Windows使用任意用户创建进程
2013-12-25 11:25
393 查看
int main( int argc, char *argv[] )
{
LPTSTR User, Domain, Password, Command, lpNameBuffer = NULL;
DWORD dwSize = 0;
int RC = 0;
if ( argc != 5 )
{
usage( argv[0] );
RC = -1;
}
else
{
GetUserNameEx( NameSamCompatible, lpNameBuffer, &dwSize );
if ( GetLastError() == ERROR_MORE_DATA )
{
lpNameBuffer = (LPTSTR) HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, dwSize + 1 );
if ( GetUserNameEx( NameSamCompatible, lpNameBuffer, &dwSize ) )
{
sprintf( buffer, "Calling User: %s\n", lpNameBuffer );
debug( buffer );
if ( lpNameBuffer != NULL ) HeapFree( GetProcessHeap(), 0, (LPVOID)lpNameBuffer );
}
}
User = argv[1];
Domain = argv[2];
Password = argv[3];
Command = argv[4];
sprintf( buffer, "User = %s\n", argv[1] );
debug( buffer );
sprintf( buffer, "Domain = %s\n", argv[2] );
debug( buffer );
debug( "Password supplied, not logged\n" );
sprintf( buffer, "Command = %s\n", argv[4] );
debug( buffer );
if ( !AdjustCaller() )
{
RC = -1;
}
else
{
if ( !StartProcess( User, Domain, Password, Command ) )
{
RC = -1;
debug( "Couldn't start interactive client process!\n" );
}
}
}
if ( log != NULL )
(void) fclose( log );
return RC;
}
BOOL AdjustCaller( void )
{
HANDLE hToken;
if ( !OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES |
TOKEN_QUERY, &hToken ) )
{
debug( "OpenProcessToken() failed, unable to query or adjust token privs\n" );
return FALSE;
}
if ( !SetPrivilege( hToken, SE_TCB_NAME, TRUE ) )
{
debug( "Couldn't set 'SE_TCB_NAME' privilege for this process!\n" );
return FALSE;
}
if ( !SetPrivilege( hToken, SE_ASSIGNPRIMARYTOKEN_NAME, TRUE ) )
{
debug( "Couldn't set 'SE_ASSIGNPRIMARYTOKEN_NAME' privilege for this process!\n" );
return FALSE;
}
if ( !SetPrivilege( hToken, SE_RESTORE_NAME, TRUE ) )
{
debug( "non-fatal: Couldn't set 'SE_RESTORE_NAME' privilege for this
process! Needed for LoadUserProfile()\n" );
}
if ( !SetPrivilege( hToken, SE_BACKUP_NAME, TRUE ) )
{
debug( "non-fatal: Couldn't set 'SE_BACKUP_NAME' privilege for this
process! Needed for LoadUserProfile()\n" );
}
if ( !SetPrivilege( hToken, SE_CHANGE_NOTIFY_NAME, TRUE ) )
{
debug( "non-fatal: Couldn't set 'SE_CHANGE_NOTIFY_NAME' privilege for
this process!\n" );
}
if ( !SetPrivilege( hToken, SE_INCREASE_QUOTA_NAME, TRUE ) )
{
debug( "Couldn't set 'SE_ASSIGNPRIMARYTOKEN_NAME' privilege for this
process!\n" );
return FALSE;
}
debug( "AdjustCaller(): privileges enabled -- YAY!\n" );
return TRUE;
}
BOOL SetPrivilege( HANDLE hToken, // access token handle
LPCTSTR lpszPrivilege, // name of privilege to
enable/disable
BOOL bEnablePrivilege )// to enable or disable privilege
{
TOKEN_PRIVILEGES tp;
LUID luid;
if ( !LookupPrivilegeValue( NULL, // lookup privilege on local
system
lpszPrivilege, // privilege to lookup
&luid ) )
{ // receives LUID of privilege
(void) sprintf( buffer, "Privilege: %s: LookupPrivilegeValue error:
%u\n", lpszPrivilege, GetLastError( ) );
debug( buffer );
return FALSE;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if ( bEnablePrivilege )
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
tp.Privileges[0].Attributes = 0;
// Enable the privilege or disable all privileges.
if ( !AdjustTokenPrivileges( hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES) NULL, (PDWORD) NULL) )
{
(void) sprintf( buffer, "Privilege: %s: AdjustTokenPrivileges error:
%u\n", lpszPrivilege, GetLastError( ) );
debug( buffer );
return FALSE;
}
if ( GetLastError() == ERROR_NOT_ALL_ASSIGNED )
{
(void) sprintf( buffer, "Privilege: %s: The token does not have the
specified privilege.\n", lpszPrivilege );
debug( buffer );
return FALSE;
}
return TRUE;
}
BOOL StartProcess( LPTSTR lpszUsername,
LPTSTR lpszDomain,
LPTSTR lpszPassword,
LPTSTR lpCommandLine )
{
HANDLE hToken;
PROFILE_INFORMATION profileInformation;
BOOL bProfileLoaded = FALSE;
if ( !LogonUser( lpszUsername, lpszDomain, lpszPassword,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken ) )
{
return FALSE;
}
ZeroMemory( &profileInformation, sizeof( profileInformation ) );
profileInformation.dwSize = sizeof( profileInformation );
profileInformation.lpUserName = lpszUsername;
profileInformation.dwFlags = PI_NOUI;
if ( (bProfileLoaded = LoadUserProfile( hToken, &profileInformation )) == FALSE )
{
sprintf( buffer, "LoadUserProfile() failed: LastError: %u\n",
GetLastError( ) );
debug( buffer );
}
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 无责任Windows Azure SDK .NET开发入门篇三[使用Azure AD 管理用户信息--3.2 Create创建用户]
- windows服务程序中创建用户进程
- 使用c#创建windows本地用户帐号
- windows 下在一个进程中使用createprocess创建一个窗口进程,并获取这个窗口的HWND句柄
- oracle安装后使用SQLPLUS命令创建表空间和修改用户默认表空间windows平台
- 如何:使用 Windows 窗体 TextBox 控件创建密码文本框 .NET Framework 2.0 其他版本 密码框是一种 Windows 窗体文本框,它在用户键入字符串时显示占位符。 创
- 使用c#创建windows本地用户帐号
- Windows下的进程创建API--CreateProcess使用经验漫谈
- windows系统下使用SQLPLUS命令创建表空间和用户
- windows 模拟用户会话创建进程
- Windows下创建用户不能使用的字符
- 利用BASH提权的技巧,使用SU创建用户
- 实战:Windows 2008 WDS使用参考计算机创建安装映像
- windows下使用jps无法显示java进程的id
- 使用 Windows Virtual PC 创建一个虚拟机 推荐
- Windows 下创建互斥运行的进程
- [译]使用C#的用户控件创建ActiveX
- Linux创建多个用户,并赋予随机密码,不使用循环语句
- Windows下创建进程-CreateProcess()
- windows下使用sc创建服务 配置自动启动