NT or 2000,普通用户登陆,执行程序,想得到KEY_LOCALMACHINE的访问修改权限 NT or 2000,普通用户登陆,执行程序,想得到KEY_LOCALMACHINE的访问修改权限 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 //you should get Administrators Privileges first.//get Administrators Privileges code#include <windows.h>#include <lmcons.h>#include <stdio.h>#include "ntsecapi.h"extern "C"NTSYSAPIVOIDNTAPIRtlInitString( PLSA_STRING DestinationString, PCSTR SourceString );extern "C"NTSYSAPIVOIDNTAPIRtlInitUnicodeString( PLSA_UNICODE_STRING DestinationString, PCWSTR SourceString );BOOL EnablePrivilege(PCSTR name){ TOKEN_PRIVILEGES priv = {1, {0, 0, SE_PRIVILEGE_ENABLED}}; LookupPrivilegeValue(0, name, &priv.Privileges[0].Luid); HANDLE hToken; OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken); AdjustTokenPrivileges(hToken, FALSE, &priv, sizeof priv, 0, 0); BOOL rv = GetLastError() == ERROR_SUCCESS; CloseHandle(hToken); return rv;}extern "C"int wmain(int argc, wchar_t *argv[]){ if (argc < 4) return -1; EnablePrivilege(SE_TCB_NAME); LSA_STRING ProcessName; RtlInitString(&ProcessName, "Gary"); HANDLE LsaHandle; LSA_OPERATIONAL_MODE Mode; LsaRegisterLogonProcess(&ProcessName, &LsaHandle, &Mode); LSA_STRING PackageName; RtlInitString(&PackageName, MSV1_0_PACKAGE_NAME); ULONG Package; LsaLookupAuthenticationPackage(LsaHandle, &PackageName, &Package); PMSV1_0_INTERACTIVE_PROFILE Profile; ULONG ProfileLength; LUID LogonId; HANDLE Token; QUOTA_LIMITS QuotaLimits; NTSTATUS Status; TOKEN_SOURCE Source = {{'*','*','A','N','O','N','*','*'}}; AllocateLocallyUniqueId(&Source.SourceIdentifier); TOKEN_GROUPS Groups = {1, {0, 0}}; SID_IDENTIFIER_AUTHORITY nt = SECURITY_NT_AUTHORITY; AllocateAndInitializeSid(&nt, 1, SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0, &Groups.Groups->Sid); struct { MSV1_0_INTERACTIVE_LOGON Header; WCHAR Domain[DNLEN + 1]; WCHAR User[UNLEN + 1]; WCHAR Password[UNLEN + 1]; } AuthInfo = {MsV1_0InteractiveLogon}; wcscpy(AuthInfo.Domain, argv[1]); wcscpy(AuthInfo.User, argv[2]); wcscpy(AuthInfo.Password, argv[3]); RtlInitUnicodeString(&AuthInfo.Header.LogonDomainName, AuthInfo.Domain); RtlInitUnicodeString(&AuthInfo.Header.UserName, AuthInfo.User); RtlInitUnicodeString(&AuthInfo.Header.Password, AuthInfo.Password); LsaLogonUser(LsaHandle, &ProcessName, Interactive, Package, &AuthInfo, sizeof AuthInfo, &Groups, &Source, (PVOID*)&Profile, &ProfileLength, &LogonId, &Token, &QuotaLimits, &Status); LsaDeregisterLogonProcess(LsaHandle); LsaFreeReturnBuffer(Profile); PROCESS_INFORMATION pi; STARTUPINFO si = {sizeof si}; CreateProcessAsUser(Token, 0, "cmd", 0, 0, FALSE, CREATE_NEW_CONSOLE | CREATE_NEW_PROCESS_GROUP, 0, 0, &si, &pi); return 0;} look up ImpersonateLoggedOnUser(...) in MSDN VC++7.0用VS2002开发还是VS2003??? SDK 编程的问题 如何通过ID号来获得所对应的资源文件的文件名 关于进程控制问题 !!!Socket编程从没有遇到得错误:10049 关于CFileDialog的问题!!! VC数据库编程中,如何利用SQL语言求和?m_pSet->m_pDatabase->SQLExcute好像无返回值?m_strFilter? 请教一个VS2008关于OCX开发的问题 关于CWnd显示问题 请问哪里有关于图形比较方面的资料?网址? 锐信培训如何? COleDispatchDriver类型的对象能否用于多线程???
//get Administrators Privileges code
#include <windows.h>
#include <lmcons.h>
#include <stdio.h>
#include "ntsecapi.h"extern "C"
NTSYSAPI
VOID
NTAPI
RtlInitString(
PLSA_STRING DestinationString,
PCSTR SourceString
);extern "C"
NTSYSAPI
VOID
NTAPI
RtlInitUnicodeString(
PLSA_UNICODE_STRING DestinationString,
PCWSTR SourceString
);BOOL EnablePrivilege(PCSTR name)
{
TOKEN_PRIVILEGES priv = {1, {0, 0, SE_PRIVILEGE_ENABLED}};
LookupPrivilegeValue(0, name, &priv.Privileges[0].Luid); HANDLE hToken;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken); AdjustTokenPrivileges(hToken, FALSE, &priv, sizeof priv, 0, 0);
BOOL rv = GetLastError() == ERROR_SUCCESS; CloseHandle(hToken);
return rv;
}extern "C"
int wmain(int argc, wchar_t *argv[])
{
if (argc < 4) return -1; EnablePrivilege(SE_TCB_NAME); LSA_STRING ProcessName;
RtlInitString(&ProcessName, "Gary"); HANDLE LsaHandle;
LSA_OPERATIONAL_MODE Mode; LsaRegisterLogonProcess(&ProcessName, &LsaHandle, &Mode); LSA_STRING PackageName;
RtlInitString(&PackageName, MSV1_0_PACKAGE_NAME); ULONG Package; LsaLookupAuthenticationPackage(LsaHandle, &PackageName, &Package); PMSV1_0_INTERACTIVE_PROFILE Profile;
ULONG ProfileLength;
LUID LogonId;
HANDLE Token;
QUOTA_LIMITS QuotaLimits;
NTSTATUS Status; TOKEN_SOURCE Source = {{'*','*','A','N','O','N','*','*'}};
AllocateLocallyUniqueId(&Source.SourceIdentifier); TOKEN_GROUPS Groups = {1, {0, 0}};
SID_IDENTIFIER_AUTHORITY nt = SECURITY_NT_AUTHORITY;
AllocateAndInitializeSid(&nt, 1, SECURITY_LOCAL_SYSTEM_RID,
0, 0, 0, 0, 0, 0, 0, &Groups.Groups->Sid); struct {
MSV1_0_INTERACTIVE_LOGON Header;
WCHAR Domain[DNLEN + 1];
WCHAR User[UNLEN + 1];
WCHAR Password[UNLEN + 1];
} AuthInfo = {MsV1_0InteractiveLogon}; wcscpy(AuthInfo.Domain, argv[1]);
wcscpy(AuthInfo.User, argv[2]);
wcscpy(AuthInfo.Password, argv[3]); RtlInitUnicodeString(&AuthInfo.Header.LogonDomainName, AuthInfo.Domain);
RtlInitUnicodeString(&AuthInfo.Header.UserName, AuthInfo.User);
RtlInitUnicodeString(&AuthInfo.Header.Password, AuthInfo.Password); LsaLogonUser(LsaHandle, &ProcessName, Interactive,
Package, &AuthInfo, sizeof AuthInfo, &Groups, &Source,
(PVOID*)&Profile, &ProfileLength, &LogonId,
&Token, &QuotaLimits, &Status); LsaDeregisterLogonProcess(LsaHandle); LsaFreeReturnBuffer(Profile); PROCESS_INFORMATION pi;
STARTUPINFO si = {sizeof si}; CreateProcessAsUser(Token, 0, "cmd", 0, 0, FALSE,
CREATE_NEW_CONSOLE | CREATE_NEW_PROCESS_GROUP,
0, 0, &si, &pi); return 0;
}