zoukankan      html  css  js  c++  java
  • Windows访问令牌相关使用方法

    一.OpenProcessToken

    打开进程访问令牌

    WINADVAPI
    BOOL
    WINAPI
    OpenProcessToken (
        __in        HANDLE ProcessHandle,
        __in        DWORD DesiredAccess,
        __deref_out PHANDLE TokenHandle
        );
    

    二.GetTokenInformation

    获取令牌特定权限信息

    WINADVAPI
    BOOL
    WINAPI
    GetTokenInformation (
        __in      HANDLE TokenHandle,
        __in      TOKEN_INFORMATION_CLASS TokenInformationClass,
        __out_bcount_part_opt(TokenInformationLength, *ReturnLength) LPVOID TokenInformation,
        __in      DWORD TokenInformationLength,
        __out     PDWORD ReturnLength
        );
    

    Demo示例

    BOOL GetElevationType(HANDLE hProcess, TOKEN_ELEVATION_TYPE* pElevationType)
    {
        HANDLE hToken = NULL;
        // Get current process token  
        if (!OpenProcessToken(hProcess, TOKEN_QUERY, &hToken))
            return FALSE;
    
        BOOL bResult = FALSE;
        DWORD dwSize = 0;
        // Retrieve elevation type information 
        BOOL bFlag = GetTokenInformation(hToken, TokenElevationType, pElevationType, sizeof(TOKEN_ELEVATION_TYPE), &dwSize);
        CloseHandle(hToken);
        return bFlag;
    }
    

    参考:http://johnny161.blog.163.com/blog/static/9028195201181341417421/

    三.IsUserAnAdmin

    Tests whether the current user is a member of the Administrator's group.

    其是对CheckTokenMembership的封装

    A SID allocated with the AllocateAndInitializeSid function must be freed by using the FreeSid function.

    BOOL IsUserAdmin(VOID)
    /*++ 
    Routine Description: This routine returns TRUE if the caller's
    process is a member of the Administrators local group. Caller is NOT
    expected to be impersonating anyone and is expected to be able to
    open its own process and process token. 
    Arguments: None. 
    Return Value: 
       TRUE - Caller has Administrators local group. 
       FALSE - Caller does not have Administrators local group. --
    */ 
    {
    BOOL b;
    SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
    PSID AdministratorsGroup; 
    b = AllocateAndInitializeSid(
        &NtAuthority,
        2,
        SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS,
        0, 0, 0, 0, 0, 0,
        &AdministratorsGroup); 
    if(b) 
    {
        if (!CheckTokenMembership( NULL, AdministratorsGroup, &b)) 
        {
             b = FALSE;
        } 
        FreeSid(AdministratorsGroup); 
    }
    
    return(b);
    }
    

    四.ConvertSidToStringSid

    The ConvertSidToStringSid function converts a security identifier (SID) to a string format suitable for display, storage, or transmission.

    WINAPI
    ConvertSidToStringSidW(
        __in  PSID     Sid,
        __deref_out LPWSTR  *StringSid
        );
    

    Sid

    A pointer to the SID structure to be converted.

    StringSid

    A pointer to a variable that receives a pointer to a null-terminated SID string. To free the returned buffer, call the LocalFree function.

  • 相关阅读:
    高级(线性)素数筛
    Dijkstra(迪杰斯特拉)算法
    简单素数筛
    【解题报告】 POJ1958 奇怪的汉诺塔(Strange Tower of Hanoi)
    4 jQuery Chatting Plugins | jQuery UI Chatbox Plugin Examples Like Facebook, Gmail
    Web User Control Collection data is not storing
    How to turn on IE9 Compatibility View programmatically in Javascript
    从Javascrip 脚本中执行.exe 文件
    HtmlEditorExtender Ajax
    GRIDVIEW模板中查找控件的方式JAVASCRIPT
  • 原文地址:https://www.cnblogs.com/Clingingboy/p/2921896.html
Copyright © 2011-2022 走看看