window安全相关

整理于 http://www.cppblog.com/weiym/archive/2013/08/25/202751.html?opt=admin

判断是否管理员权限

// Windows API IsUserAnAdmin()
BOOL Am_I_In_Admin_Group(BOOL bCheckAdminMode /*= FALSE*/)
{
    BOOL   fAdmin;
    HANDLE  hThread;
    TOKEN_GROUPS *ptg = NULL;
    DWORD  cbTokenGroups;
    DWORD  dwGroup;
    PSID   psidAdmin;
    SID_IDENTIFIER_AUTHORITY SystemSidAuthority= SECURITY_NT_AUTHORITY;
    if ( !OpenThreadToken ( GetCurrentThread(), TOKEN_QUERY, FALSE, &hThread))
    {
        if ( GetLastError() == ERROR_NO_TOKEN)
        {
            if (! OpenProcessToken ( GetCurrentProcess(), TOKEN_QUERY, 
                &hThread))
                return ( FALSE);
        }
        else 
            return ( FALSE);
    }
    if ( GetTokenInformation ( hThread, TokenGroups, NULL, 0, &cbTokenGroups))
        return ( FALSE);
    if ( GetLastError() != ERROR_INSUFFICIENT_BUFFER)
        return ( FALSE);
    if ( ! ( ptg= (TOKEN_GROUPS*)_alloca ( cbTokenGroups))) 
        return ( FALSE);
    if ( !GetTokenInformation ( hThread, TokenGroups, ptg, cbTokenGroups,
        &cbTokenGroups) )
        return ( FALSE);
    if ( ! AllocateAndInitializeSid ( &SystemSidAuthority, 2, 
        SECURITY_BUILTIN_DOMAIN_RID, 
        DOMAIN_ALIAS_RID_ADMINS,
        0, 0, 0, 0, 0, 0, &psidAdmin) )
        return ( FALSE);
    fAdmin= FALSE;
    for ( dwGroup= 0; dwGroup < ptg->GroupCount; dwGroup++)
    {
        if ( EqualSid ( ptg->Groups[dwGroup].Sid, psidAdmin))
        {
            if(bCheckAdminMode)
            {
                if((ptg->Groups[dwGroup].Attributes) & SE_GROUP_ENABLED)
                {
                    fAdmin = TRUE;
                }
            }
            else
            {
                fAdmin = TRUE;
            }
            break;
        }
    }
    FreeSid ( psidAdmin);
    return ( fAdmin);
}

提权

//注意只有原来是Disable的权限才可以提成Enable， 如果原来就没有这个权限， 是提不上去的。

BOOL EnablePrivilege(HANDLE hToken, LPCTSTR lpszPrivilegeName)
{
    TOKEN_PRIVILEGES tkp = {0};
    BOOL bRet = LookupPrivilegeValue( NULL, lpszPrivilegeName, &tkp.Privileges[0].Luid );
    if(!bRet) return FALSE;

    tkp.PrivilegeCount = 1;
    tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    bRet = AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL );

    return bRet;
}

如何判断用户的进程完整性级别

void CIntegrityLevel::Print(std::wostream& os) const
{
    SID* pSid = (SID*)m_pIntegrity->Label.Sid;
    DWORD rid = pSid->SubAuthority[0];

    LPCTSTR lpszIntegrity = L"Unknown";
    switch (rid)
    {
    case SECURITY_MANDATORY_UNTRUSTED_RID:
        {
            lpszIntegrity = L"Untrusted";
            break;
        }
    case SECURITY_MANDATORY_LOW_RID:
        {
            lpszIntegrity = L"Low";
            break;
        }
    case SECURITY_MANDATORY_MEDIUM_RID:
        {
            lpszIntegrity = L"Medium";
            break;
        }

    case SECURITY_MANDATORY_MEDIUM_PLUS_RID:
        {
            lpszIntegrity = L"Medium +";
            break;
        }
    case SECURITY_MANDATORY_HIGH_RID:
        {
            lpszIntegrity = L"High";
            break;
        }
    case SECURITY_MANDATORY_SYSTEM_RID:
        {
            lpszIntegrity = L"System";
            break;
        }
    default:
        {
            lpszIntegrity = L"XXXXX";
        }
    }

    os << L"Integrity: " << lpszIntegrity << endl;
}

如何指定程序默认启动运行的级别?

在VC里配置Manifest文件.

• asInvoker：默认选项，新的进程将简单地继承其父进程的访问令牌

• highestAvailable：应用程序会选择该用户允许范围内尽可能高的权限。对于标准用户来说，该选项与asInvoker一样，而对于管理员来说，这就意味着请求Admin令牌。

• requireAdministrator：应用程序需要Admin令牌。运行该程序时，标准用户将要输入管理员的用户名和密码，而管理员则要在弹出的确认对话框中进行确认。

• 

打赏