XP上正常,win7上会出现问题,提权了也一样的结果 DWORD lpidprocesses[1024],cbneeded,cprocesses;
HANDLE hprocess,hExplorer = NULL;
HMODULE hmodule;
TCHAR normalname[MAX_PATH]=_T("UnknownProcess");
BOOL bMonitor = FALSE; if(!EnumProcesses(lpidprocesses,sizeof(lpidprocesses),&cbneeded))
{
OutputDebugString(_T("EnumProcesses Error\n"));
return -1;
}
cprocesses=cbneeded/sizeof(DWORD);
//
for(UINT i=0;i<cprocesses;i++)
{
hprocess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,lpidprocesses[i]);
if(hprocess)
{
if(EnumProcessModules(hprocess,&hmodule,sizeof(hmodule),&cbneeded))
{
GetModuleBaseName(hprocess,hmodule,normalname,sizeof(normalname));
……
}
}
else
{
DWORD s = GetLastError();
TCHAR szT[20] = {0};
FILE *stream;
_stprintf(szT,_T("Privilege8:%d\r\n"),s);
if( (stream = fopen( "C:\\Privilege.txt", "a" )) != NULL )
{
fwrite(szT, sizeof(TCHAR), 20, stream);
fclose( stream );
}
}
}结果一直打印如下内容:
P r i v i l e g e 8 : 8 7
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 8 7
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 8 7
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 8 7
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 8 7
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 8 7
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 8 7
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 8 7
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 8 7
HANDLE hprocess,hExplorer = NULL;
HMODULE hmodule;
TCHAR normalname[MAX_PATH]=_T("UnknownProcess");
BOOL bMonitor = FALSE; if(!EnumProcesses(lpidprocesses,sizeof(lpidprocesses),&cbneeded))
{
OutputDebugString(_T("EnumProcesses Error\n"));
return -1;
}
cprocesses=cbneeded/sizeof(DWORD);
//
for(UINT i=0;i<cprocesses;i++)
{
hprocess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,lpidprocesses[i]);
if(hprocess)
{
if(EnumProcessModules(hprocess,&hmodule,sizeof(hmodule),&cbneeded))
{
GetModuleBaseName(hprocess,hmodule,normalname,sizeof(normalname));
……
}
}
else
{
DWORD s = GetLastError();
TCHAR szT[20] = {0};
FILE *stream;
_stprintf(szT,_T("Privilege8:%d\r\n"),s);
if( (stream = fopen( "C:\\Privilege.txt", "a" )) != NULL )
{
fwrite(szT, sizeof(TCHAR), 20, stream);
fclose( stream );
}
}
}结果一直打印如下内容:
P r i v i l e g e 8 : 8 7
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 8 7
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 8 7
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 8 7
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 8 7
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 8 7
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 8 7
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 8 7
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 5
P r i v i l e g e 8 : 8 7
解决方案 »
- 升星星,散分分。。。[7]
- 怎么样把32色位图转换位灰度图像?
- 初学者问题:请看图片http://yu.40it.com/aa2.jpg...
- 请问OpenGL中什么时候使用的是齐次坐标,什么时候不是?
- 代理服务器的编写问题
- 数据库DAO编程时,可以将某个字段的值取出吗,并保存在某个变量里
- 我这里没有MSDN请给我一个关机器代码和重新启动代码好吗谢谢,包括WIN2000的权限问题的!
- 关于LINUX下 lilo.conf 文件的设置....谢谢!!!
- 图像显示
- windows下原子操作函数InterlockedExchangePointer的问题
- c++游戏外挂(CE非法)
- 自绘按钮,遭遇了文字看不见了
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
return (FALSE); pe32.dwSize = sizeof(PROCESSENTRY32); if (Process32First(hProcessSnap, &pe32))
{
do
{ CString exefile=pe32.szExeFile;
CString paraname=lpName;
if(!exefile.CompareNoCase(lpName))
{
HANDLE hProcess =
OpenProcess(PROCESS_QUERY_INFORMATION,
FALSE,pe32.th32ProcessID);
bRet = OpenProcessToken(hProcess,TOKEN_ALL_ACCESS,&hToken);
CloseHandle (hProcessSnap);
return (bRet);
}
}
while(Process32Next(hProcessSnap,&pe32));
bRet = TRUE;
} 获取进程信息什么的我是上面做的,当时的代码
服务是以SYSTEM权限在运行的
target process running account, enabling SE_DEBUG_NAME is essential. Withou
SE_DEBUG_NAME, even your service runs under Administrator or LocalSystem
account, you are not guaranteed with success. The DACL on the target
process object is free to remove allow ACE for Administrators and
LocalSystem.Since a lot of system Administrators tools need to OpenProcess to any
process object, Windows created SE_DEBUG_NAME privilege as a back door for
the Administrators. This cool privilege just bypasses the security checks
on the process object. So SE_DEBUG_NAME is essential for system
Administration tools.(Administrators group has this privilege by default)Please note that there is no such security back door for OpenProcessToken
API, so the code runs under Administrators count may even fail while
calling OpenProcessToken. I once wrote a security tool to query all the
token information for all the processes in system, I find it
OpenProcessToken will fail for some services.(These service tokens do not
grant access to Administrators). Some kernel developers argue and believe
that we should add a similiar SE_DEBUG_NAME privilege for OpenProcessToken
API.
https://groups.google.com/forum/?fromgroups=#!topic/microsoft.public.platformsdk.security/DDsvZBx_fXY
bool EnableDebugPrivilege()
{
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{
return FALSE;
}
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue))
{
CloseHandle(hToken);
return false;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL))
{
CloseHandle(hToken);
return false;
}
return true;
}
如果是这样,那xp上的的程序是怎么在win7上兼容的呢?
只要涉及到OpenProcess API 就失败……
莫非只要调用了OpenProcess 的服务的程序都不能用了?