要编一程序,要在有USER用户权限下,可以运行管理员仅限下的程序
W2K本身提供了RunAs功能,但是需要手动输入密码,所以想重编一程序,
直接调用需要管理员权限的程序,在CSDN上看到用advapi32.lib库中的
CreateProcessWithLogonW可以达到要求,但我程序写好的编译不能LINK
请各位大侠帮忙。环境,w2k p,vc60
已在 设置-》对象/模块中加入了 advapi32.lib
程序出错如下
runas2.cpp
Linking...
runas2.obj : error LNK2001: unresolved external symbol "int __cdecl CreateProcessWithLogonW(unsigned short const *,unsigned short const *,unsigned short const *,unsigned long,unsigned short const *,unsigned short *,unsigned long,void *,unsigned shor
t const *,struct _STARTUPINFOW *,struct _PROCESS_INFORMATION *)" (?CreateProcessWithLogonW@@YAHPBG00K0PAGKPAX0PAU_STARTUPINFOW@@PAU_PROCESS_INFORMATION@@@Z)
Debug/runas2.exe : fatal error LNK1120: 1 unresolved externals
Error executing link.exe.
W2K本身提供了RunAs功能,但是需要手动输入密码,所以想重编一程序,
直接调用需要管理员权限的程序,在CSDN上看到用advapi32.lib库中的
CreateProcessWithLogonW可以达到要求,但我程序写好的编译不能LINK
请各位大侠帮忙。环境,w2k p,vc60
已在 设置-》对象/模块中加入了 advapi32.lib
程序出错如下
runas2.cpp
Linking...
runas2.obj : error LNK2001: unresolved external symbol "int __cdecl CreateProcessWithLogonW(unsigned short const *,unsigned short const *,unsigned short const *,unsigned long,unsigned short const *,unsigned short *,unsigned long,void *,unsigned shor
t const *,struct _STARTUPINFOW *,struct _PROCESS_INFORMATION *)" (?CreateProcessWithLogonW@@YAHPBG00K0PAGKPAX0PAU_STARTUPINFOW@@PAU_PROCESS_INFORMATION@@@Z)
Debug/runas2.exe : fatal error LNK1120: 1 unresolved externals
Error executing link.exe.
#include "stdafx.h"
#include <winbase.h>
#include <winuser.h>
#include <windows.h>BOOL CreateProcessWithLogonW(
LPCWSTR lpUsername,
LPCWSTR lpDomain,
LPCWSTR lpPassword,
DWORD dwLogonFlags,
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInfo
);int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow = SW_SHOW)
{ // TODO: Place code here. LPCWSTR lpUsername = L"Administrator"; // user's name
LPCWSTR lpDomain = L"HUA04"; // user's domain
LPCWSTR lpPassword = L"780308"; // user's password
DWORD dwLogonFlags = NULL;//LOGON_WITH_PROFILE; // logon option
LPCWSTR lpApplicationName = L"C:\\Winnt\\NotePad.exe";
LPWSTR lpCommandLine = L"NotePad.exe";// command-line string
DWORD dwCreationFlags = CREATE_NEW_CONSOLE; // creation flags
LPVOID lpEnvironment = NULL; // new environment block
LPCWSTR lpCurrentDirectory = NULL; // current directory name
STARTUPINFO StartupInfo = {0}; // startup information
PROCESS_INFORMATION ProcessInfo = {0}; // process information
ZeroMemory(&StartupInfo, sizeof(STARTUPINFO));
StartupInfo.cb = sizeof(STARTUPINFO);
ZeroMemory(&ProcessInfo, sizeof(PROCESS_INFORMATION)); BOOL ret;
ret = CreateProcessWithLogonW(
lpUsername,
lpDomain,
lpPassword,
dwLogonFlags,
lpApplicationName,
lpCommandLine,
dwCreationFlags,
lpEnvironment,
lpCurrentDirectory,
&StartupInfo,
&ProcessInfo
); if (! ret )
ExitProcess (GetLastError()) ; return 0;
}
#define UNICODE
#define _WIN32_WINNT 0X0500#if !defined(AFX_STDAFX_H__A9DB83DB_A9FD_11D0_BFD1_444553540000__INCLUDED_)
#define AFX_STDAFX_H__A9DB83DB_A9FD_11D0_BFD1_444553540000__INCLUDED_#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers#include <windows.h>// TODO: reference additional headers your program requires here//{{AFX_INSERT_LOCATION}}
// Microsoft Visual C++ will insert additional declarations immediately before the previous line.#endif // !defined(AFX_STDAFX_H__A9DB83DB_A9FD_11D0_BFD1_444553540000__INCLUDED_)
#pragma comment(lib,"Advapi32.lib");
int APIENTRY WinMain(HINSTANCE hInstance,
#define WINVER 0x0500
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/createprocesswithlogonw.asp
在W2K中提升权限的几个攻击实例之成败心得
http://bbs.itboot.net/redirect.php?fid=76&tid=2260&goto=nextnewset
CSDN
怪哉!RunAs可以,CreateProcessAsUser却不可以?
http://community.csdn.net/Expert/topic/4161/4161861.xml?temp=.4241907
请各位大侠,不吝赐教,谢谢!
MSDN
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/createprocesswithlogonw.aspCSDN
怪哉!RunAs可以,CreateProcessAsUser却不可以?
http://community.csdn.net/Expert/topic/4161/4161861.xml?temp=.4241907坛主[转载]在W2K中提升权限的几个攻击实例之成败心得
http://bbs.itboot.net/redirect.php?fid=76&tid=2260&goto=nextnewset