调试易

我在练习写一个可以杀掉WINXP系统进程的程序,下面这段程序是我从MSDN中改写来的:主调用程序是SetHighPrivilege,该程序调用了子程序SetPrivilege,问题就出在这个
子程序里面(标有!!!的那一行).我用的是WINXP,当前用户属于Administrators组.恳请各位大哥指点,小弟感激不尽,先行谢过Const
  TOKEN_ADJUST_PRIVILEGES=$0020;
  TOKEN_QUERY=$0008;
  TOKEN_ALL_ACCESS=$01FF;
  SE_DEBUG_NAME='SeDebugPrivilege';
  SE_PRIVILEGE_ENABLED=$00000002;
  ANYSIZE_ARRAY=1;//API错误处理函数
procedure CheckTrue(AValue:Boolean);
begin
  if AValue=False then
    Raise Exception.Create('Error: '+InttoStr(GetLastError));
end;//更改进程的权限
function SetPrivilege(hToken:THandle; Privilege:LPCTSTR; bEnablePrivilege:BOOL):BOOL;
const
  ADVAPILibrary='ADVAPI32.DLL';
type 
  //定义要用到的数据结构
  LUID=TLargeInteger;
  PLUID=^LUID;
  LUID_AND_ATTRIBUTES=record
    Luid:LUID;
    Attributes:DWORD;
  end;
  TOKEN_PRIVILEGES=record
    PrivilegeCount:DWORD;
    Privileges: Array [0..ANYSIZE_ARRAY-1] of LUID_AND_ATTRIBUTES;
  end;
  PTOKEN_PRIVILEGES=^TOKEN_PRIVILEGES;
  
  //定义要用到的两个API
  TLookupPrivilegeValueApi=function(lpSystemName:LPCSTR; lpName:LPCSTR; lpLuid:PLUID):BOOL; stdcall;
  TAdjustTokenPrivilegesApi=function(TokenHandle:THandle; DisableAllPrivileges:BOOL; NewState:PTOKEN_PRIVILEGES;
    BufferLength:DWORD; PriviousState:PTOKEN_PRIVILEGES; ReturnLength:PWORD):BOOL; stdcall;
var
  lpfLookupPrivilegeValue:TLookupPrivilegeValueApi;
  lpfAdjustTokenPrivileges:TAdjustTokenPrivilegesApi;
  hLibraryADVAPI:HINST;
  iluid:LUID;
  tp,tpPrivious:TOKEN_PRIVILEGES;
  cbPrivious:DWORD;
begin
  Result:=False;
  try
    //打开DLL定位这两个API
    hLibraryADVAPI:=LoadLibrary(PChar(ADVAPILibrary));
    CheckTrue(hLibraryADVAPI<>0);
    try
      lpfLookupPrivilegeValue:=GetProcAddress(hLibraryADVAPI,'LookupPrivilegeValueA');
      lpfAdjustTokenPrivileges:=GetProcAddress(hLibraryADVAPI,'AdjustTokenPrivileges');
      CheckTrue(Assigned(lpfLookupPrivilegeValue) and Assigned(lpfAdjustTokenPrivileges));
      
      //更改权限
      CheckTrue(lpfLookupPrivilegeValue(nil,Privilege,@iluid));
      
      FillChar(tp,SizeOf(tp),0);
      tp.PrivilegeCount:=1;
      tp.Privileges[0].Luid:=iluid;
      tp.Privileges[0].Attributes:=0;
      FillChar(tpPrivious,SizeOf(tpPrivious),0);
      cbPrivious:=SizeOf(TOKEN_PRIVILEGES);
      lpfAdjustTokenPrivileges(hToken,False,@tp,SizeOf(TOKEN_PRIVILEGES),@tpPrivious,@cbPrivious);
      //
      //!!! 执行到这里GetLastError返回值1300:并非所有被引用的特权都指派给呼叫方。
      //到这里就执行不下去了 :P
      CheckTrue(GetLastError=ERROR_SUCCESS);
      
      tpPrivious.PrivilegeCount:=1;
      tpPrivious.Privileges[0].Luid:=iluid;
      if bEnablePrivilege then
        tpPrivious.Privileges[0].Attributes:=tpPrivious.Privileges[0].Attributes or SE_PRIVILEGE_ENABLED
      else
        tpPrivious.Privileges[0].Attributes:=tpPrivious.Privileges[0].Attributes xor
          (SE_PRIVILEGE_ENABLED and tpPrivious.Privileges[0].Attributes);
      lpfAdjustTokenPrivileges(hToken,False,@tpPrivious,cbPrivious,nil,nil);
      CheckTrue(GetLastError=ERROR_SUCCESS);
      
      Result:=True;
    finally
      FreeLibrary(hLibraryADVAPI);
    end;
  except
    On E:Exception do
      ShowMessage(E.Message);
  end;
end;//主程序:
function SetHighPrivilege:Boolean;
type
  TOpenProcessTokenApi=function(ProcessHandle:THandle; DesiredAccess:DWORD; TokenHandle:PHandle):BOOL; stdcall;
var
  lpfOpenProcessToken:TOpenProcessTokenApi;
  hLibraryADVAPI:HINST;
  hToken:THandle;
begin
  Result:=False;
  try
    hLibraryADVAPI:=LoadLibrary(PChar(ADVAPILibrary));
    CheckTrue(hLibraryADVAPI<>0);
    try
      lpfOpenProcessToken:=GetProcAddress(hLibraryADVAPI,'OpenProcessToken');
      CheckTrue(Assigned(lpfOpenProcessToken));
      CheckTrue(lpfOpenProcessToken(GetCurrentProcess,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,@hToken));
      try
        //从这里调用SetPrivilege
        CheckTrue(SetPrivilege(hToken,SE_DEBUG_NAME,True));
        Result:=True;
      finally
        CloseHandle(hToken);
      end;
    finally
      FreeLibrary(hLibraryADVAPI);
    end;
  except
    On E:Exception do
      ShowMessage(E.Message);
  end;
end;