已有administrator权限,如何用vb获取system权限?
解决方案 »
- 怎么把一个MDI窗体改成普通的窗体?
- 如何在Form1上动态添加一个图片框控件?
- 在窗体内设置一个整屏的背景图片的方法?
- 请问vb怎么把那种下拉菜单设置成只能选择不能往里面写字的,比如Combo,listcombo
- 一个关于透明画图的难题,给出我最后100分,请帮忙看看!在线等。。
- 请问VB程序能不能返回运行参数呀?如能该怎么写代码呀?
- 请各位大哥帮帮忙,我在编译完一通讯录的时候遇到了问题,哪位大哥帮忙编译完运行成功高分相送
- 代码实现控件拖动改变其大小(急)?
- 用sql方法添加纪录问题.....
- 云南小雪请各位介绍几本学VB的书的我
- 有没有哪个报表控件能够根据某列或者多列进行分组显示?
- 如何强制关闭程序
Private Type LUID
UsedPart As Long
IgnoredForNowHigh32BitPart As Long
End TypePrivate Type LUID_AND_ATTRIBUTES
TheLuid As LUID
Attributes As Long
End TypePrivate Type TOKEN_PRIVILEGES
PrivilegeCount As Long
TheLuid As LUID
Attributes As Long
End TypePrivate Declare Function GetLastError Lib "kernel32" () As Long
Private Declare Function GetCurrentProcess Lib "kernel32" () As Long
Private Declare Function OpenProcessToken Lib "advapi32" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function LookupPrivilegeValue Lib "advapi32" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LUID) As Long
Private Declare Function AdjustTokenPrivileges Lib "advapi32" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long
Private Declare Sub SetLastError Lib "kernel32" (ByVal dwErrCode As Long)
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As LongPublic Sub AdjustToken() '********************************************************************
'* This procedure sets the proper privileges to allow a log off or a
'* shut down to occur under Windows NT.
'******************************************************************** Const TOKEN_ADJUST_PRIVILEGES = &H20
Const TOKEN_QUERY = &H8
Const SE_PRIVILEGE_ENABLED = &H2 Dim hdlProcessHandle As Long
Dim hdlTokenHandle As Long
Dim tmpLuid As LUID
Dim tkp As TOKEN_PRIVILEGES
Dim tkpNewButIgnored As TOKEN_PRIVILEGES
Dim lBufferNeeded As Long 'Set the error code of the last thread to zero using the
'SetLast Error function. Do this so that the GetLastError
'function does not return a value other than zero for no
'apparent reason.
SetLastError 0 'Use the GetCurrentProcess function to set the hdlProcessHandle
'variable.
hdlProcessHandle = GetCurrentProcess() If GetLastError <> 0 Then
MsgBox "GetCurrentProcess error==" & GetLastError
End If OpenProcessToken hdlProcessHandle, _
(TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY), hdlTokenHandle If GetLastError <> 0 Then
MsgBox "OpenProcessToken error==" & GetLastError
End If 'Get the LUID for shutdown privilege
LookupPrivilegeValue "", SE_DEBUG_NAME, tmpLuid If GetLastError <> 0 Then
MsgBox "LookupPrivilegeValue error==" & GetLastError
End If tkp.PrivilegeCount = 1 ' One privilege to set
tkp.TheLuid = tmpLuid
tkp.Attributes = SE_PRIVILEGE_ENABLED 'Enable the shutdown privilege in the access token of this process
AdjustTokenPrivileges hdlTokenHandle, _
False, _
tkp, _
Len(tkpNewButIgnored), _
tkpNewButIgnored, _
lBufferNeeded
If GetLastError <> 0 Then
MsgBox "AdjustTokenPrivileges error==" & GetLastError
End If End Sub
2. HOOK掉创建进程的函数ZwCreateProcess(Ex),用winlogon ID 创建
3. 远线程插入,插入线程到系统进程,创建一新进程还可以:
4. 将程序做成服务,带参数运行新进程
而且我要进程本身就是以system 权限运行的,而不是从有system权限的进程创建的子进程.难啊!