修改程序的权限需要用到3个函数:

1. 获取进程的令牌句柄: OpenProcessToken

2. 查找特权类型的ID: LookupPrivilegeValue

3. 修改进程的特权:AdjustTokenPrivilege

下面详细介绍每个函数的参数及使用方法:

BOOL OpenProcessToken( HANDLE ProcessHandle,

                       DWORD DesiredAccess,

                       PHANDLE TokenHandle );

Parameters

ProcessHandle

A handle to the process whose access token is opened. The process must have the PROCESS_QUERY_INFORMATION access permission.

for example: GetCurrentProcess() will return the handle of current process.

DesiredAccess

Specifies an access mask that specifies the requested types of access to the access token. These requested access types are compared with the discretionary access control list (DACL) of the token to determine which accesses are granted or denied.

For a list of access rights for access tokens, see Access Rights for Access-Token Objects.

TokenHandle

A pointer to a handle that identifies the newly opened access token when the function returns.

Return Value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

BOOL LookupPrivilegeValueA( LPCSTR lpSystemName,

                            LPCSTR lpName,

                            PLUID  lpLuid);

Parameters

lpSystemName

A pointer to a null-terminated string that specifies the name of the system on which the privilege name is retrieved. If a null string is specified, the function attempts to find the privilege name on the local system.

lpName

A pointer to a null-terminated string that specifies the name of the privilege, as defined in the Winnt.h header file. For example, this parameter could specify the constant, SE_SECURITY_NAME, or its corresponding string, "SeSecurityPrivilege".

lpLuid

A pointer to a variable that receives the LUID by which the privilege is known on the system specified by the lpSystemNameparameter.

Return Value

If the function succeeds, the function returns nonzero.

If the function fails, it returns zero. To get extended error information, call GetLastError.

BOOL AdjustTokenPrivileges( HANDLE            TokenHandle,

                            BOOL              DisableAllPrivileges,

                            PTOKEN_PRIVILEGES NewState,

                            DWORD             BufferLength,

                            PTOKEN_PRIVILEGES PreviousState,

                            PDWORD            ReturnLength);

Parameters

TokenHandle

A handle to the access token that contains the privileges to be modified. The handle must have TOKEN_ADJUST_PRIVILEGES access to the token. If the PreviousState parameter is not NULL, the handle must also have TOKEN_QUERY access.

DisableAllPrivileges

Specifies whether the function disables all of the token's privileges. If this value is TRUE, the function disables all privileges and ignores the NewState parameter. If it is FALSE, the function modifies privileges based on the information pointed to by the NewStateparameter.

NewState

A pointer to a TOKEN_PRIVILEGES structure that specifies an array of privileges and their attributes. If the DisableAllPrivilegesparameter is FALSE, the AdjustTokenPrivileges function enables, disables, or removes these privileges for the token. The following table describes the action taken by the AdjustTokenPrivileges function, based on the privilege attribute.

Value Meaning

SE_PRIVILEGE_ENABLED

The function enables the privilege.

SE_PRIVILEGE_REMOVED

The privilege is removed from the list of privileges in the token. The other privileges in the list are reordered to remain contiguous.

SE_PRIVILEGE_REMOVED supersedes SE_PRIVILEGE_ENABLED.

Because the privilege has been removed from the token, attempts to reenable the privilege result in the warning ERROR_NOT_ALL_ASSIGNED as if the privilege had never existed.

Attempting to remove a privilege that does not exist in the token results in ERROR_NOT_ALL_ASSIGNED being returned.

Privilege checks for removed privileges result in STATUS_PRIVILEGE_NOT_HELD. Failed privilege check auditing occurs as normal.

The removal of the privilege is irreversible, so the name of the removed privilege is not included in the PreviousState parameter after a call to AdjustTokenPrivileges.

Windows XP with SP1:  The function cannot remove privileges. This value is not supported.

None

The function disables the privilege.

If DisableAllPrivileges is TRUE, the function ignores this parameter.

BufferLength

Specifies the size, in bytes, of the buffer pointed to by the PreviousState parameter. This parameter can be zero if the PreviousStateparameter is NULL.

PreviousState

A pointer to a buffer that the function fills with a TOKEN_PRIVILEGES structure that contains the previous state of any privileges that the function modifies. That is, if a privilege has been modified by this function, the privilege and its previous state are contained in the TOKEN_PRIVILEGES structure referenced by PreviousState. If the PrivilegeCount member of TOKEN_PRIVILEGES is zero, then no privileges have been changed by this function. This parameter can be NULL.

If you specify a buffer that is too small to receive the complete list of modified privileges, the function fails and does not adjust any privileges. In this case, the function sets the variable pointed to by the ReturnLength parameter to the number of bytes required to hold the complete list of modified privileges.

ReturnLength

A pointer to a variable that receives the required size, in bytes, of the buffer pointed to by the PreviousState parameter. This parameter can be NULL if PreviousState is NULL.

Return Value

If the function succeeds, the return value is nonzero. To determine whether the function adjusted all of the specified privileges, callGetLastError, which returns one of the following values when the function succeeds:

Return code Description
ERROR_SUCCESS
 The function adjusted all specified privileges.
ERROR_NOT_ALL_ASSIGNED
 The token does not have one or more of the privileges specified in the NewStateparameter. The function may succeed with this error value even if no privileges were adjusted. The PreviousState parameter indicates the privileges that were adjusted.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

完成实例:

#include <windows.h>

#include <iostream>

using namespace std;  

void main()

{

        BOOL retn;

        HANDLE hToken;

        retn = OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken);

        if(retn != TRUE)

        {

                    cout<<"获取令牌句柄失败!"<<endl;

                    return;

        }  

        TOKEN_PRIVILEGES tp; //新特权结构体

        LUID Luid;

        retn = LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&Luid);  

        if(retn != TRUE)

        {

                    cout<<"获取Luid失败"<<endl;

                    return;

        }

                //给TP和TP里的LUID结构体赋值

        tp.PrivilegeCount = ;

        tp.Privileges[].Attributes = SE_PRIVILEGE_ENABLED;

        tp.Privileges[].Luid = Luid;  

        AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL);

        if(GetLastError() != ERROR_SUCCESS)

        {

                    cout<<"修改特权不完全或失败!"<<endl;

        }

       else

       {

                    cout<<"修改成功!"<<endl;

       }

}

如何修改Windows程序的权限?的更多相关文章

  1. golang windows程序获取管理员权限(UAC ) via gocn

    golang windows程序获取管理员权限(UAC ) 在windows上执行有关系统设置命令的时候需要管理员权限才能操作,比如修改网卡的禁用.启用状态.双击执行是不能正确执行命令的,只有右键以管 ...

  2. 应用程序-特定 权限设置并未向在应用程序容器不可用 SID (不可用)中运行的地址 LocalHost (使用 LRPC) 中的用户...的 COM 服务器应用程序的 本地 激活 权限。此安全权限可以使用组件服务管理工具进行修改。

    很久以前发现我们的业务服务器上出现一个System的系统严重错误,查找很久都没有找到解决办法,今日再次查看服务器发现报错更频繁,于是就搜集各种资料进行查找解决办法,终于找到了一个解决办法. 错误截图介 ...

  3. 在vs2017和vs2019下发布应用之Windows程序打包-附图标修改和默认安装路径定义全教程

    title: 在vs2017和vs2019下发布应用之Windows程序打包-附图标修改和默认安装路径定义全教程 date: 2020-04-25 sidebarDepth: 2 tags: wind ...

  4. 修改windows系统文件权限

    修改windows系统文件总是提示没有权限,虽然已是administrator也不管用. 以下方法可以解决: 右键属性,安全,高级,所有者,编辑,选择当前用户并确定, 回到上一页再确定, 然后在安全页 ...

  5. C程序之修改Windows的控制台颜色(转载)

    Windows的CMD可以和Linux下的终端一样可以有五颜六色,目前我在网上找到2种方法可以修改Windows的CMD,当然都是在代码中修改的.在“CMD”->“属性”->“颜色”,这种 ...

  6. sqlserver修改sa密码(在windows登陆没有权限的情况下)

    对于windows用户没有权限执行alter login sa enable的情况下,采用如下方法可以成功修改sa密码登陆. . 用Run as a administrator打开命令提示符里输入NE ...

  7. Java 修改Windows注册表,以实现开机自启动应用程序。

    使用Java修改Windows注册表,使用最基本的就是cmd命令. 事例和运行结果如下所示: package day01; import java.io.IOException; /* 1,reg a ...

  8. Windows服务器SYSTEM权限Webshell无法添加3389账户情况突破总结

    转自:http://bbs.blackbap.org/thread-2331-1-1.html 近好多Silic的朋友在Windows下SYSTEM权限的php webshell下添加账户,但是却无法 ...

  9. 初识Windows程序

    首先,我们创建第一个Windows程序,一共分为4个步骤: 1.打开Visual Studio开发工具 2.选择"文件"→"新建"→"项目" ...

随机推荐

  1. 从Web抓取信息的几个常用方法

    1.Response 对象有一个 status_code 属性,可以检查它是否等于requests.codes.ok. 2.raise_for_status()方法是一种很好的方式,确保程序在下载失败 ...

  2. dvwa学习笔记之xss

    反射型Low 直接输入<script>alert(/xss/)</script>就可以发现弹窗Medium 检查源码 可以看到网站对输入字符进行了过滤,尝试双写绕过,构造< ...

  3. [转载] Ubuntu 12.04下安装git,SSH及出现的Permission denied解决办法

    如何安装ssh http://os.51cto.com/art/201109/291634.htm 仅需要阅读至成功开启ssh服务即可 http://www.linuxidc.com/Linux/20 ...

  4. 10.29 scrum meeting newbe软件团队工作分配

    这次会议,我们主要讨论了目前阶段的主要任务与任务分配问题. 首先,通读代码,理解程序的运行方式是必不可少的环节.所以我们要求团队的所有成员通读代码.并且对于开发人员和测试人员,要求写出我们分配的各自模 ...

  5. 第一次作业——MathExam285

    MathExam285 一.预估与实际 PSP2.1 Personal Software Process Stages 预估耗时(分钟) 实际耗时(分钟) Planning 计划 • Estimate ...

  6. window 窗口编辑

    package com.chuangkohua; import java.awt.FileDialog; import java.awt.FlowLayout; import java.awt.Fra ...

  7. StringBuffer 与 StringBuilder类的使用

    /*如果需要频繁修改字符串 的内容,建议使用字符串缓冲 类(StringBuffer). StringBuffer 其实就是一个存储字符 的容器. 笔试题目:使用Stringbuffer无 参的构造函 ...

  8. 【TCP/IP详解 卷一:协议】第六章:DHCP 和自动配置

    简介 为了使用 TCP/IP 协议族,每台主机or路由器都需要一定的配置信息: IP地址 子网掩码 广播地址 路由或转发表 DNS 协议配置方法: 手动 通过使用网络服务来获得 使用一些算法来自动确定 ...

  9. Good Time 冲刺 六

    一.今日完成任务情况 第六天 日期:2018.6.19 王怡镔:今天完善了页面,对部分不足进行改进. 于鑫宇:对界面进行完善. 胡雅馨:今天完成前端页面,并改善后端,完善项目. 黄 鹤:做完最后的打卡 ...

  10. 补发9.28“天天向上”团队Scrum站立会议

    组长:王森 组员:张金生 张政 栾骄阳 时间:2016.09.28 地点:612寝 组员 已完成 未完成 王森 搭建初步原型 完善原型 张金生 更新UI设计 生成应用界面原型 张政 初步设计框架图 完 ...