Win32汇编实现判断进程是否拥有某特殊权限
2008-03-11 09:34
567 查看
本文做为《Win32汇编实现提升进程Debug权限的两种方法 》的姊妹篇发布,希望在需要的时候为大家提供参考。
(声明:魏滔序原创,转贴请注明出处。)
;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Win32汇编实现判断进程是否拥有某特殊权限
; Programmed by 魏滔序
; WebSite: http://www.chenoe.com
; Blog: http://blog.csdn.net/Modest
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
.486
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include Advapi32.inc
includelib kernel32.lib
includelib Advapi32.lib
.code
Start:
IsPrivilege PROC hProcess,dwPrivilege
LOCAL hToken,BufferSize,i
LOCAL tPrivilege:LUID_AND_ATTRIBUTES
LOCAL pInfoBuffer,PrivilegeCount
Invoke OpenProcessToken,hProcess, TOKEN_QUERY, ADDR hToken
.If EAX == 0
MOV EAX,FALSE
RET
.EndIf
Invoke GetTokenInformation,hToken,TokenPrivileges, NULL, NULL, addr BufferSize
.If BufferSize == 0
MOV EAX,FALSE
RET
.EndIf
MOV EAX,BufferSize
Invoke GlobalAlloc,GMEM_FIXED,EAX
MOV pInfoBuffer,EAX
Invoke GetTokenInformation,hToken,TokenPrivileges, pInfoBuffer, BufferSize, addr BufferSize
PUSH EAX
Invoke CloseHandle,hToken
POP EAX
.If EAX == 0
MOV EAX,FALSE
RET
.EndIf
MOV i,0
Invoke RtlMoveMemory, addr PrivilegeCount,pInfoBuffer, 4
.While TRUE
MOV EAX,SIZEOF LUID_AND_ATTRIBUTES
IMUL EAX,i
ADD EAX,pInfoBuffer
ADD EAX,4
Invoke RtlMoveMemory, addr tPrivilege,EAX, SIZEOF LUID_AND_ATTRIBUTES
MOV EAX,dwPrivilege
.IF tPrivilege.Attributes != 0 && tPrivilege.Luid.LowPart == EAX
MOV EAX,TRUE
RET
.EndIf
ADD i,1
MOV EAX,i
.Break .IF EAX==PrivilegeCount
.EndW
MOV EAX,FALSE
RET
IsPrivilege Endp
End Start
(声明:魏滔序原创,转贴请注明出处。)
;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Win32汇编实现判断进程是否拥有某特殊权限
; Programmed by 魏滔序
; WebSite: http://www.chenoe.com
; Blog: http://blog.csdn.net/Modest
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
.486
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include Advapi32.inc
includelib kernel32.lib
includelib Advapi32.lib
.code
Start:
IsPrivilege PROC hProcess,dwPrivilege
LOCAL hToken,BufferSize,i
LOCAL tPrivilege:LUID_AND_ATTRIBUTES
LOCAL pInfoBuffer,PrivilegeCount
Invoke OpenProcessToken,hProcess, TOKEN_QUERY, ADDR hToken
.If EAX == 0
MOV EAX,FALSE
RET
.EndIf
Invoke GetTokenInformation,hToken,TokenPrivileges, NULL, NULL, addr BufferSize
.If BufferSize == 0
MOV EAX,FALSE
RET
.EndIf
MOV EAX,BufferSize
Invoke GlobalAlloc,GMEM_FIXED,EAX
MOV pInfoBuffer,EAX
Invoke GetTokenInformation,hToken,TokenPrivileges, pInfoBuffer, BufferSize, addr BufferSize
PUSH EAX
Invoke CloseHandle,hToken
POP EAX
.If EAX == 0
MOV EAX,FALSE
RET
.EndIf
MOV i,0
Invoke RtlMoveMemory, addr PrivilegeCount,pInfoBuffer, 4
.While TRUE
MOV EAX,SIZEOF LUID_AND_ATTRIBUTES
IMUL EAX,i
ADD EAX,pInfoBuffer
ADD EAX,4
Invoke RtlMoveMemory, addr tPrivilege,EAX, SIZEOF LUID_AND_ATTRIBUTES
MOV EAX,dwPrivilege
.IF tPrivilege.Attributes != 0 && tPrivilege.Luid.LowPart == EAX
MOV EAX,TRUE
RET
.EndIf
ADD i,1
MOV EAX,i
.Break .IF EAX==PrivilegeCount
.EndW
MOV EAX,FALSE
RET
IsPrivilege Endp
End Start
相关文章推荐
- win32实现判断指定进程中是否存在(code)
- Win32汇编实现提升进程Debug权限的两种方法
- VC判断进程是否具有administrator权限的方法
- masm32编程判断当前帐户是否拥有管理员权限方法1
- 判断进程是否以管理员权限运行
- 判断当前进程是否以管理员权限启动的
- Shell实现判断进程是否存在并重新启动脚本
- Win32判断当前进程是否激活(失去焦点)
- Shell实现判断进程是否存在并重新启动脚本
- 在纯java中实现跨平台判断该进程是否已经启动
- 判断当前进程是否以管理员权限启动的
- 批处理判断是否特殊字符的实现代码
- 如何判断进程是否具有administrator权限
- Shell实现判断进程是否存在并重新启动脚本分享
- sharepoint中判断用户是否拥有某项的权限
- win32判断当前进程是否是64位
- VC 判断进程是否是以管理员权限运行,并且判断是否是用户进程而非服务进程
- 判断进程是否以管理员权限运行
- Win32汇编-实现注入进程进行IAT HOOK
- 判断当前进程是否以管理员权限运行(AllocateAndInitializeSid后,用CheckTokenMembership与AdministratorsGroup进行比较,和Delphi的那个例子还有点不一样)