英文:
How to get disabled privileges for access token?
问题
I know that an access token has disabled and enabled privileges. With some rights, I can enable privileges which are disabled, but I can't get how to receive a list of them. If I use the PrivilegeCheck() function, it just returns me the enabled privileges.
Can you give me a hint as to how to get a list of disabled privileges (may be a code snippet, function, or another direction)?
I use this code:
// Get Process Handle with QUERY_INFORMATION rights
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, PID);
// Get Access Token with READ rights
OpenProcessToken(hProcess, TOKEN_QUERY | TOKEN_QUERY_SOURCE, &hToken);
// Get ID of privilege in the system
if (!LookupPrivilegeValue(NULL, priv_list[i], &luid)) continue;
// Set checking privilege by one
privs.PrivilegeCount = 1;
privs.Control = PRIVILEGE_SET_ALL_NECESSARY;
privs.Privilege[0].Luid = luid;
privs.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
// Check enabled privilege
PrivilegeCheck(hToken, &privs, &bResult);
It just returns the enabled privileges, not the disabled ones.
I repeat again, if the process has disabled privileges that I can activate, I want to list them.
In the end, I want to get something like this:
英文:
I know that an access token has disabled and enabled privileges. With some rights, I can enable privileges which are disabled, but I can't get how to receive a list of them. If I use the PrivilegeCheck() function, it just returns me the enabled privileges.
Can you give me a hint as to how to get a list of disabled privileges (may be a code snippet, function, or another direction)?
I use this code:
// Get Process Handle with QUERY_INFORMATION rights
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, PID);
// Get Access Token with READ rights
OpenProcessToken(hProcess, TOKEN_QUERY | TOKEN_QUERY_SOURCE, &hToken);
// Get ID of privelege in the system
if (!LookupPrivilegeValue(NULL, priv_list[i], &luid)) continue;
// Set checking privilege by one
privs.PrivilegeCount = 1;
privs.Control = PRIVILEGE_SET_ALL_NECESSARY;
privs.Privilege[0].Luid = luid;
privs.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
// Check enabled privilege
PrivilegeCheck(hToken, &privs, &bResult);
It just returns the enabled privileges, not the disabled ones.
I repeat again, if the process has disabled privileges that I can activate, I want to list them.
In the end, I want to get something like this:
答案1
得分: 0
如RbMm所说,遍历权限是一种方法。
- 获取令牌句柄并查询令牌的权限。
- 使用
GetTokenInformation()。 - 返回TOKEN_PRIVILEGES结构体。
这是一个示例,希望对你有帮助。
#include<windows.h>
#include<stdio.h>
int main()
{
HANDLE hToken = NULL;
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken);
if (!hToken)
{
printf("OpenProcessToken() error\n");
return 0;
}
DWORD dwSize = 0;
GetTokenInformation(hToken, TokenPrivileges, NULL, NULL, &dwSize);
TOKEN_PRIVILEGES* pTokenPriv = (TOKEN_PRIVILEGES*)calloc(1, dwSize);
GetTokenInformation(hToken, TokenPrivileges, pTokenPriv, dwSize, &dwSize);
DWORD dwCount = pTokenPriv->PrivilegeCount;
LUID_AND_ATTRIBUTES* pPriv = pTokenPriv->Privileges;
char szPrivName[1000] = { 0 };
DWORD dwNameLen = sizeof(szPrivName);
for (int i = 0; i < dwCount; ++i)
{
LookupPrivilegeNameA(0, &(pPriv[i].Luid), szPrivName, &dwNameLen);
printf("[%s] -- Attributes:[%d]\n", szPrivName, pPriv[i].Attributes);
}
if (pTokenPriv)
{
free(pTokenPriv);
pTokenPriv = NULL;
}
}
希望这有帮助。
英文:
As RbMm said, traversing permissions is a method.
- Get the token handle and query the permissions of the token.
GetTokenInformation().- Return TOKEN_PRIVILEGES struct.
Here is a sample, hope this helpful.
#include<windows.h>
#include<stdio.h>
int main()
{
HANDLE hToken = NULL;
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken);
if (!hToken)
{
printf("OpenProcessToken() error\n");
return 0;
}
DWORD dwSize = 0;
GetTokenInformation(hToken, TokenPrivileges, NULL, NULL, &dwSize);
TOKEN_PRIVILEGES* pTokenPriv = (TOKEN_PRIVILEGES*)calloc(1, dwSize);
GetTokenInformation(hToken, TokenPrivileges, pTokenPriv, dwSize, &dwSize);
DWORD dwCount = pTokenPriv->PrivilegeCount;
LUID_AND_ATTRIBUTES* pPriv = pTokenPriv->Privileges;
char szPrivName[1000] = { 0 };
DWORD dwNameLen = sizeof(szPrivName);
for (int i = 0; i < dwCount; ++i)
{
LookupPrivilegeNameA(0, &(pPriv[i].Luid), szPrivName, &dwNameLen);
printf("[%s] -- Attributes:[%d]\n", szPrivName, pPriv[i].Attributes);
}
if (pTokenPriv)
{
free(pTokenPriv);
pTokenPriv = NULL;
}
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论