权限管理
以管理员权限重新打开进程
WCHAR szApplication[MAX_PATH] = { 0 };
DWORD cchLength = _countof(szApplication);
QueryFullProcessImageName(GetCurrentProcess(), 0,
szApplication, &cchLength);
SHELLEXECUTEINFO sei = { sizeof(SHELLEXECUTEINFO) };
sei.lpVerb = L"runas";
sei.lpFile = szApplication;
sei.lpParameters = NULL;
sei.nShow = SW_SHOWNORMAL;
if (ShellExecuteEx(&sei))
exit(0);
else
ShowWindow( SW_SHOWNORMAL);
根据是否具有管理员权限来给Button加令牌图标
HANDLE hToken = NULL;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
return ;
TOKEN_ELEVATION_TYPE ElevationType = TokenElevationTypeDefault;
BOOL bIsAdmin = false;
DWORD dwSize = 0;
if (GetTokenInformation(hToken, TokenElevationType, &ElevationType,
sizeof(TOKEN_ELEVATION_TYPE), &dwSize)) {
BYTE adminSID[SECURITY_MAX_SID_SIZE];
dwSize = sizeof(adminSID);
CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, &adminSID, &dwSize);
if (ElevationType == TokenElevationTypeLimited) {
HANDLE hUnfilteredToken = NULL;
GetTokenInformation(hToken, TokenLinkedToken, (PVOID)&hUnfilteredToken,
sizeof(HANDLE), &dwSize);
if (!CheckTokenMembership(hUnfilteredToken, &adminSID, &bIsAdmin))
return ;
CloseHandle(hUnfilteredToken);
}
else {
bIsAdmin = IsUserAnAdmin();
}
CloseHandle(hToken);
}
BOOL bFullToken = false;
switch (ElevationType) {
case TokenElevationTypeDefault:
if (IsUserAnAdmin()) bFullToken = true;
else bFullToken = false;
break;
case TokenElevationTypeFull:
if (IsUserAnAdmin()) bFullToken = true;
else bFullToken = false;
break;
case TokenElevationTypeLimited:
if (bIsAdmin) bFullToken = false;
else bFullToken = false;
}
if (!bFullToken)
Button_SetElevationRequiredState(m_Button.GetSafeHwnd(),
!bFullToken);
else
::ShowWindow(m_Button.GetSafeHwnd(), SW_HIDE);
遍历当前进程权限
void ShowPrviliges()
{
HANDLE hToken;
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken);
if (!hToken)
{
printf("令牌获取失败\n");
return;
}
DWORD dwSize;
GetTokenInformation(hToken,
TokenPrivileges, NULL, NULL, &dwSize);
char* pBuf = new char[dwSize]{};
GetTokenInformation(hToken,
TokenPrivileges, pBuf, dwSize, &dwSize);
TOKEN_PRIVILEGES* pTp = (TOKEN_PRIVILEGES*)pBuf;
DWORD dwCount = pTp->PrivilegeCount;
LUID_AND_ATTRIBUTES* pLaa = pTp->Privileges;
for (int i = 0; i < dwCount; i++, pLaa++)
{
char szName[100] = {};
DWORD dwLen = sizeof(szName);
LookupPrivilegeNameA(0, &pLaa->Luid, szName, &dwLen);
printf("[%s] -- 状态[%d]\n", szName, pLaa->Attributes);
}
delete pBuf;
}
示例–提升当前程序调试权限
BOOL EnableDebugPrivilege(BOOL fEnable){
BOOL fOk = FALSE; HANDLE hToken;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES,
&hToken)) {
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
tp.Privileges[0].Attributes = fEnable ? SE_PRIVILEGE_ENABLED : 0;
AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
fOk = (GetLastError() == ERROR_SUCCESS);
CloseHandle(hToken);
}
return(fOk);
}