15,471
社区成员
发帖
与我相关
我的任务
分享
#Compile Exe
#Dim All
%USEMACROS=1
#If Not %Def(%PB_CC32)
%PB_CC32=1
#EndIf
%NOGDI=1
%NOMMIDS=1
#Include Once "WIN32API.INC"
Declare Function CreateRestrictedToken Lib "ADVAPI32.DLL" Alias "CreateRestrictedToken"(ByVal ExistingTokenHandle As Dword,ByVal Flags As Dword,ByVal DisableSidCount As Dword,SidsToDisable As Any,ByVal DeletePrivilegeCount As Dword, _
PrivilegesToDelete As Any,ByVal RestrictedSidCount As Dword,SidsToRestrict As Any,NewTokenHandle As Dword) As Long
Declare Function CreateProcessAsUserW Lib "ADVAPI32.DLL" Alias "CreateProcessAsUserW" (ByVal TokenHandle As Dword,ByVal lpApplicationName As Dword,ByVal lpCommandLine As Dword,ByVal lpProcessAttributes As Dword,ByVal lpThreadAttributes As Dword, _
ByVal bInheritHandles As Long, ByVal dwCreationFlags As Dword, lpEnvironment As Any,ByVal lpCurrentDirectory As Dword, lpStartupInfo As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As Long
Function PBMain () As Long
Dim hToken As Dword,hNewToken As Dword,Length As Dword,CmdLine$,SI As STARTUPINFO,PI As PROCESS_INFORMATION,SidAttrib As SID_AND_ATTRIBUTES,Privileges(0 To 25) As LUID_AND_ATTRIBUTES
Dim ia As SID_IDENTIFIER_AUTHORITY
If Len(Command$)=0 Then
MsgBox "Create a process with restricted privileges."+$CrLf+$CrLf+"Usage:"+$CrLf+"RunRestrained [Command Line]"+$CrLf+$CrLf+"Sample:"+$CrLf+"RunRestrained cmd.exe /k dir c:\",,"RunRestrained"
ExitProcess 0
End If
If OpenProcessToken(-1,%TOKEN_ALL_ACCESS,hToken) Then
ia.Value(0)=0
ia.Value(1)=0
ia.Value(2)=0
ia.Value(3)=0
ia.Value(4)=0
ia.Value(5)=5
AllocateAndInitializeSid ia,2,%SECURITY_BUILTIN_DOMAIN_RID,%DOMAIN_ALIAS_RID_ADMINS,0,0,0,0,0,0,SidAttrib.pSid
SidAttrib.Attributes=0
Privileges(0).pLuid.LowPart=2
Privileges(1).pLuid.LowPart=3
Privileges(2).pLuid.LowPart=4
Privileges(3).pLuid.LowPart=5
Privileges(4).pLuid.LowPart=6
Privileges(5).pLuid.LowPart=7
Privileges(6).pLuid.LowPart=8
Privileges(7).pLuid.LowPart=9
Privileges(8).pLuid.LowPart=10
Privileges(9).pLuid.LowPart=11
Privileges(10).pLuid.LowPart=12
Privileges(11).pLuid.LowPart=13
Privileges(12).pLuid.LowPart=14
Privileges(13).pLuid.LowPart=15
Privileges(14).pLuid.LowPart=16
Privileges(15).pLuid.LowPart=17
Privileges(16).pLuid.LowPart=18
Privileges(17).pLuid.LowPart=20
Privileges(18).pLuid.LowPart=21
Privileges(19).pLuid.LowPart=22
Privileges(20).pLuid.LowPart=24
Privileges(21).pLuid.LowPart=26
Privileges(22).pLuid.LowPart=27
Privileges(23).pLuid.LowPart=28
Privileges(24).pLuid.LowPart=29
Privileges(25).pLuid.LowPart=30
If CreateRestrictedToken(hToken,0,1,SidAttrib,26,Privileges(0),0,ByVal 0,hNewToken) Then
CmdLine$=UCode$(Command$)
SI.cb=SizeOf(STARTUPINFO)
CreateProcessAsUserW hNewToken,0,StrPtr(CmdLine$),0,0,0,0,ByVal 0,0,SI,PI
CloseHandle hToken
CloseHandle hNewToken
CloseHandle PI.hThread
CloseHandle PI.hProcess
End If
FreeSid SidAttrib.pSid
End If
End Function