我在练习写一个可以杀掉WINXP系统进程的程序,下面这段程序是我从MSDN中改写来的:主调用程序是SetHighPrivilege,该程序调用了子程序SetPrivilege,问题就出在这个
子程序里面(标有!!!的那一行).我用的是WINXP,当前用户属于Administrators组.恳请各位大哥指点,小弟感激不尽,先行谢过Const
TOKEN_ADJUST_PRIVILEGES=$0020;
TOKEN_QUERY=$0008;
TOKEN_ALL_ACCESS=$01FF;
SE_DEBUG_NAME='SeDebugPrivilege';
SE_PRIVILEGE_ENABLED=$00000002;
ANYSIZE_ARRAY=1;//API错误处理函数
procedure CheckTrue(AValue:Boolean);
begin
if AValue=False then
Raise Exception.Create('Error: '+InttoStr(GetLastError));
end;//更改进程的权限
function SetPrivilege(hToken:THandle; Privilege:LPCTSTR; bEnablePrivilege:BOOL):BOOL;
const
ADVAPILibrary='ADVAPI32.DLL';
type
//定义要用到的数据结构
LUID=TLargeInteger;
PLUID=^LUID;
LUID_AND_ATTRIBUTES=record
Luid:LUID;
Attributes:DWORD;
end;
TOKEN_PRIVILEGES=record
PrivilegeCount:DWORD;
Privileges: Array [0..ANYSIZE_ARRAY-1] of LUID_AND_ATTRIBUTES;
end;
PTOKEN_PRIVILEGES=^TOKEN_PRIVILEGES;
//定义要用到的两个API
TLookupPrivilegeValueApi=function(lpSystemName:LPCSTR; lpName:LPCSTR; lpLuid:PLUID):BOOL; stdcall;
TAdjustTokenPrivilegesApi=function(TokenHandle:THandle; DisableAllPrivileges:BOOL; NewState:PTOKEN_PRIVILEGES;
BufferLength:DWORD; PriviousState:PTOKEN_PRIVILEGES; ReturnLength:PWORD):BOOL; stdcall;
var
lpfLookupPrivilegeValue:TLookupPrivilegeValueApi;
lpfAdjustTokenPrivileges:TAdjustTokenPrivilegesApi;
hLibraryADVAPI:HINST;
iluid:LUID;
tp,tpPrivious:TOKEN_PRIVILEGES;
cbPrivious:DWORD;
begin
Result:=False;
try
//打开DLL定位这两个API
hLibraryADVAPI:=LoadLibrary(PChar(ADVAPILibrary));
CheckTrue(hLibraryADVAPI<>0);
try
lpfLookupPrivilegeValue:=GetProcAddress(hLibraryADVAPI,'LookupPrivilegeValueA');
lpfAdjustTokenPrivileges:=GetProcAddress(hLibraryADVAPI,'AdjustTokenPrivileges');
CheckTrue(Assigned(lpfLookupPrivilegeValue) and Assigned(lpfAdjustTokenPrivileges));
//更改权限
CheckTrue(lpfLookupPrivilegeValue(nil,Privilege,@iluid));
FillChar(tp,SizeOf(tp),0);
tp.PrivilegeCount:=1;
tp.Privileges[0].Luid:=iluid;
tp.Privileges[0].Attributes:=0;
FillChar(tpPrivious,SizeOf(tpPrivious),0);
cbPrivious:=SizeOf(TOKEN_PRIVILEGES);
lpfAdjustTokenPrivileges(hToken,False,@tp,SizeOf(TOKEN_PRIVILEGES),@tpPrivious,@cbPrivious);
//
//!!! 执行到这里GetLastError返回值1300:并非所有被引用的特权都指派给呼叫方。
//到这里就执行不下去了 :P
CheckTrue(GetLastError=ERROR_SUCCESS);
tpPrivious.PrivilegeCount:=1;
tpPrivious.Privileges[0].Luid:=iluid;
if bEnablePrivilege then
tpPrivious.Privileges[0].Attributes:=tpPrivious.Privileges[0].Attributes or SE_PRIVILEGE_ENABLED
else
tpPrivious.Privileges[0].Attributes:=tpPrivious.Privileges[0].Attributes xor
(SE_PRIVILEGE_ENABLED and tpPrivious.Privileges[0].Attributes);
lpfAdjustTokenPrivileges(hToken,False,@tpPrivious,cbPrivious,nil,nil);
CheckTrue(GetLastError=ERROR_SUCCESS);
Result:=True;
finally
FreeLibrary(hLibraryADVAPI);
end;
except
On E:Exception do
ShowMessage(E.Message);
end;
end;//主程序:
function SetHighPrivilege:Boolean;
type
TOpenProcessTokenApi=function(ProcessHandle:THandle; DesiredAccess:DWORD; TokenHandle:PHandle):BOOL; stdcall;
var
lpfOpenProcessToken:TOpenProcessTokenApi;
hLibraryADVAPI:HINST;
hToken:THandle;
begin
Result:=False;
try
hLibraryADVAPI:=LoadLibrary(PChar(ADVAPILibrary));
CheckTrue(hLibraryADVAPI<>0);
try
lpfOpenProcessToken:=GetProcAddress(hLibraryADVAPI,'OpenProcessToken');
CheckTrue(Assigned(lpfOpenProcessToken));
CheckTrue(lpfOpenProcessToken(GetCurrentProcess,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,@hToken));
try
//从这里调用SetPrivilege
CheckTrue(SetPrivilege(hToken,SE_DEBUG_NAME,True));
Result:=True;
finally
CloseHandle(hToken);
end;
finally
FreeLibrary(hLibraryADVAPI);
end;
except
On E:Exception do
ShowMessage(E.Message);
end;
end;
子程序里面(标有!!!的那一行).我用的是WINXP,当前用户属于Administrators组.恳请各位大哥指点,小弟感激不尽,先行谢过Const
TOKEN_ADJUST_PRIVILEGES=$0020;
TOKEN_QUERY=$0008;
TOKEN_ALL_ACCESS=$01FF;
SE_DEBUG_NAME='SeDebugPrivilege';
SE_PRIVILEGE_ENABLED=$00000002;
ANYSIZE_ARRAY=1;//API错误处理函数
procedure CheckTrue(AValue:Boolean);
begin
if AValue=False then
Raise Exception.Create('Error: '+InttoStr(GetLastError));
end;//更改进程的权限
function SetPrivilege(hToken:THandle; Privilege:LPCTSTR; bEnablePrivilege:BOOL):BOOL;
const
ADVAPILibrary='ADVAPI32.DLL';
type
//定义要用到的数据结构
LUID=TLargeInteger;
PLUID=^LUID;
LUID_AND_ATTRIBUTES=record
Luid:LUID;
Attributes:DWORD;
end;
TOKEN_PRIVILEGES=record
PrivilegeCount:DWORD;
Privileges: Array [0..ANYSIZE_ARRAY-1] of LUID_AND_ATTRIBUTES;
end;
PTOKEN_PRIVILEGES=^TOKEN_PRIVILEGES;
//定义要用到的两个API
TLookupPrivilegeValueApi=function(lpSystemName:LPCSTR; lpName:LPCSTR; lpLuid:PLUID):BOOL; stdcall;
TAdjustTokenPrivilegesApi=function(TokenHandle:THandle; DisableAllPrivileges:BOOL; NewState:PTOKEN_PRIVILEGES;
BufferLength:DWORD; PriviousState:PTOKEN_PRIVILEGES; ReturnLength:PWORD):BOOL; stdcall;
var
lpfLookupPrivilegeValue:TLookupPrivilegeValueApi;
lpfAdjustTokenPrivileges:TAdjustTokenPrivilegesApi;
hLibraryADVAPI:HINST;
iluid:LUID;
tp,tpPrivious:TOKEN_PRIVILEGES;
cbPrivious:DWORD;
begin
Result:=False;
try
//打开DLL定位这两个API
hLibraryADVAPI:=LoadLibrary(PChar(ADVAPILibrary));
CheckTrue(hLibraryADVAPI<>0);
try
lpfLookupPrivilegeValue:=GetProcAddress(hLibraryADVAPI,'LookupPrivilegeValueA');
lpfAdjustTokenPrivileges:=GetProcAddress(hLibraryADVAPI,'AdjustTokenPrivileges');
CheckTrue(Assigned(lpfLookupPrivilegeValue) and Assigned(lpfAdjustTokenPrivileges));
//更改权限
CheckTrue(lpfLookupPrivilegeValue(nil,Privilege,@iluid));
FillChar(tp,SizeOf(tp),0);
tp.PrivilegeCount:=1;
tp.Privileges[0].Luid:=iluid;
tp.Privileges[0].Attributes:=0;
FillChar(tpPrivious,SizeOf(tpPrivious),0);
cbPrivious:=SizeOf(TOKEN_PRIVILEGES);
lpfAdjustTokenPrivileges(hToken,False,@tp,SizeOf(TOKEN_PRIVILEGES),@tpPrivious,@cbPrivious);
//
//!!! 执行到这里GetLastError返回值1300:并非所有被引用的特权都指派给呼叫方。
//到这里就执行不下去了 :P
CheckTrue(GetLastError=ERROR_SUCCESS);
tpPrivious.PrivilegeCount:=1;
tpPrivious.Privileges[0].Luid:=iluid;
if bEnablePrivilege then
tpPrivious.Privileges[0].Attributes:=tpPrivious.Privileges[0].Attributes or SE_PRIVILEGE_ENABLED
else
tpPrivious.Privileges[0].Attributes:=tpPrivious.Privileges[0].Attributes xor
(SE_PRIVILEGE_ENABLED and tpPrivious.Privileges[0].Attributes);
lpfAdjustTokenPrivileges(hToken,False,@tpPrivious,cbPrivious,nil,nil);
CheckTrue(GetLastError=ERROR_SUCCESS);
Result:=True;
finally
FreeLibrary(hLibraryADVAPI);
end;
except
On E:Exception do
ShowMessage(E.Message);
end;
end;//主程序:
function SetHighPrivilege:Boolean;
type
TOpenProcessTokenApi=function(ProcessHandle:THandle; DesiredAccess:DWORD; TokenHandle:PHandle):BOOL; stdcall;
var
lpfOpenProcessToken:TOpenProcessTokenApi;
hLibraryADVAPI:HINST;
hToken:THandle;
begin
Result:=False;
try
hLibraryADVAPI:=LoadLibrary(PChar(ADVAPILibrary));
CheckTrue(hLibraryADVAPI<>0);
try
lpfOpenProcessToken:=GetProcAddress(hLibraryADVAPI,'OpenProcessToken');
CheckTrue(Assigned(lpfOpenProcessToken));
CheckTrue(lpfOpenProcessToken(GetCurrentProcess,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,@hToken));
try
//从这里调用SetPrivilege
CheckTrue(SetPrivilege(hToken,SE_DEBUG_NAME,True));
Result:=True;
finally
CloseHandle(hToken);
end;
finally
FreeLibrary(hLibraryADVAPI);
end;
except
On E:Exception do
ShowMessage(E.Message);
end;
end;
解决方案 »
- FastReport中Chart自定义画线
- 一个三层数据库,换了服务器运行就提示“加载类型库/DLL失败”
- windows中的csdn的用处?
- 急>>>用Delphi下用OleContiner保存的Word数据,怎样在.net下生成Word文件。。。。急
- 关于Edit控件的问题
- 用友 ERP II(U8) 生产制造的数据库怎样设定啊
- 关于WINDOWS MEDIA ENCODER SDK 在DELPHI中的使用问题?
- 讨论下插件设计
- 有请各位大虾,关于Access数据库的问题
- ====delphi5怎么连接Access2000数据库?===
- toolbar的按钮问题?
- 内存影射的问题,喜欢刨根问底的请进!
子程序里面(标有!!!的那一行).我用的是WINXP,当前用户属于Administrators组.恳请各位大哥指点,小弟感激不尽,先行谢过Const
TOKEN_ADJUST_PRIVILEGES=$0020;
TOKEN_QUERY=$0008;
TOKEN_ALL_ACCESS=$01FF;
SE_DEBUG_NAME='SeDebugPrivilege';
SE_PRIVILEGE_ENABLED=$00000002;
ANYSIZE_ARRAY=1;//API错误处理函数
procedure CheckTrue(AValue:Boolean);
begin
if AValue=False then
Raise Exception.Create('Error: '+InttoStr(GetLastError));
end;//更改进程的权限
function SetPrivilege(hToken:THandle; Privilege:LPCTSTR; bEnablePrivilege:BOOL):BOOL;
const
ADVAPILibrary='ADVAPI32.DLL';
type
//定义要用到的数据结构
LUID=TLargeInteger;
PLUID=^LUID;
LUID_AND_ATTRIBUTES=record
Luid:LUID;
Attributes:DWORD;
end;
TOKEN_PRIVILEGES=record
PrivilegeCount:DWORD;
Privileges: Array [0..ANYSIZE_ARRAY-1] of LUID_AND_ATTRIBUTES;
end;
PTOKEN_PRIVILEGES=^TOKEN_PRIVILEGES;
//定义要用到的两个API
TLookupPrivilegeValueApi=function(lpSystemName:LPCSTR; lpName:LPCSTR; lpLuid:PLUID):BOOL; stdcall;
TAdjustTokenPrivilegesApi=function(TokenHandle:THandle; DisableAllPrivileges:BOOL; NewState:PTOKEN_PRIVILEGES;
BufferLength:DWORD; PriviousState:PTOKEN_PRIVILEGES; ReturnLength:PWORD):BOOL; stdcall;
var
lpfLookupPrivilegeValue:TLookupPrivilegeValueApi;
lpfAdjustTokenPrivileges:TAdjustTokenPrivilegesApi;
hLibraryADVAPI:HINST;
iluid:LUID;
tp,tpPrivious:TOKEN_PRIVILEGES;
cbPrivious:DWORD;
begin
Result:=False;
try
//打开DLL定位这两个API
hLibraryADVAPI:=LoadLibrary(PChar(ADVAPILibrary));
CheckTrue(hLibraryADVAPI<>0);
try
lpfLookupPrivilegeValue:=GetProcAddress(hLibraryADVAPI,'LookupPrivilegeValueA');
lpfAdjustTokenPrivileges:=GetProcAddress(hLibraryADVAPI,'AdjustTokenPrivileges');
CheckTrue(Assigned(lpfLookupPrivilegeValue) and Assigned(lpfAdjustTokenPrivileges));
//更改权限
CheckTrue(lpfLookupPrivilegeValue(nil,Privilege,@iluid));
FillChar(tp,SizeOf(tp),0);
tp.PrivilegeCount:=1;
tp.Privileges[0].Luid:=iluid;
tp.Privileges[0].Attributes:=0;
FillChar(tpPrivious,SizeOf(tpPrivious),0);
cbPrivious:=SizeOf(TOKEN_PRIVILEGES);
lpfAdjustTokenPrivileges(hToken,False,@tp,SizeOf(TOKEN_PRIVILEGES),@tpPrivious,@cbPrivious);
//
//!!! 执行到这里GetLastError返回值1300:并非所有被引用的特权都指派给呼叫方。
//到这里就执行不下去了 :P
CheckTrue(GetLastError=ERROR_SUCCESS);
tpPrivious.PrivilegeCount:=1;
tpPrivious.Privileges[0].Luid:=iluid;
if bEnablePrivilege then
tpPrivious.Privileges[0].Attributes:=tpPrivious.Privileges[0].Attributes or SE_PRIVILEGE_ENABLED
else
tpPrivious.Privileges[0].Attributes:=tpPrivious.Privileges[0].Attributes xor
(SE_PRIVILEGE_ENABLED and tpPrivious.Privileges[0].Attributes);
lpfAdjustTokenPrivileges(hToken,False,@tpPrivious,cbPrivious,nil,nil);
CheckTrue(GetLastError=ERROR_SUCCESS);
Result:=True;
finally
FreeLibrary(hLibraryADVAPI);
end;
except
On E:Exception do
ShowMessage(E.Message);
end;
end;//主程序:
function SetHighPrivilege:Boolean;
type
TOpenProcessTokenApi=function(ProcessHandle:THandle; DesiredAccess:DWORD; TokenHandle:PHandle):BOOL; stdcall;
var
lpfOpenProcessToken:TOpenProcessTokenApi;
hLibraryADVAPI:HINST;
hToken:THandle;
begin
Result:=False;
try
hLibraryADVAPI:=LoadLibrary(PChar(ADVAPILibrary));
CheckTrue(hLibraryADVAPI<>0);
try
lpfOpenProcessToken:=GetProcAddress(hLibraryADVAPI,'OpenProcessToken');
CheckTrue(Assigned(lpfOpenProcessToken));
CheckTrue(lpfOpenProcessToken(GetCurrentProcess,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,@hToken));
try
//从这里调用SetPrivilege
CheckTrue(SetPrivilege(hToken,SE_DEBUG_NAME,True));
Result:=True;
finally
CloseHandle(hToken);
end;
finally
FreeLibrary(hLibraryADVAPI);
end;
except
On E:Exception do
ShowMessage(E.Message);
end;
end;
子程序里面(标有!!!的那一行).我用的是WINXP,当前用户属于Administrators组.恳请各位大哥指点,小弟感激不尽,先行谢过Const
__TOKEN_ADJUST_PRIVILEGES=$0020;
__TOKEN_QUERY=$0008;
__TOKEN_ALL_ACCESS=$01FF;
__SE_DEBUG_NAME='SeDebugPrivilege';
__SE_PRIVILEGE_ENABLED=$00000002;
__ANYSIZE_ARRAY=1;//API错误处理函数
procedure_CheckTrue(AValue:Boolean);
begin
__if_AValue=False_then
____Raise_Exception.Create('Error:_'+InttoStr(GetLastError));
end;//更改进程的权限
function_SetPrivilege(hToken:THandle;_Privilege:LPCTSTR;_bEnablePrivilege:BOOL):BOOL;
const
__ADVAPILibrary='ADVAPI32.DLL';
type_
__//定义要用到的数据结构
__LUID=TLargeInteger;
__PLUID=^LUID;
__LUID_AND_ATTRIBUTES=record
____Luid:LUID;
____Attributes:DWORD;
__end;
__TOKEN_PRIVILEGES=record
____PrivilegeCount:DWORD;
____Privileges:_Array_[0..ANYSIZE_ARRAY-1]_of_LUID_AND_ATTRIBUTES;
__end;
__PTOKEN_PRIVILEGES=^TOKEN_PRIVILEGES;
__
__//定义要用到的两个API
__TLookupPrivilegeValueApi=function(lpSystemName:LPCSTR;_lpName:LPCSTR;_lpLuid:PLUID):BOOL;_stdcall;
__TAdjustTokenPrivilegesApi=function(TokenHandle:THandle;_DisableAllPrivileges:BOOL;_NewState:PTOKEN_PRIVILEGES;
____BufferLength:DWORD;_PriviousState:PTOKEN_PRIVILEGES;_ReturnLength:PWORD):BOOL;_stdcall;
var
__lpfLookupPrivilegeValue:TLookupPrivilegeValueApi;
__lpfAdjustTokenPrivileges:TAdjustTokenPrivilegesApi;
__hLibraryADVAPI:HINST;
__iluid:LUID;
__tp,tpPrivious:TOKEN_PRIVILEGES;
__cbPrivious:DWORD;
begin
__Result:=False;
__try
____//打开DLL定位这两个API
____hLibraryADVAPI:=LoadLibrary(PChar(ADVAPILibrary));
____CheckTrue(hLibraryADVAPI<>0);
____try
______lpfLookupPrivilegeValue:=GetProcAddress(hLibraryADVAPI,'LookupPrivilegeValueA');
______lpfAdjustTokenPrivileges:=GetProcAddress(hLibraryADVAPI,'AdjustTokenPrivileges');
______CheckTrue(Assigned(lpfLookupPrivilegeValue)_and_Assigned(lpfAdjustTokenPrivileges));
______
______//更改权限
______CheckTrue(lpfLookupPrivilegeValue(nil,Privilege,@iluid));
______
______FillChar(tp,SizeOf(tp),0);
______tp.PrivilegeCount:=1;
______tp.Privileges[0].Luid:=iluid;
______tp.Privileges[0].Attributes:=0;
______FillChar(tpPrivious,SizeOf(tpPrivious),0);
______cbPrivious:=SizeOf(TOKEN_PRIVILEGES);
______lpfAdjustTokenPrivileges(hToken,False,@tp,SizeOf(TOKEN_PRIVILEGES),@tpPrivious,@cbPrivious);
______//
______//!!!_执行到这里GetLastError返回值1300:并非所有被引用的特权都指派给呼叫方。
______//到这里就执行不下去了_:P
______CheckTrue(GetLastError=ERROR_SUCCESS);
______
______tpPrivious.PrivilegeCount:=1;
______tpPrivious.Privileges[0].Luid:=iluid;
______if_bEnablePrivilege_then
________tpPrivious.Privileges[0].Attributes:=tpPrivious.Privileges[0].Attributes_or_SE_PRIVILEGE_ENABLED
______else
________tpPrivious.Privileges[0].Attributes:=tpPrivious.Privileges[0].Attributes_xor
__________(SE_PRIVILEGE_ENABLED_and_tpPrivious.Privileges[0].Attributes);
______lpfAdjustTokenPrivileges(hToken,False,@tpPrivious,cbPrivious,nil,nil);
______CheckTrue(GetLastError=ERROR_SUCCESS);
______
______Result:=True;
____finally
______FreeLibrary(hLibraryADVAPI);
____end;
__except
____On_E:Exception_do
______ShowMessage(E.Message);
__end;
end;//主程序:
function_SetHighPrivilege:Boolean;
type
__TOpenProcessTokenApi=function(ProcessHandle:THandle;_DesiredAccess:DWORD;_TokenHandle:PHandle):BOOL;_stdcall;
var
__lpfOpenProcessToken:TOpenProcessTokenApi;
__hLibraryADVAPI:HINST;
__hToken:THandle;
begin
__Result:=False;
__try
____hLibraryADVAPI:=LoadLibrary(PChar(ADVAPILibrary));
____CheckTrue(hLibraryADVAPI<>0);
____try
______lpfOpenProcessToken:=GetProcAddress(hLibraryADVAPI,'OpenProcessToken');
______CheckTrue(Assigned(lpfOpenProcessToken));
______CheckTrue(lpfOpenProcessToken(GetCurrentProcess,TOKEN_ADJUST_PRIVILEGES_or_TOKEN_QUERY,@hToken));
______try
________//从这里调用SetPrivilege
________CheckTrue(SetPrivilege(hToken,SE_DEBUG_NAME,True));
________Result:=True;
______finally
________CloseHandle(hToken);
______end;
____finally
______FreeLibrary(hLibraryADVAPI);
____end;
__except
____On_E:Exception_do
______ShowMessage(E.Message);
__end;
end;