On the internet also saw some of the promotion process token function but not very good, finally I still from a hacker backdoor source code to extract a better process token function, dare not exclusive, share with you. The back door was really good.
Hysia prompts you:
This function is very good in dealing with the virus program, only to elevate their own permissions to kill the virus process I have written to try to end the Winlogon process, the result is that my computer immediately after the blue screen restart!
Elevate process permissions to debug permissions
Procedure Setprivilege;
Var
Oldtokenprivileges, Tokenprivileges:ttokenprivileges;
Returnlength:dword;
Htoken:thandle;
Luid:int64;
Begin
OpenProcessToken (GetCurrentProcess, Token_adjust_privileges, Htoken);
Lookupprivilegevalue (Nil, ' SeDebugPrivilege ', Luid);
Tokenprivileges.privileges[0].luid: = Luid;
Tokenprivileges.privilegecount: = 1;
Tokenprivileges.privileges[0]. Attributes: = 0;
AdjustTokenPrivileges (Htoken, False, Tokenprivileges, SizeOf (ttokenprivileges), oldtokenprivileges, ReturnLength);
Oldtokenprivileges.privileges[0].luid: = Luid;
Oldtokenprivileges.privilegecount: = 1;
Oldtokenprivileges.privileges[0]. Attributes: = Tokenprivileges.privileges[0]. Attributes or se_privilege_enabled;
AdjustTokenPrivileges (Htoken, False, Oldtokenprivileges, Returnlength, ptokenprivileges (nil) ^, returnlength);
End
The usage is needless to say,
Procedure Tform1.formcreate (Sender:tobject);
Begin Setprivilege; ...
In a word, the program is promoted to debug permissions, and then you can casually end other processes.
Good things to share with you!
Http://www.lsworks.net/article/9.html
Elevate process permissions to debug permissions