OpenProcessToken GetCurrentProcessID TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY
CreateProcessAsUser
SystemHandleInformation = 16;
ProcessBasicInformation = 0;
STATUS_SUCCESS = cardinal($00000000);
SE_DEBUG_PRIVILEGE =20;
STATUS_ACCESS_DENIED = cardinal($C0000022);
STATUS_INFO_LENGTH_MISMATCH = cardinal($C0000004);
SEVERITY_ERROR = cardinal($C0000000);
TH32CS_SNAPPROCESS = $00000002;
JOB_OBJECT_ALL_ACCESS = $1f001f;
printf("SeCreateSymbolicLinkPrivilege = %ld, %ld\n", seCreateSymbolicLinkPrivilege.HighPart, seCreateSymbolicLinkPrivilege.LowPart);
if (!GetTokenInformation(hProcess, TokenPrivileges, NULL, 0, &length))
{
if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
{
TOKEN_PRIVILEGES* privileges = (TOKEN_PRIVILEGES*)malloc(length);
if (GetTokenInformation(hProcess, TokenPrivileges, privileges, length, &length))
{
BOOL found = FALSE;
DWORD count = privileges->PrivilegeCount;
printf("User has %ld privileges\n", count);
if (count > 0)
{
LUID_AND_ATTRIBUTES* privs = privileges->Privileges;
while (count-- > 0 && !luid_eq(privs->Luid, seCreateSymbolicLinkPrivilege))
privs++;
found = (count > 0);
沒有留言:
張貼留言