2. Tech
  3. How to get debugging Winlogon process permissions

How to get debugging Winlogon process permissions

zhaozj2021-02-11  203

Since this article is adapted to the Windows2000 and the Winnt operating system, two simple judgments are given the current operating system, whether it is a Windows2000 system or a determination function for the Winnt system.

Bool iswin2k (void) {

OsversionInfo OsversionInfo;

OsversionInfo.dwosveionsInfosize = SizeOf (OsversionInfo);

IF (GetversionEx (& OsversionInfo)) {

Return ((Osversion.dwplatformID == Ver_Platform_Win32_NT) &&

(Osversion.dwmajoversion == 5));

}

Else {

Return False;

}

}

Bool iswinnt (void) {

OsversionInfo OsversionInfo;

OsversionInfo.dwosveionsInfosize = SizeOf (OsversionInfo);

IF (GetversionEx (& OsversionInfo)) {

Return ((Osversion.dwplatformID == Ver_Platform_Win32_NT) &&

(Osversion.dwmajoversion == 5));

}

Else {

Return False;

}

}

Since the debugging process must be familiar with the Token_Privileges structure, this structure contains some access token permission information:

Typedef struct __token_privileges {

DWORD privilegect;

Luid_And_Attributes Privileges [];

} Token_privileges, * ptoken_privileges;

The first parameter is the number of privileges arrays, the second parameter is an array of Luid_and_Attributes structures, and we know that we include a LUID (LOCALLY UNIQUE IDENTIFIER) value with an attribute value. Use the OpenProcessToken function to get the Current Process Token handle:

Handle htokeen;

OpenProcessToken (GetCurrentProcess (), Token_Query | Token_adjust_privileges, & htokeen;

Then we use the lookupprivilegesvalue function to get the LUID value:

Token_Privileges tokenprivileges;

LookuppprivileGesValue (Null, "Sedbugprivilege", & tokenprivileges [0] .luid);

The first parameter we pass a null, which is a local system, and the second parameter we pass a privileged name SedebugPrivilege, and the third parameter is used to save the address of the LUID. Finally, we call an AdjustTokenPrivileges function that you can do it, the following gives a complete C code:

Bool Debugwinlogon (Void)

{

Handle htokeen;

Token_privileges tokenprivileges, previousstate;

DWORD dwreturnLength = 0;

IF (getCurrentProcess (), Token_Query | token_adjust_privileges,

& htokeen) {IF (LookuppprivileGesValue (Null, "Sedbugprivilege", & tokenprivileges [0] .luid) {

Tokenprivileges.privilegectount = 1;

TokenPrivileges [0] .attributes = se_privilege_enabled;

Return (AdjustTokenprivileges (HToken, False, & tokenprivileges, Sizeof

(Token_privileges), & presentstate, & dwreturnLength));

}

}

Return False;

}

转载请注明原文地址:https://www.9cbs.com/read-4617.html

9cbs

New Post(0)