16,473
社区成员
发帖
与我相关
我的任务
分享
HANDLE GetProcessByName(TCHAR* name)
{
DWORD pid = 0;
// Create toolhelp snapshot.
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 process;
ZeroMemory(&process, sizeof(process));
process.dwSize = sizeof(process);
// Walkthrough all processes.
if (Process32First(snapshot, &process))
{
do
{
// Compare process.szExeFile based on format of name, i.e., trim file path
// trim .exe if necessary, etc.
if (0 == _tcscmp(_tcslwr(process.szExeFile), _tcslwr(name)))
{
pid = process.th32ProcessID;
break;
}
} while (Process32Next(snapshot, &process));
}
CloseHandle(snapshot);
if (pid != 0)
{
return OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
}
// Not found
return NULL;
}
BOOL CreateProcess(PWSTR pszCommandLine)
{
DWORD dwError = ERROR_SUCCESS;
HANDLE hToken = NULL;
HANDLE hNewToken = NULL;
STARTUPINFO si = { sizeof(si) };
PROCESS_INFORMATION pi = { 0 };
// Open the primary access token of the process.
if (!OpenProcessToken(GetProcessByName(_T("explorer.exe")), TOKEN_DUPLICATE | TOKEN_QUERY |
TOKEN_ADJUST_DEFAULT | TOKEN_ASSIGN_PRIMARY, &hToken))
{
dwError = GetLastError();
goto Cleanup;
}
if (!DuplicateTokenEx(hToken, 0, NULL, SecurityImpersonation,
TokenPrimary, &hNewToken))
{
dwError = GetLastError();
goto Cleanup;
}
if (!CreateProcessAsUser(hNewToken, pszCommandLine, NULL, NULL, NULL,
FALSE, 0, NULL, NULL, &si, &pi))
{
dwError = GetLastError();
goto Cleanup;
}
Cleanup:
// Centralized cleanup for all allocated resources.
if (hToken)
{
CloseHandle(hToken);
hToken = NULL;
}
if (ERROR_SUCCESS != dwError)
{
// Make sure that the error code is set for failure.
SetLastError(dwError);
return FALSE;
}
else
{
return TRUE;
}
}
bool AdjustPrivileges() {
HANDLE hToken;
TOKEN_PRIVILEGES tp;
TOKEN_PRIVILEGES oldtp;
DWORD dwSize=sizeof(TOKEN_PRIVILEGES);
LUID luid;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
if (GetLastError()==ERROR_CALL_NOT_IMPLEMENTED) return true;
else return false;
}
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) {
CloseHandle(hToken);
return false;
}
ZeroMemory(&tp, sizeof(tp));
tp.PrivilegeCount=1;
tp.Privileges[0].Luid=luid;
tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
/* Adjust Token Privileges */
if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), &oldtp, &dwSize)) {
CloseHandle(hToken);
return false;
}
// close handles
CloseHandle(hToken);
return true;
}