VB6实现枚举进程所拥有的特权
2009-05-21 19:58
429 查看
原帖:http://blog.csdn.net/Modest/archive/2008/03/07/2156291.aspx
特权嘛,当然就是特殊权限了。至于什么是进程的特殊权限,请参考MSDN。
提升进程权限的方法请参考笔者的《Win32汇编实现提升进程Debug权限的两种方法》一文,可以很容易修改成提供进程其他权限的程序。本文的内容是枚举进程中所有的特殊权限,以数组的方式返回权限值。每个权限值具体代表了什么,从变量的名称可考究一二,不明白的地方还是参考MSDN。
权限值的枚举声明如下,仅供参考:
特权嘛,当然就是特殊权限了。至于什么是进程的特殊权限,请参考MSDN。
提升进程权限的方法请参考笔者的《Win32汇编实现提升进程Debug权限的两种方法》一文,可以很容易修改成提供进程其他权限的程序。本文的内容是枚举进程中所有的特殊权限,以数组的方式返回权限值。每个权限值具体代表了什么,从变量的名称可考究一二,不明白的地方还是参考MSDN。
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ' VB6实现枚举进程所拥有的特权 ' Programmed by 魏滔序 ' WebSite: http://www.chenoe.com ' Blog: http://blog.csdn.net/Modest '::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Option Explicit Private Const ANYSIZE_ARRAY As Long = 100 Private Const TokenPrivileges = 3 Private Const TOKEN_QUERY = &H8 Private Type LUID lowpart As Long highpart As Long End Type Private Type LUID_AND_ATTRIBUTES pLuid As LUID Attributes As Long End Type Private Type TOKEN_PRIVILEGES PrivilegeCount As Long Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES End Type Private Declare Function GetCurrentProcess()Function GetCurrentProcess Lib "kernel32" () As Long Private Declare Function OpenProcessToken()Function OpenProcessToken Lib "Advapi32" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long Private Declare Function GetTokenInformation()Function GetTokenInformation Lib "Advapi32" (ByVal TokenHandle As Long, TokenInformationClass As Integer, TokenInformation As Any, ByVal TokenInformationLength As Long, ReturnLength As Long) As Long Private Declare Function RtlMoveMemory()Function RtlMoveMemory Lib "kernel32" (Dest As Any, Source As Any, ByVal lSize As Long) As Long Private Declare Function CloseHandle()Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Private Function GetProcressPrivileges()Function GetProcressPrivileges(ByVal hProcess As Long) As Long() Dim hToken As Long Dim BufferSize As Long Dim InfoBuffer() As Long Dim i As Long, r() As Long, x As Long Dim lResult As Long Dim tpTokens As TOKEN_PRIVILEGES Call OpenProcessToken(hProcess, TOKEN_QUERY, hToken) If hToken Then Call GetTokenInformation(hToken, ByVal TokenPrivileges, 0, 0, BufferSize) If BufferSize Then ReDim InfoBuffer((BufferSize 4) - 1) As Long lResult = GetTokenInformation(hToken, ByVal TokenPrivileges, InfoBuffer(0), BufferSize, BufferSize) If lResult = 1 Then Call RtlMoveMemory(tpTokens, InfoBuffer(0), LenB(tpTokens)) For i = 0 To tpTokens.PrivilegeCount - 1 If tpTokens.Privileges(i).Attributes <> 0 Then ReDim Preserve r(x) r(x) = tpTokens.Privileges(i).pLuid.lowpart x = x + 1 End If Next End If End If Call CloseHandle(hToken) End If GetProcressPrivileges = r End Function '示例代码 Private Sub Form_Load()Sub Form_Load() Dim p() As Long, i As Long p = GetProcressPrivileges(GetCurrentProcess) For i = 0 To UBound(p) Debug.Print p(i) Next End Sub
权限值的枚举声明如下,仅供参考:
Private Enum SE_PRIVILEGEEnum SE_PRIVILEGE SE_MIN_WELL_KNOWN_PRIVILEGE = 2 SE_CREATE_TOKEN_PRIVILEGE = 2 SE_ASSIGNPRIMARYTOKEN_PRIVILEGE = 3 SE_LOCK_MEMORY_PRIVILEGE = 4 SE_INCREASE_QUOTA_PRIVILEGE = 5 SE_MACHINE_ACCOUNT_PRIVILEGE = 6 SE_TCB_PRIVILEGE = 7 SE_SECURITY_PRIVILEGE = 8 SE_TAKE_OWNERSHIP_PRIVILEGE = 9 SE_LOAD_DRIVER_PRIVILEGE = 10 SE_SYSTEM_PROFILE_PRIVILEGE = 11 SE_SYSTEMTIME_PRIVILEGE = 12 SE_PROF_SINGLE_PROCESS_PRIVILEGE = 13 SE_INC_BASE_PRIORITY_PRIVILEGE = 14 SE_CREATE_PAGEFILE_PRIVILEGE = 15 SE_CREATE_PERMANENT_PRIVILEGE = 16 SE_BACKUP_PRIVILEGE = 17 SE_RESTORE_PRIVILEGE = 18 SE_SHUTDOWN_PRIVILEGE = 19 SE_DEBUG_PRIVILEGE = 20 SE_AUDIT_PRIVILEGE = 21 SE_SYSTEM_ENVIRONMENT_PRIVILEGE = 22 SE_CHANGE_NOTIFY_PRIVILLEGE = 23 SE_REMOTE_SHUTDOWN_PRIVILEGE = 24 SE_UNDOCK_PRIVILEGE = 25 SE_SYNC_AGENT_PRIVILEGE = 26 SE_ENABLE_DELEGATION_PRIVILEGE = 27 SE_MANAGE_VOLUME_PRIVILEGE = 28 SE_IMPERSONATE_PRIVILEGE = 29 SE_CREATE_GLOBAL_PRIVILEGE = 30 SE_MAX_WELL_KNOWN_PRIVILEGE = SE_CREATE_GLOBAL_PRIVILEGE End Enum
相关文章推荐
- VB6实现枚举进程所拥有的特权
- VB6实现枚举进程所拥有的特权(增强版)
- VB6实现枚举进程所拥有的特权(增强版)
- VC++实现枚举进程与模块
- 操作系统实现----多进程(无特权级转移)
- 四种方法实现VC枚举系统当前进程
- VC++实现枚举进程与模块
- 四种方法实现VC枚举系统当前进程
- Win32汇编实现判断进程是否拥有某特殊权限
- 枚举进程句柄File,Section,Mutant,Timer关闭Mutex句柄实现游戏多开
- Win32汇编实现枚举进程(PSAPI.DLL)
- 枚举进程句柄File,Section,Mutant,Timer关闭Mutex句柄实现游戏多开
- 四种方法实现VC枚举系统当前进程
- VC++实现枚举进程与模块
- 线程共享的环境包括:进程代码段、进程的公有数据(利用这些共享的数据,线程很容易的实现相互之间的通讯)、进程打开的文件描述符、信号的处理器、进程的当前目录和进程用户ID与进程组ID。 进程拥有这
- 四种方法实现VC枚举系统当前进程
- 四种方法实现VC枚举系统当前进程
- 枚举进程句柄File,Section,Mutant,Timer关闭Mutex句柄实现游戏多开
- 四种方法实现VC枚举系统当前进程
- 四种方法实现VC枚举系统当前进程