在64位Win7下,打开进程WinLogon.exe的Token时失败了,返回错误:拒绝访问。
在32位下,所有的系统都能够成功。附上出错代码:
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp; if ( !OpenProcessToken( GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
&hToken ) )
{
return FALSE;
}
if ( !LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue ) )
{
CloseHandle( hToken );
return FALSE;
} tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if ( !AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof tkp, NULL, NULL ) )
{
CloseHandle( hToken );
return FALSE;
} // GetProcessId 枚举所有进程,找到WINLOGON.exe的进程ID
if ( ( dwPid = GetProcessId( "WINLOGON.EXE" ) ) == NULL )
{
printf( "GetProcessId() to fails!\n" );
return FALSE;
} hProcess = OpenProcess( PROCESS_QUERY_INFORMATION, FALSE, dwPid );
if ( hProcess == NULL )
{
printf( "OpenProcess() = %d\n", GetLastError() );
return FALSE;
} // 在64位Win7上,这一步就出错了, 拒绝访问。
if ( !OpenProcessToken( hProcess, READ_CONTROL | WRITE_DAC, &hToken ) )
{
printf( "OpenProcessToken() = %d\n", GetLastError() );
return FALSE;
}
在32位下,所有的系统都能够成功。附上出错代码:
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp; if ( !OpenProcessToken( GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
&hToken ) )
{
return FALSE;
}
if ( !LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue ) )
{
CloseHandle( hToken );
return FALSE;
} tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if ( !AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof tkp, NULL, NULL ) )
{
CloseHandle( hToken );
return FALSE;
} // GetProcessId 枚举所有进程,找到WINLOGON.exe的进程ID
if ( ( dwPid = GetProcessId( "WINLOGON.EXE" ) ) == NULL )
{
printf( "GetProcessId() to fails!\n" );
return FALSE;
} hProcess = OpenProcess( PROCESS_QUERY_INFORMATION, FALSE, dwPid );
if ( hProcess == NULL )
{
printf( "OpenProcess() = %d\n", GetLastError() );
return FALSE;
} // 在64位Win7上,这一步就出错了, 拒绝访问。
if ( !OpenProcessToken( hProcess, READ_CONTROL | WRITE_DAC, &hToken ) )
{
printf( "OpenProcessToken() = %d\n", GetLastError() );
return FALSE;
}
OpenProcessToken( hProcess,WRITE_OWNER, &hToken )
改写所有者为当前用户,然后再OpenProcessToken( hProcess,WRITE_DAC, &hToken )
加入READ_CONTROL 及其他需要的东西,然后再open