AdjustTokenPrivileges The AdjustTokenPrivileges function enables or disables privileges in the specified access token. Enabling or disabling privileges in an access token requires TOKEN_ADJUST_PRIVILEGES access. BOOL AdjustTokenPrivileges( HANDLE TokenHandle, // handle to token that contains privileges BOOL DisableAllPrivileges, // flag for disabling all privileges PTOKEN_PRIVILEGES NewState, // pointer to new privilege information DWORD BufferLength, // size, in bytes, of the PreviousState buffer PTOKEN_PRIVILEGES PreviousState, // receives original state of changed // privileges PDWORD ReturnLength // receives required size of the // PreviousState buffer );
Parameters TokenHandle Identifies the access token that contains the privileges to be modified. The handle must have TOKEN_ADJUST_PRIVILEGES access to the token. If the PreviousState parameter is not NULL, the handle must also have TOKEN_QUERY access. DisableAllPrivileges Specifies whether the function disables all of the token's privileges. If this value is TRUE, the function disables all privileges and ignores the NewState parameter. If it is FALSE, the function modifies privileges based on the information pointed to by the NewState parameter. NewState Pointer to a TOKEN_PRIVILEGES structure that specifies an array of privileges and their attributes. If the DisableAllPrivileges parameter is FALSE, AdjustTokenPrivileges enables or disables these privileges for the token. If you set the SE_PRIVILEGE_ENABLED attribute for a privilege, the function enables that privilege; otherwise, it disables the privilege. If DisableAllPrivileges is TRUE, the function ignores this parameter. BufferLength Specifies the size, in bytes, of the buffer pointed to by the PreviousState parameter. This parameter can be NULL if the PreviousState parameter is NULL. PreviousState Pointer to a buffer that the function fills with a TOKEN_PRIVILEGES structure containing the previous state of any privileges the function modifies. This parameter can be NULL. If you specify a buffer that is too small to receive the complete list of modified privileges, the function fails and does not adjust any privileges. In this case, the function sets the variable pointed to by the ReturnLength parameter to the number of bytes required to hold the complete list of modified privileges. ReturnLength Pointer to a variable that receives the required size, in bytes, of the buffer pointed to by the PreviousState parameter. This parameter can be NULL if PreviousState is NULL. Return Values If the function succeeds, the return value is nonzero. To determine whether the function adjusted all of the specified privileges, call GetLastError, which returns one of the following values when the function succeeds:Value Description ERROR_SUCCESS The function adjusted all specified privileges. ERROR_NOT_ALL_ASSIGNED The token does not have one or more of the privileges specified in the NewState parameter. The function may succeed with this error value even if no privileges were adjusted. The PreviousState parameter indicates the privileges that were adjusted. If the function fails, the return value is zero. To get extended error information, call GetLastError. Res The AdjustTokenPrivileges function cannot add new privileges to the access token. It can only enable or disable the token's existing privileges. To determine the token's privileges, call the GetTokenInformation function. Note that the NewState parameter can specify privileges that the token does not have, without causing the function to fail. In this case, the function adjusts the privileges that the token does have, ignores the other privileges, and returns success. Call the GetLastError function to determine whether the function adjusted all of the specified privileges. The PreviousState parameter indicates the privileges that were adjusted.The PreviousState parameter retrieves a TOKEN_PRIVILEGES structure containing the the original state of the adjusted privileges. To restore the original state, pass the PreviousState pointer as the NewState parameter in a subsequent call to the AdjustTokenPrivileges function
TOKEN_PRIVILEGES The TOKEN_PRIVILEGES structure contains information about a set of privileges for an access token. typedef struct _TOKEN_PRIVILEGES { // tp DWORD PrivilegeCount; LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]; } TOKEN_PRIVILEGES;
Members PrivilegeCount Specifies the number of entries in the Privileges array. Privileges Specifies an array of LUID_AND_ATTRIBUTES structures. Each structure contains the LUID and attributes of a privilege. The attributes of a privilege can be a combination of the following values: Attribute Description SE_PRIVILEGE_ENABLED_BY_DEFAULT The privilege is enabled by default. SE_PRIVILEGE_ENABLED The privilege is enabled. SE_PRIVILEGE_USED_FOR_ACCESS The privilege was used to gain access to an object or service. This flag is used to identify the relevant privileges in a set passed by a client application that may contain unnecessary privileges.
inline BOOL CToolHelp::EnableDebugPrivilege(BOOL fEnable/* =TRUE */){
BOOL fOK = FALSE;
HANDLE hToken = NULL;
if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken)){
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount =1;
LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&tp.Privileges[0].Luid);
tp.Privileges[0].Attributes = fEnable ? SE_PRIVILEGE_ENABLED : 0;
AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL);
fOK = (GetLastError()==ERROR_SUCCESS);
CloseHandle(hToken);
}
return fOK;
}
更多的内容得看MSDN了。
The AdjustTokenPrivileges function enables or disables privileges in the specified access token. Enabling or disabling privileges in an access token requires TOKEN_ADJUST_PRIVILEGES access. BOOL AdjustTokenPrivileges(
HANDLE TokenHandle, // handle to token that contains privileges
BOOL DisableAllPrivileges,
// flag for disabling all privileges
PTOKEN_PRIVILEGES NewState,
// pointer to new privilege information
DWORD BufferLength, // size, in bytes, of the PreviousState buffer
PTOKEN_PRIVILEGES PreviousState,
// receives original state of changed
// privileges
PDWORD ReturnLength // receives required size of the
// PreviousState buffer
);
Parameters
TokenHandle
Identifies the access token that contains the privileges to be modified. The handle must have TOKEN_ADJUST_PRIVILEGES access to the token. If the PreviousState parameter is not NULL, the handle must also have TOKEN_QUERY access.
DisableAllPrivileges
Specifies whether the function disables all of the token's privileges. If this value is TRUE, the function disables all privileges and ignores the NewState parameter. If it is FALSE, the function modifies privileges based on the information pointed to by the NewState parameter.
NewState
Pointer to a TOKEN_PRIVILEGES structure that specifies an array of privileges and their attributes. If the DisableAllPrivileges parameter is FALSE, AdjustTokenPrivileges enables or disables these privileges for the token. If you set the SE_PRIVILEGE_ENABLED attribute for a privilege, the function enables that privilege; otherwise, it disables the privilege.
If DisableAllPrivileges is TRUE, the function ignores this parameter. BufferLength
Specifies the size, in bytes, of the buffer pointed to by the PreviousState parameter. This parameter can be NULL if the PreviousState parameter is NULL.
PreviousState
Pointer to a buffer that the function fills with a TOKEN_PRIVILEGES structure containing the previous state of any privileges the function modifies. This parameter can be NULL.
If you specify a buffer that is too small to receive the complete list of modified privileges, the function fails and does not adjust any privileges. In this case, the function sets the variable pointed to by the ReturnLength parameter to the number of bytes required to hold the complete list of modified privileges. ReturnLength
Pointer to a variable that receives the required size, in bytes, of the buffer pointed to by the PreviousState parameter. This parameter can be NULL if PreviousState is NULL.
Return Values
If the function succeeds, the return value is nonzero. To determine whether the function adjusted all of the specified privileges, call GetLastError, which returns one of the following values when the function succeeds:Value Description
ERROR_SUCCESS The function adjusted all specified privileges.
ERROR_NOT_ALL_ASSIGNED The token does not have one or more of the privileges specified in the NewState parameter. The function may succeed with this error value even if no privileges were adjusted. The PreviousState parameter indicates the privileges that were adjusted.
If the function fails, the return value is zero. To get extended error information, call GetLastError. Res
The AdjustTokenPrivileges function cannot add new privileges to the access token. It can only enable or disable the token's existing privileges. To determine the token's privileges, call the GetTokenInformation function. Note that the NewState parameter can specify privileges that the token does not have, without causing the function to fail. In this case, the function adjusts the privileges that the token does have, ignores the other privileges, and returns success. Call the GetLastError function to determine whether the function adjusted all of the specified privileges. The PreviousState parameter indicates the privileges that were adjusted.The PreviousState parameter retrieves a TOKEN_PRIVILEGES structure containing the the original state of the adjusted privileges. To restore the original state, pass the PreviousState pointer as the NewState parameter in a subsequent call to the AdjustTokenPrivileges function
The TOKEN_PRIVILEGES structure contains information about a set of privileges for an access token. typedef struct _TOKEN_PRIVILEGES { // tp
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES;
Members
PrivilegeCount
Specifies the number of entries in the Privileges array.
Privileges
Specifies an array of LUID_AND_ATTRIBUTES structures. Each structure contains the LUID and attributes of a privilege. The attributes of a privilege can be a combination of the following values: Attribute Description
SE_PRIVILEGE_ENABLED_BY_DEFAULT
The privilege is enabled by default.
SE_PRIVILEGE_ENABLED
The privilege is enabled.
SE_PRIVILEGE_USED_FOR_ACCESS
The privilege was used to gain access to an object or service. This flag is used to identify the relevant privileges in a set passed by a client application that may contain unnecessary privileges.
DisableAllPrivileges: BOOL;
const NewState: TTokenPrivileges; BufferLength:
DWORD;
var PreviousState: TTokenPrivileges; var ReturnLength:
DWORD): BOOL; stdcall; overload;
修改指定访问标志的权限,即设置该权限能或不能。
TokenHandle:所访问的权限标记句柄;
DisableAllPrivileges:设置权限能还是不能;
NewState:新的权限信息;
BufferLength:原有权限的缓冲区大小;
PreviousState:权限的原有状态;
ReturnLength:返回的字节。
我現在不很怕MSDN了 後來就是用金山詞霸慢慢看懂的