Windows使用任意用户创建进程
2013-12-25 11:25
393 查看
int main( int argc, char *argv[] ) { LPTSTR User, Domain, Password, Command, lpNameBuffer = NULL; DWORD dwSize = 0; int RC = 0; if ( argc != 5 ) { usage( argv[0] ); RC = -1; } else { GetUserNameEx( NameSamCompatible, lpNameBuffer, &dwSize ); if ( GetLastError() == ERROR_MORE_DATA ) { lpNameBuffer = (LPTSTR) HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, dwSize + 1 ); if ( GetUserNameEx( NameSamCompatible, lpNameBuffer, &dwSize ) ) { sprintf( buffer, "Calling User: %s\n", lpNameBuffer ); debug( buffer ); if ( lpNameBuffer != NULL ) HeapFree( GetProcessHeap(), 0, (LPVOID)lpNameBuffer ); } } User = argv[1]; Domain = argv[2]; Password = argv[3]; Command = argv[4]; sprintf( buffer, "User = %s\n", argv[1] ); debug( buffer ); sprintf( buffer, "Domain = %s\n", argv[2] ); debug( buffer ); debug( "Password supplied, not logged\n" ); sprintf( buffer, "Command = %s\n", argv[4] ); debug( buffer ); if ( !AdjustCaller() ) { RC = -1; } else { if ( !StartProcess( User, Domain, Password, Command ) ) { RC = -1; debug( "Couldn't start interactive client process!\n" ); } } } if ( log != NULL ) (void) fclose( log ); return RC; } BOOL AdjustCaller( void ) { HANDLE hToken; if ( !OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) ) { debug( "OpenProcessToken() failed, unable to query or adjust token privs\n" ); return FALSE; } if ( !SetPrivilege( hToken, SE_TCB_NAME, TRUE ) ) { debug( "Couldn't set 'SE_TCB_NAME' privilege for this process!\n" ); return FALSE; } if ( !SetPrivilege( hToken, SE_ASSIGNPRIMARYTOKEN_NAME, TRUE ) ) { debug( "Couldn't set 'SE_ASSIGNPRIMARYTOKEN_NAME' privilege for this process!\n" ); return FALSE; } if ( !SetPrivilege( hToken, SE_RESTORE_NAME, TRUE ) ) { debug( "non-fatal: Couldn't set 'SE_RESTORE_NAME' privilege for this process! Needed for LoadUserProfile()\n" ); } if ( !SetPrivilege( hToken, SE_BACKUP_NAME, TRUE ) ) { debug( "non-fatal: Couldn't set 'SE_BACKUP_NAME' privilege for this process! Needed for LoadUserProfile()\n" ); } if ( !SetPrivilege( hToken, SE_CHANGE_NOTIFY_NAME, TRUE ) ) { debug( "non-fatal: Couldn't set 'SE_CHANGE_NOTIFY_NAME' privilege for this process!\n" ); } if ( !SetPrivilege( hToken, SE_INCREASE_QUOTA_NAME, TRUE ) ) { debug( "Couldn't set 'SE_ASSIGNPRIMARYTOKEN_NAME' privilege for this process!\n" ); return FALSE; } debug( "AdjustCaller(): privileges enabled -- YAY!\n" ); return TRUE; } BOOL SetPrivilege( HANDLE hToken, // access token handle LPCTSTR lpszPrivilege, // name of privilege to enable/disable BOOL bEnablePrivilege )// to enable or disable privilege { TOKEN_PRIVILEGES tp; LUID luid; if ( !LookupPrivilegeValue( NULL, // lookup privilege on local system lpszPrivilege, // privilege to lookup &luid ) ) { // receives LUID of privilege (void) sprintf( buffer, "Privilege: %s: LookupPrivilegeValue error: %u\n", lpszPrivilege, GetLastError( ) ); debug( buffer ); return FALSE; } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; if ( bEnablePrivilege ) tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; else tp.Privileges[0].Attributes = 0; // Enable the privilege or disable all privileges. if ( !AdjustTokenPrivileges( hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL, (PDWORD) NULL) ) { (void) sprintf( buffer, "Privilege: %s: AdjustTokenPrivileges error: %u\n", lpszPrivilege, GetLastError( ) ); debug( buffer ); return FALSE; } if ( GetLastError() == ERROR_NOT_ALL_ASSIGNED ) { (void) sprintf( buffer, "Privilege: %s: The token does not have the specified privilege.\n", lpszPrivilege ); debug( buffer ); return FALSE; } return TRUE; } BOOL StartProcess( LPTSTR lpszUsername, LPTSTR lpszDomain, LPTSTR lpszPassword, LPTSTR lpCommandLine ) { HANDLE hToken; PROFILE_INFORMATION profileInformation; BOOL bProfileLoaded = FALSE; if ( !LogonUser( lpszUsername, lpszDomain, lpszPassword, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken ) ) { return FALSE; } ZeroMemory( &profileInformation, sizeof( profileInformation ) ); profileInformation.dwSize = sizeof( profileInformation ); profileInformation.lpUserName = lpszUsername; profileInformation.dwFlags = PI_NOUI; if ( (bProfileLoaded = LoadUserProfile( hToken, &profileInformation )) == FALSE ) { sprintf( buffer, "LoadUserProfile() failed: LastError: %u\n", GetLastError( ) ); debug( buffer ); } }
相关文章推荐
- 无责任Windows Azure SDK .NET开发入门篇三[使用Azure AD 管理用户信息--3.2 Create创建用户]
- windows服务程序中创建用户进程
- 使用c#创建windows本地用户帐号
- windows 下在一个进程中使用createprocess创建一个窗口进程,并获取这个窗口的HWND句柄
- oracle安装后使用SQLPLUS命令创建表空间和修改用户默认表空间windows平台
- 如何:使用 Windows 窗体 TextBox 控件创建密码文本框 .NET Framework 2.0 其他版本 密码框是一种 Windows 窗体文本框,它在用户键入字符串时显示占位符。 创
- 使用c#创建windows本地用户帐号
- Windows下的进程创建API--CreateProcess使用经验漫谈
- windows系统下使用SQLPLUS命令创建表空间和用户
- windows 模拟用户会话创建进程
- Windows下创建用户不能使用的字符
- 利用BASH提权的技巧,使用SU创建用户
- 实战:Windows 2008 WDS使用参考计算机创建安装映像
- windows下使用jps无法显示java进程的id
- 使用 Windows Virtual PC 创建一个虚拟机 推荐
- Windows 下创建互斥运行的进程
- [译]使用C#的用户控件创建ActiveX
- Linux创建多个用户,并赋予随机密码,不使用循环语句
- Windows下创建进程-CreateProcess()
- windows下使用sc创建服务 配置自动启动