windowsXP获取权限

最新推荐文章于 2024-03-11 20:53:52 发布

转载最新推荐文章于 2024-03-11 20:53:52 发布 · 298 阅读

标签

#descriptor #access #security #token #initialization

C++相关专栏收录该内容

19 篇文章

订阅专栏

本文介绍了一个简单的程序，用于检测Windows XP系统是否以管理员权限运行。通过使用特定的API调用和安全描述符设置，该程序能够判断当前进程是否有管理员级别的访问权限。

WindowsXp也可以向Win7一样获取管理员权限滴！以下代码经过测试，可以在xp下正常检测。

当以管理员用户运行此程序时（包括右键选择以管理员权限运行），IsAdmin返回为TRUE。

BOOL IsAdmin();

int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
{
int nRetCode = 0;

// initialize MFC and print and error on failure
if (!AfxWinInit(::GetModuleHandle(NULL), NULL, ::GetCommandLine(), 0))
{
// TODO: change error code to suit your needs
_tprintf(_T("Fatal Error: MFC initialization failed\n"));
nRetCode = 1;
}
else
{
// TODO: code your application's behavior here.
if (IsAdmin())
{
_tprintf(_T("Yes, is Admin \n"));
AfxMessageBox(_T("Yes, is Admin!"));
return nRetCode;
}
_tprintf(_T("No, is not Admin \n"));
AfxMessageBox(_T("No, is not Admin!"));
}

return nRetCode;
}

#define ACCESS_READ 1
#define ACCESS_WRITE 2

BOOL IsAdmin()
{
HANDLE hToken;
DWORD dwStatus;
DWORD dwAccessMask;
DWORD dwAccessDesired;
DWORD dwACLSize;
DWORD dwStructureSize = sizeof(PRIVILEGE_SET);
PACL pACL = NULL;
PSID psidAdmin = NULL;
BOOL bReturn = FALSE;
PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;
PSECURITY_DESCRIPTOR psdAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;

if(!ImpersonateSelf(SecurityImpersonation))
goto LeaveIsAdmin;

if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken))
{
if (GetLastError() != ERROR_NO_TOKEN)
goto LeaveIsAdmin;

if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
goto LeaveIsAdmin;

if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
goto LeaveIsAdmin;
}

if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &psidAdmin))
goto LeaveIsAdmin;

psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (psdAdmin == NULL)
goto LeaveIsAdmin;

if (!InitializeSecurityDescriptor(psdAdmin,
SECURITY_DESCRIPTOR_REVISION))
goto LeaveIsAdmin;

dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) +
GetLengthSid(psidAdmin) - sizeof(DWORD);

pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
if (pACL == NULL)
goto LeaveIsAdmin;

if (!InitializeAcl(pACL, dwACLSize, ACL_REVISION2))
goto LeaveIsAdmin;

dwAccessMask= ACCESS_READ | ACCESS_WRITE;

if (!AddAccessAllowedAce(pACL, ACL_REVISION2, dwAccessMask, psidAdmin))
goto LeaveIsAdmin;

if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE))
goto LeaveIsAdmin;

if(!SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE))
goto LeaveIsAdmin;
if(!SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE))
goto LeaveIsAdmin;

if (!IsValidSecurityDescriptor(psdAdmin))
goto LeaveIsAdmin;

dwAccessDesired = ACCESS_READ;
GenericMapping.GenericRead = ACCESS_READ;
GenericMapping.GenericWrite = ACCESS_WRITE;
GenericMapping.GenericExecute = 0;
GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE;

if (!AccessCheck(psdAdmin, hToken, dwAccessDesired,
&GenericMapping, &ps, &dwStructureSize, &dwStatus, &bReturn))
goto LeaveIsAdmin;

if(!RevertToSelf())
bReturn = FALSE;

LeaveIsAdmin:

if (pACL) LocalFree(pACL);
if (psdAdmin) LocalFree(psdAdmin);
if (psidAdmin) FreeSid(psidAdmin);

return bReturn;
}