void CTaskMgrDlg::UpdatePrivilege()
{
OSVERSIONINFO vi;
ZeroMemory(&vi, sizeof(vi));
CString err;
vi.dwOSVersionInfoSize = sizeof(vi);
GetVersionEx(&vi);
if (vi.dwPlatformId != VER_PLATFORM_WIN32_NT)
return;
if (GetCurrentProcessId()==0)
{
return;
}
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, GetCurrentProcessId()); if (hProcess)
{
HANDLE hToken;
if (OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, &hToken))
{
LUID luid;
if (LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid))
{
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
}
else
{
err.Format(_T("----LookupPrivilegeValue:%d"),GetLastError());
MessageBox(err);
}
CloseHandle(hToken);
}
else
{
err.Format(_T("----OpenProcessToken:%d"),GetLastError());
MessageBox(err);
}
}
else
{
err.Format(_T("----OpenProcess:%d"),GetLastError());
MessageBox(err);
}
}进程提权函数。但是就是提不了权。请大家帮看一下
void CTaskMgrDlg::ProcessList()
{
HANDLE hProcessSnap;
int nIndex;
HANDLE hProcess;
PROCESSENTRY32 pe32;
CString err;
HANDLE hToken;
int isok;
DWORD cbName = 1024;
TCHAR szName[1024] = {0};
DWORD cbReferencedDomainName = 1024;
TCHAR szDomain[1024] = {0};
char buf[0x400];
DWORD dwNumBytesRet;
SID_NAME_USE peUse; PROCESS_MEMORY_COUNTERS promem;
hProcessSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (hProcessSnap==INVALID_HANDLE_VALUE)
{
MessageBox(L"hProcessSnap",L"error");
}
pe32.dwSize=sizeof(PROCESSENTRY32);
if (!Process32First(hProcessSnap,&pe32))
{
CloseHandle( hProcessSnap );
MessageBox(L"Process32First",L"error");
}
do
{
if (pe32.th32ProcessID==0)
{
continue;
}
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, 0, pe32.th32ProcessID);
UpdatePrivilege();
isok = OpenProcessToken(hProcess, 0x20008/*TOKEN_ALL_ACCESS_P*/, &hToken);
if(isok)
{
isok = GetTokenInformation(hToken, TokenUser, &buf, 0x400, &dwNumBytesRet);
if(isok)
{
isok = LookupAccountSid(NULL, (DWORD *)(*(DWORD *)buf), szName, &cbName, szDomain, &cbReferencedDomainName, &peUse);
if(isok)
{
szUser.Format(_T("%s"),szName);
this->list.SetItemText(nIndex,2,szUser);
}
else
{
err.Format(_T("LookupAccountSid:%d"),GetLastError());
MessageBox(err);
} CloseHandle(hToken);
}
else
{
err.Format(_T("GetTokenInformation:%d"),GetLastError());
MessageBox(err);
} }
else
{
err.Format(_T("OpenProcessToken:%d"),GetLastError());
MessageBox(err);
} // CloseHandle(hProcess); GetProcessMemoryInfo(hProcess, &promem, sizeof(promem));
szMem.Format(_T("%d KB"),promem.WorkingSetSize/TransitionCount);
nIndex=this->list.GetItemCount();
this->list.InsertItem(nIndex,pe32.szExeFile);
szPID.Format(_T("%d"),pe32.th32ProcessID);
this->list.SetItemText(nIndex,1,szPID);
this->list.SetItemText(nIndex,4,szMem);
} while(Process32Next(hProcessSnap,&pe32));}
我查看函数返回值。是拒绝访问。拒绝访问就是没有权限。但是提权的代码应该也没有错呀。