Windows core programming code analysis based on Visual C ++ (42) Process Identity switching in Windows

A process is the basis of the operating system structure. It is an ongoing program. an instance of a program running in a computer can be allocated to an entity that is executed by a processor;

The execution in a single order shows the activity units described by the current status and a group of related system resources.

For applications, a process is like a large container. After an application is run, it is equivalent to loading the application into a container,

You can add other things to the container (for example, the variable data required by the application at runtime and the DLL file to be referenced). When the application is run twice, the items in the container will not be dumped,

The system will find a new process container to accommodate it.

Dynamic: the essence of a process is an execution process of a program in multiple program systems. The process is generated dynamically and disappears dynamically.

Concurrency: Any process can be concurrently executed with other processes.

Independence: A process is a basic unit that can run independently. It is also an independent unit for the system to allocate resources and schedule resources;

Asynchronization: Due to mutual control between processes, the process has an intermittent execution, that is, the process is pushed forward at an independent and unpredictable speed.

Structural Features: A process consists of three parts: Program, data, and process control blocks. Multiple different processes can contain the same program: a program in different datasets forms different processes and produces different results. However, during execution, the program cannot be changed.

Generally, there are several users in windows, some are administator, some are custom, and all processes have user-created identifiers. How can we set a process created by our own users, such as yincheng, change the process to administator to obtain higher permissions,

See Code comments and explanations

 

 

 

# Include "stdafx. H "# include" windows. H "# include <process. h> # include <tlhelp32.h> # include <psapi. h ># include <tlhelp32.h> # pragma comment (Lib, "psapi") bool enabledebugpriv () {handle htoken; luid sedebugnamevalue; token_privileges tkp; If (! Openprocesstoken (getcurrentprocess (), token_adjust_privileges | token_query, & htoken) {return false;} If (! Lookupprivilegevalue (null, se_debug_name, & sedebugnamevalue) {closehandle (htoken); Return false;} tkp. privilegecount = 1; tkp. privileges [0]. luid = sedebugnamevalue; tkp. privileges [0]. attributes = se_privilege_enabled; If (! Adjusttokenprivileges (htoken, false, & tkp, sizeof tkp, null, null) {return false;} closehandle (htoken); Return true;} Handle getprocesshandle (lpstr szexename) {processentry32 Pc = {sizeof (processentry32)}; handle hsnapshot = createconlhelp32snapshot (th32cs_snapall, 0); If (process32first (hsnapshot, & PC) {do {If (! Stricmp (PC. szexefile, szexename) {// return to the pidprintf ("Explorer's pid = % d \ n", PC. th32processid); Return OpenProcess (process_all_access, true, PC. th32processid) ;}}while (process32next (hsnapshot, & PC);} return NULL;} int impuser (tchar using line [256]) {handle htoken; handle hexp = getprocesshandle ("Calc. EXE "); If (hexp = NULL) return false; openprocesstoken (hexp, token_all_access, & htoken); If (HT Oken = NULL) return false; startupinfo Si; process_information PI; zeromemory (& Si, sizeof (startupinfo); SI. CB = sizeof (startupinfo); SI. lpdesktop = "winsta0 \ default"; SI. wshowwindow = sw_show; SI. dwflags = startf_useshowwindow; tchar szparameter [256] = "/C"; lstrcat (szparameter, limit line); printf ("szparameter = % s \ n", szparameter ); char path [max_path]; getsystemwindowsdirectory (path, max_path); lstrcat (Path, "\ System32 \ cmd.exe"); If (createprocessasuser (htoken, (char *) path, szparameter, null, null, false, create_default_error_mode, null, null, & Si, & PI) // run the program as administrator, create_no_window, create_new_console, create_default_error_mode {printf ("createprocessasuser sucessed! % D \ n ", getlasterror (); closehandle (Pi. hprocess); closehandle (Pi. hthread) ;}return 0 ;}int main () {impuser ("Regedit"); Return 0 ;}