Modify process Access Permissions

Openprocesstoken
You need to specify the write-related access permission for an arbitrary process (including the system security process and service process ).
Process operation, as long as the current process has the sededebug permission. If a user is administrator or
Is granted with the corresponding permissions, you can have this permission. However, even if we use the Administrator account
When the security process runs OpenProcess (process_all_access, false, dwprocessid ),
"REJECTED" error. Why? In the past, by default, some access permissions of the process were not enabled (enab
So the first thing we need to do is to enable these permissions. Some related API functions include openprocesstok.
En, lookupprivilegevalue, adjusttokenprivileges. We want to modify the access token of a process.
First, obtain the handle of the Process access token, which can be obtained through openprocesstoken. The prototype of the function is as follows:
Bool openprocesstoken (
Handle processhandle, // Process Handle for modifying Access Permissions
DWORD desiredaccess, // specifies the operation type you want to perform
Phandle tokenhandle // returned access token pointer
);
The first parameter is the process handle for modifying the access permission; the third parameter is the returned access token pointer; the second parameter
The parameter specifies the operation type you want to perform. to modify the token, We need to specify the second parameter token_adjust_privi.
Leges (for other parameters, see Platform SDK ). With this function, we can get access to the current process.
Handle Of the token (the first parameter of the specified function is getcurrentprocess ). Then we can call
Adjusttokenprivileges modifies the access token. The prototype of adjusttokenprivileges is as follows:
Bool adjusttokenprivileges (
Handle tokenhandle, // handle to token
Bool disableallprivileges, // disabling Option
Ptoken_privileges newstate, // privilege information
DWORD bufferlength, // size of Buffer
Ptoken_privileges previusstate, // Original State Buffer
Pdword returnlength // required buffer size
);
The first parameter is the access token handle, and the second parameter determines whether to modify the permission or disable
Permission. The third parameter indicates the permission to be modified. It is a pointer to the token_privileges structure.
Contains an array. Each item in the Data Group specifies the permission type and the operation to be performed. The fourth parameter is the structure Prev.
The length of iousstate. If the previusstate is null, this parameter should be null. The fifth parameter also points
Pointer of the ken_privileges structure, which stores the information of the access permission before modification. It can be empty. The last parameter is the actual pr.
The size returned by the eviusstate structure. Let's take a look at the token_privileges structure before using this function.
As shown in the following figure:
Typedef struct _ token_privileges {
DWORD privilegecount;
Luid_and_attributes privileges [];
} Token_privileges, * ptoken_privileges;
Privilegecount refers to the number of original elements in the array, followed by an array of the luid_and_attributes type, and
Let's take a look at the content of the structure luid_and_attributes. The declaration is as follows:
Typedef struct _ luid_and_attributes {
Luid;
DWORD attributes;
} Luid_and_attributes, * pluid_and_attributes
The second parameter specifies the operation type we want to perform. There are three Optional options: se_privilege_enabled,
Se_privilege_enabled_by_default and se_privilege_used_for_access. To enable a permission, it means
Set attributes to se_privilege_enabled. The first parameter refers to the permission type, which is a luid value,
Luid refers to the locally unique identifier. I think you are familiar with the guid and ensure full compliance with the guid requirements.
The unique Bureau is different. As long as the luid is locally unique, it means that the luid is unique during each operation of the system.
. In addition, luid is a 64-bit value, which is the same as guid,
How can we know the luid value corresponding to a permission? This requires another API function looku.
Pprivilegevalue. Its prototype is as follows:
Bool lookupprivilegevalue (
Lptstr lpsystemname, // system name
Lptstr lpname, // privilege name
Pluid lpluid // locally Unique Identifier
);
The first parameter is the system name. If it is a local system, you only need to specify it as null. The third parameter is
Returns the luid pointer. The second parameter indicates the permission name, for example, "sedebugprivilege ". In winnt.
H also defines some macros with permission names, such:
# Define se_backup_name text ("SeBackupPrivilege ")
# Define se_restore_name text ("serestoreprivilege ")
# Define se_shutdown_name text ("seshutdownprivilege ")
# Define se_debug_name text ("sedebugprivilege ")
In this way, we can use OpenProcess (process_all_access, false,
Dwprocessid) to obtain the handle of any process and specify all access permissions.

Modify process Access Permissions