Windows下特权获取
Windows下部分操作需要特权才能执行,如下代码示例通过修改token获取SE_DEBUG_NAME特权,其他特权与此类似,只需要将SE_DEBUG_NAME换成其他特权即可,如下代码类似于MSDN的示例:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa446619(v=vs.85).aspx
windows特权有三十多项,部分特权在普通用户权限下即可成功修改,但是大部分都需要在管理员权限下才能修改成功,关于各种特权用途参考MSDN:
https://msdn.microsoft.com/en-us/library/windows/desktop/bb530716(v=vs.85).aspx
//请求获取特权
BOOL SetPrivilege(LPCTSTR lpszPrivilege, BOOL bEnable = TRUE)
{
OutputDebugString(lpszPrivilege);
BOOL bRet = FALSE;
HANDLE hToken = NULL;
HANDLE hProcess = ::OpenProcess(PROCESS_ALL_ACCESS, FALSE, ::GetCurrentProcessId());
if (!::OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES, &hToken))
{
goto __EXIT;
}
LUID Luid;
if (!::LookupPrivilegeValue(NULL, lpszPrivilege, &Luid))
{
goto __EXIT;
}
TOKEN_PRIVILEGES newPrivilege;
newPrivilege.PrivilegeCount = 1;
newPrivilege.Privileges[0].Luid = Luid;
newPrivilege.Privileges[0].Attributes = //设置特权属性
bEnable ?
SE_PRIVILEGE_ENABLED :
SE_PRIVILEGE_ENABLED_BY_DEFAULT;
if (!::AdjustTokenPrivileges(hToken, FALSE, &newPrivilege,
sizeof(TOKEN_PRIVILEGES), NULL, NULL))
{
TCHAR s[64] = { 0 };
sprintf(s, "AdjustTokenPrivileges error: %u\n", GetLastError());
OutputDebugString(s);
goto __EXIT;
}
if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)//查看是否真的设置成功了
{
OutputDebugString("The token does not have the specified privilege. \n");
goto __EXIT;
}
bRet = TRUE;
OutputDebugString("Set OK");
__EXIT:
if (hProcess)
{
::CloseHandle(hProcess);
}
if (hToken)
{
::CloseHandle(hToken);
}
return bRet;
}
//设置所有的特权,用户权限下大部分都是获取不到的
VOID ElevationPrivilege()
{
SetPrivilege(SE_CREATE_TOKEN_NAME);
SetPrivilege(SE_ASSIGNPRIMARYTOKEN_NAME);
SetPrivilege(SE_LOCK_MEMORY_NAME);
SetPrivilege(SE_INCREASE_QUOTA_NAME);
SetPrivilege(SE_UNSOLICITED_INPUT_NAME);
SetPrivilege(SE_MACHINE_ACCOUNT_NAME);
SetPrivilege(SE_TCB_NAME);
SetPrivilege(SE_SECURITY_NAME);
SetPrivilege(SE_TAKE_OWNERSHIP_NAME);
SetPrivilege(SE_LOAD_DRIVER_NAME);
SetPrivilege(SE_SYSTEM_PROFILE_NAME);
SetPrivilege(SE_SYSTEMTIME_NAME);
SetPrivilege(SE_PROF_SINGLE_PROCESS_NAME);
SetPrivilege(SE_INC_BASE_PRIORITY_NAME);
SetPrivilege(SE_CREATE_PAGEFILE_NAME);
SetPrivilege(SE_CREATE_PERMANENT_NAME);
SetPrivilege(SE_BACKUP_NAME);
SetPrivilege(SE_RESTORE_NAME);
SetPrivilege(SE_SHUTDOWN_NAME);
SetPrivilege(SE_DEBUG_NAME);
SetPrivilege(SE_AUDIT_NAME);
SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME);
SetPrivilege(SE_CHANGE_NOTIFY_NAME);
SetPrivilege(SE_REMOTE_SHUTDOWN_NAME);
SetPrivilege(SE_UNDOCK_NAME);
SetPrivilege(SE_SYNC_AGENT_NAME);
SetPrivilege(SE_ENABLE_DELEGATION_NAME);
SetPrivilege(SE_MANAGE_VOLUME_NAME);
SetPrivilege(SE_IMPERSONATE_NAME);
SetPrivilege(SE_CREATE_GLOBAL_NAME);
SetPrivilege(SE_TRUSTED_CREDMAN_ACCESS_NAME);
SetPrivilege(SE_RELABEL_NAME);
SetPrivilege(SE_INC_WORKING_SET_NAME);
SetPrivilege(SE_TIME_ZONE_NAME);
SetPrivilege(SE_CREATE_SYMBOLIC_LINK_NAME);
}