OpenProcess函数问题
为什么我使用OpenProcessToken函数还是没法修改令牌权限呢?我用的是VS2010编译器,代码如下:
#include "stdafx.h"
#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>
using namespace std;
void ProcessID();
void TerminateProcessIDFunction(int PID);
void main(int argc,char *argv[])
{
int PID=0;
ProcessID();
cout<<"请输入需要结束的进程ID:";
cin>>PID;
TerminateProcessIDFunction(PID);
cout<<endl;
}
void ProcessID()
{
PROCESSENTRY32 ProcessSnapshotStruct;
ProcessSnapshotStruct.dwSize=sizeof(ProcessSnapshotStruct);
HANDLE ProcessSnapshot=::CreateToolhelp32Snapshot(2,0);
if(ProcessSnapshot==false)
{
cout<<"ProcessSnapshot函数调用失败!"<<endl;
}
BOOL back;
back=::Process32First(ProcessSnapshot,&ProcessSnapshotStruct);
while(back)
{
cout<<"进程ID:"<<ProcessSnapshotStruct.th32ProcessID<<endl;
wcout<<"进程ID对应的程序名称:"<<ProcessSnapshotStruct.szExeFile<<endl;
cout<<endl;
back=::Process32Next(ProcessSnapshot,&ProcessSnapshotStruct);
}
::CloseHandle(ProcessSnapshot);
}
void TerminateProcessIDFunction(int PID)
{
HANDLE ProcessToken;
TOKEN_PRIVILEGES TokenStruct;
if(false==::OpenProcessToken(::GetCurrentProcess(),1|2|4|8|10|20|40|80|100,&ProcessToken))
{
cout<<"获取令牌失败,错误代码:"<<::GetLastError()<<endl;
::ExitProcess(0);
}
::LookupPrivilegeValue(NULL,SE_TAKE_OWNERSHIP_NAME,&TokenStruct.Privileges[0].Luid);
TokenStruct.PrivilegeCount=1;
TokenStruct.Privileges[0].Attributes=1L;
if(false==::AdjustTokenPrivileges(ProcessToken,1,&TokenStruct,0,0,0))
{
cout<<"修改访问权限失败,错误代码:"<<::GetLastError()<<endl;
::ExitProcess(0);
}
DWORD Code01=0;
DWORD Code02=0;
HANDLE OP;
OP=::OpenProcess(PROCESS_ALL_ACCESS,0,PID);
if(OP==NULL)
{
wcout<<"未能获取进程权限,错误代码:"<<::GetLastError()<<endl;
::CloseHandle(OP);
::CloseHandle(ProcessToken);
::ExitProcess(0);
}
Code02=::TerminateProcess(OP,0);
if(Code02==false)
{
wcout<<"未能结束进程,错误代码:"<<::GetLastError()<<endl;
::CloseHandle(OP);
::CloseHandle(ProcessToken);
::ExitProcess(0);
}
cout<<"结束进程成功!"<<endl;
::CloseHandle(OP);
::CloseHandle(ProcessToken);
::ExitProcess(0);
}
GetlastError函数没有返回OpenProcessToken一类的函数有什么错误,只是说OpenProcess函数错误,错误代码:5
虽然这个问题得到解决了,用RtlAdjustPrivilege函数就能做到,但是我想知道RtlAdjustPrivilege函数的第一个参数取值除了0x14还有别的吗?别说什么去MSDN查,我看不懂英文,相关代码如下,百度找到的:
HMODULE hDLL=LoadLibrary(L"ntdll.dll");
typedef int (__stdcall *PRtlAdjustPrivilege)(ULONG,BOOLEAN,BOOLEAN,PBOOLEAN);
PRtlAdjustPrivilege RtlAdjustPrivilege = (PRtlAdjustPrivilege)GetProcAddress(hDLL, "RtlAdjustPrivilege");
RtlAdjustPrivilege(0x14,0,FALSE,FALSE);
[解决办法]
常量 SE_BACKUP_PRIVILEGE = 0x11h
常量 SE_RESTORE_PRIVILEGE = 0x12h
常量 SE_SHUTDOWN_PRIVILEGE = 0x13h
常量 SE_DEBUG_PRIVILEGE = 0x14h
[解决办法]
#define SE_CREATE_TOKEN_PRIVILEGE (2L)
#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)
#define SE_LOCK_MEMORY_PRIVILEGE (4L)
#define SE_INCREASE_QUOTA_PRIVILEGE (5L)
#define SE_UNSOLICITED_INPUT_PRIVILEGE (6L)
#define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)
#define SE_TCB_PRIVILEGE (7L)
#define SE_SECURITY_PRIVILEGE (8L)
#define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)
#define SE_LOAD_DRIVER_PRIVILEGE (10L)
#define SE_SYSTEM_PROFILE_PRIVILEGE (11L)
#define SE_SYSTEMTIME_PRIVILEGE (12L)
#define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)
#define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)
#define SE_CREATE_PAGEFILE_PRIVILEGE (15L)
#define SE_CREATE_PERMANENT_PRIVILEGE (16L)
#define SE_BACKUP_PRIVILEGE (17L)
#define SE_RESTORE_PRIVILEGE (18L)
#define SE_SHUTDOWN_PRIVILEGE (19L)
#define SE_DEBUG_PRIVILEGE (20L)
#define SE_AUDIT_PRIVILEGE (21L)
#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)
#define SE_CHANGE_NOTIFY_PRIVILEGE (23L)
#define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)
#define SE_UNDOCK_PRIVILEGE (25L)
#define SE_SYNC_AGENT_PRIVILEGE (26L)
#define SE_ENABLE_DELEGATION_PRIVILEGE (27L)
#define SE_MANAGE_VOLUME_PRIVILEGE (28L)
#define SE_IMPERSONATE_PRIVILEGE (29L)
#define SE_CREATE_GLOBAL_PRIVILEGE (30L)
LookupPrivilegeValue(NULL,SE_TAKE_OWNERSHIP_NAME,&TokenStruct.Privileges[0].Luid);换成LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&TokenStruct.Privileges[0].Luid);
或者TokenStruct.Privileges[0].Luid.HighPart=0,TokenStruct.Privileges[0].Luid.LowPart=SE_DEBUG_PRIVILEGE;
[解决办法]
关于RtlAdjustPrivilege这个函数,你可以参考一下这里
http://hi.baidu.com/fromnn/blog/item/316b9561c1a605d48db10d12.html
