GetProcessTokenElevationTypeStaus
来源:互联网 发布:mysql 建表时创建索引 编辑:程序博客网 时间:2024/06/07 05:40
#include <stdio.h>#include <Windows.h>#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)//关闭句柄#define SafeCloseHandle(Handle) { if(Handle){CloseHandle(Handle);Handle=NULL;} }//获取TokenElevationTypeTOKEN_ELEVATION_TYPE GetProcessTokenElevationTypeStaus(DWORD ProcessId){HANDLE ProcessHandle = NULL; HANDLE TokenHandle=NULL;static TOKEN_ELEVATION_TYPE TokenElevationTypeStaus=TokenElevationTypeDefault;NTSTATUS status;static ULONG ReturnLength=sizeof(TOKEN_ELEVATION_TYPE);typedef NTSTATUS (NTAPI *fnZwQueryInformationToken) (HANDLE TokenHandle,TOKEN_INFORMATION_CLASS TokenInformationClass,PVOID TokenInformation,ULONG TokenInformationLength,PULONG ReturnLength); static fnZwQueryInformationToken pZwQueryInformationToken=(fnZwQueryInformationToken)GetProcAddress(GetModuleHandle(TEXT("ntdll.dll")),"ZwQueryInformationToken"); do {ProcessHandle=OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,ProcessId);if (ProcessHandle==NULL)break;//打开进程令牌 if (!OpenProcessToken(ProcessHandle, TOKEN_QUERY, &TokenHandle)) break; status=pZwQueryInformationToken(TokenHandle, TokenElevationType, &TokenElevationTypeStaus, ReturnLength, &ReturnLength); if (!NT_SUCCESS(status)) { break; }else{printf("%d\n",TokenElevationTypeStaus);}} while (FALSE);SafeCloseHandle(TokenHandle); SafeCloseHandle(ProcessHandle); return TokenElevationTypeStaus;}int main (void){GetProcessTokenElevationTypeStaus(GetCurrentProcessId());getchar();getchar();return 0;}