仿PwoerTool的查看进程权限功能。
1 #include <iostream> 2 #include <Windows.h> 3 #include <TlHelp32.h> 4 5 using namespace std; 6 7 DWORD Pro_NameGetPid(char *pName, BOOL isCase); 8 9 DWORD Pro_GetPrivileges(HANDLE hPro, char ***pPowers); 10 11 int main(void) 12 { 13 HANDLE hPro = NULL; 14 char **a = NULL; 15 16 hPro = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Pro_NameGetPid("测试程序.exe", FALSE)); 17 if (!hPro) 18 { 19 printf("进程打开失败:%d ", GetLastError()); 20 return 1; 21 } 22 DWORD dwLen = Pro_GetPrivileges(hPro, &a); 23 for (DWORD i = 0; i < dwLen; i++) 24 { 25 cout << a[i] << endl; 26 } 27 CloseHandle(hPro); 28 return 0; 29 } 30 31 DWORD Pro_NameGetPid(char *pName, BOOL isCase) 32 { 33 PROCESSENTRY32 proInfo = { 0 }; 34 HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 35 BOOL bOk = FALSE; 36 DWORD dwPid = 0; 37 38 proInfo.dwSize = sizeof(proInfo); 39 if (!hSnap) 40 return 0; 41 bOk = Process32First(hSnap, &proInfo); 42 if (isCase) 43 { 44 while (bOk) 45 { 46 if (!strcmp(proInfo.szExeFile, pName)) 47 { 48 dwPid = proInfo.th32ProcessID; 49 break; 50 } 51 bOk = Process32Next(hSnap, &proInfo); 52 } 53 } 54 else { 55 while (bOk) 56 { 57 char s1[MAX_PATH] = { 0 }, s2[MAX_PATH] = { 0 }; 58 lstrcpyn(s1, proInfo.szExeFile, strlen(proInfo.szExeFile)); 59 lstrcpyn(s2, pName, strlen(pName)); 60 _strupr_s(s1, strlen(s1) + 1); 61 _strupr_s(s2, strlen(s2) + 1); 62 63 if (!strcmp(s1, s2)) 64 { 65 dwPid = proInfo.th32ProcessID; 66 break; 67 } 68 bOk = Process32Next(hSnap, &proInfo); 69 } 70 } 71 CloseHandle(hSnap); 72 return dwPid; 73 } 74 75 DWORD Pro_GetPrivileges(HANDLE hPro, char ***pPowers) 76 { 77 HANDLE hToken = NULL; 78 PTOKEN_PRIVILEGES pTp = NULL; 79 DWORD dwNeededSize = 0, dwI = 0; 80 81 if (!OpenProcessToken(hPro, TOKEN_ALL_ACCESS, &hToken)) 82 { 83 printf("进程Token提取失败:%d ", GetLastError()); 84 return -1; 85 } 86 // 试探一下需要分配多少内存 87 GetTokenInformation(hToken, TokenPrivileges, NULL, dwNeededSize, &dwNeededSize); 88 // 分配所需内存大小 89 pTp = (PTOKEN_PRIVILEGES)malloc(dwNeededSize); 90 if (!GetTokenInformation(hToken, TokenPrivileges, pTp, dwNeededSize, &dwNeededSize)) 91 { 92 free(pTp); 93 printf("获取进程权限失败!"); 94 return -2; 95 } 96 else 97 { 98 // 先计数权限 99 for (DWORD i = 0; i < pTp->PrivilegeCount; i++) 100 { 101 if (pTp->Privileges[i].Attributes == SE_PRIVILEGE_ENABLED) 102 { 103 dwI++; 104 break; 105 } 106 } 107 ///////////////////////////////////////////////////////// 108 // 枚举进程权限 109 ///////////////////////////////////////////////////////// 110 *pPowers = (char **)malloc(dwI); 111 for (DWORD i = 0; i < pTp->PrivilegeCount; i++) 112 { 113 char *pUidName = NULL; // 存权限名的指针 114 DWORD dwNameLen = 0; // 权限名字长度 115 116 // 试探uidName所需内存大小 117 LookupPrivilegeName(NULL, &pTp->Privileges[i].Luid, NULL, &dwNameLen); 118 // 分配需要的内存 119 pUidName = (char *)malloc(dwNameLen); 120 // 获取权限名 121 LookupPrivilegeName(NULL, &pTp->Privileges[i].Luid, pUidName, &dwNameLen); 122 // 如果该权限是启用状态就记录 123 if (pTp->Privileges[i].Attributes == SE_PRIVILEGE_ENABLED) 124 { 125 *(*pPowers++) = pUidName; 126 pUidName = NULL; 127 break; 128 } 129 free(pUidName); 130 } 131 } 132 free(pTp); 133 CloseHandle(hToken); 134 return dwI; 135 }
给测试程序提权到Debug后的测试效果图:
