有时需要对任意一个进程进行写相关访问权的OpenProcess操作,需要SeDebug权限或Administrator用户。但是有时即使是Administrator对系统安全进程执行OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcessID)
时还是会访问拒绝,因为默认情况下某些访问权限没有被使能,所以要修改进程令牌。
#include <Windows.h>
#include <stdio.h>
int main() {
if (OpenProcess(PROCESS_ALL_ACCESS, FALSE, 11828)==NULL) {
printf("Wrong open 180-1-%d\n",GetLastError());
}
HANDLE tHandle;
// 获取进程访问令牌的句柄,第二个参数是修改令牌
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &tHandle) == NULL) {
printf("Error open process token: %d\n", GetLastError());
}
// 获取表示特权名的luid(locally unique identifier: A 64-bit value that is guaranteed to be unique on the operating system that generated it until the system is restarted.)
// GUID是全局唯一,LUID是局部唯一
LUID luid;
if (LookupPrivilegeValueW(NULL, SE_DEBUG_NAME, &luid) == NULL) {
printf("Error look up privilege value: %d\n", GetLastError());
}
// 修改访问令牌
TOKEN_PRIVILEGES NewState;
NewState.PrivilegeCount = 1;
NewState.Privileges[0].Luid = luid;
NewState.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; //SE_PRIVILEGE_ENABLED、SE_PRIVILEGE_ENABLED_BY_DEFAULT、SE_PRIVILEGE_USED_FOR_ACCESS
if (AdjustTokenPrivileges(tHandle, FALSE, &NewState, sizeof(NewState), NULL, NULL)==0) {
printf("Error adjust token privileges: %d\n", GetLastError());
}
// 接下来可以使用OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcessID)打开系统进程
if (OpenProcess(PROCESS_ALL_ACCESS, FALSE, 180) == NULL) {
printf("Wrong open 180-2-%d\n",GetLastError());
}
}
https://blog.csdn.net/qq_22642239/article/details/70026555
https://gist.github.com/Barakat/020a8be7f4e50e6b4e3de4ede0f84c2c