How to implement the privilege of the C + + adjustment process

by OpenProcess (Process_all_access,false,did) to get a handle to a lower ID process, you may get an error code that is a system service that keeps the system active. A normal user process does not allow all operations for system services to be performed. If a program terminates a system service unexpectedly, the entire system crashes. Therefore, a process has the appropriate privileges only if it has the exact access rights.

For a variety of reasons, the debugger must have a large number of permissions to complete his work. The privilege of changing the process can be achieved through the following three simple basic steps:

1. First, you must open the process's access token (Accesstoken) and use the function OpenProcessToken () in Advapi32.dll.

2. If the previous step is completed correctly, then you are ready to token_privileges the structure that contains information about the privileges you want to request. This job requires the help of another function in Advapi32.dll lookupprivilegevalue (). The privilege is specified by name. The SDK documentation winnt.h defines the privilege name and its corresponding symbol name in 27. For example, the symbol name for debug permissions is: Se_debug_name, which is equivalent to the string "SeDebugPrivilege".

3. If the previous step is completed correctly, you can use the process's token handle (Tokenhandle) to invoke the AdjustTokenPrivileges () function to initialize the token_privileges structure. The function is also advapi32.dll exported.

4. If the OpenProcessToken () call succeeds, remember to close the token handle (tokenhandle) that it returned. W2k_dbg.dll contains a dbgprivilegeset () function that incorporates these steps, as well as another function in W2k_dbg.dll: Dbgprivilegedebug (). This function is an outsourced function of Dbgprivilegeset () in order to facilitate the setting of debugging privileges.