。

  1 #include <iostream>
  2 #include <Windows.h>
  3 #include <TlHelp32.h>
  4 
  5 using namespace std;
  6 
  7 /*
  8     进程名取进程ID
  9     pName:进程名
 10     isCase:是否区分大小写
 11     成功返回进程ID,失败返回0.
 12 */
 13 DWORD Pro_NameGetPid(char *pName, BOOL isCase);
 14 
 15 /*
 16     获取进程权限
 17     hPro:进程句柄
 18     pPowers:存放进程权限字符串的指针
 19     成功返回进程权限数量,失败或没有启用权限返回0.
 20 */
 21 DWORD Pro_GetPrivileges(HANDLE hPro,char ***pPowers);
 22 
 23 int main(void)
 24 {
 25     HANDLE hPro = NULL;
 26     char **a = NULL;
 27 
 28     hPro = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Pro_NameGetPid("测试程序.exe", FALSE));
 29     if (!hPro)
 30     {
 31         printf("进程打开失败:%d\n", GetLastError());
 32         return 1;
 33     }
 34     DWORD dwLen = Pro_GetPrivileges(hPro, &a);
 35     for (DWORD i = 0; i < dwLen; i++)
 36     {
 37         cout << a[i] << endl;
 38     }
 39     CloseHandle(hPro);
 40     return 0;
 41 }
 42 
 43 DWORD Pro_NameGetPid(char *pName, BOOL isCase)
 44 {
 45     PROCESSENTRY32 proInfo = { 0 };
 46     HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
 47     BOOL bOk = FALSE;
 48     DWORD dwPid = 0;
 49 
 50     proInfo.dwSize = sizeof(proInfo);
 51     if (!hSnap)
 52         return 0;
 53     bOk = Process32First(hSnap, &proInfo);
 54     if (isCase)
 55     {
 56         while (bOk)
 57         {
 58             if (!strcmp(proInfo.szExeFile, pName))
 59             {
 60                 dwPid = proInfo.th32ProcessID;
 61                 break;
 62             }
 63             bOk = Process32Next(hSnap, &proInfo);
 64         }
 65     }
 66     else {
 67         while (bOk)
 68         {
 69             char s1[MAX_PATH] = { 0 }, s2[MAX_PATH] = { 0 };
 70             lstrcpyn(s1, proInfo.szExeFile, strlen(proInfo.szExeFile));
 71             lstrcpyn(s2, pName, strlen(pName));
 72             _strupr_s(s1, strlen(s1) + 1);
 73             _strupr_s(s2, strlen(s2) + 1);
 74 
 75             if (!strcmp(s1, s2))
 76             {
 77                 dwPid = proInfo.th32ProcessID;
 78                 break;
 79             }
 80             bOk = Process32Next(hSnap, &proInfo);
 81         }
 82     }
 83     CloseHandle(hSnap);
 84     return dwPid;
 85 }
 86 
 87 DWORD Pro_GetPrivileges(HANDLE hPro, char ***pPowers)
 88 {
 89     HANDLE hToken = NULL;
 90     PTOKEN_PRIVILEGES pTp = NULL;
 91     DWORD dwNeededSize = 0, dwI = 0;
 92 
 93     if (!OpenProcessToken(hPro, TOKEN_ALL_ACCESS, &hToken))
 94     {
 95         printf("进程Token提取失败:%d\n", GetLastError());
 96         return 0;
 97     }
 98     // 试探一下需要分配多少内存
 99     GetTokenInformation(hToken, TokenPrivileges, NULL, dwNeededSize, &dwNeededSize);
100     // 分配所需内存大小
101     pTp = (PTOKEN_PRIVILEGES)malloc(dwNeededSize);
102     if (!GetTokenInformation(hToken, TokenPrivileges, pTp, dwNeededSize, &dwNeededSize))
103     {
104         free(pTp);
105         printf("获取进程权限失败!");
106         return 0;
107     }
108     else
109     {
110         for (DWORD i = 0; i < pTp->PrivilegeCount; i++)
111         {
112             char *pUidName = NULL;
113             DWORD dwNameLen = 0;
114             // 试探uidName所需内存大小
115             LookupPrivilegeName(NULL, &pTp->Privileges[i].Luid, NULL, &dwNameLen);
116             pUidName = (char *)malloc(dwNameLen);
117             LookupPrivilegeName(NULL, &pTp->Privileges[i].Luid, pUidName, &dwNameLen);
118             *pPowers = (char **)malloc(pTp->PrivilegeCount);
119             if (pTp->Privileges[i].Attributes == SE_PRIVILEGE_ENABLED)
120             {
121                 *pPowers[dwI] = pUidName;
122                 dwI++;
123                 pUidName = NULL;
124                 break;
125             }
126             free(pUidName);
127         }
128     }
129     free(pTp);
130     CloseHandle(hToken);
131     return dwI;
132 }

 

给测试程序提权到Debug后的测试效果图:

技术分享图片

 

查看进程权限

标签:ret   功能   lse   als   AC   color   sentry   snapshot   return   

原文地址:https://www.cnblogs.com/biaoge140/p/9189648.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!