我尝试使用c / c ++
在D:驱动器上创建新文件我发现这段代码获得了Windows写入权限,但它无法正常工作
有人可以帮助我,我是c ++的新手吗?
BOOL SetPrivilege(
HANDLE hToken, // access token handle
LPCTSTR lpszPrivilege, // name of privilege to enable/disable
BOOL bEnablePrivilege // to enable (or disable privilege)
)
{
// Token privilege structure
TOKEN_PRIVILEGES tp;
// Used by local system to identify the privilege
LUID luid;
if(!LookupPrivilegeValue(
NULL, // lookup privilege on local system
lpszPrivilege, // privilege to lookup
&luid)) // receives LUID of privilege
{
printf("LookupPrivilegeValue() error: %u\n", GetLastError());
return FALSE;
}
else
printf("LookupPrivilegeValue() is OK\n");
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
// Don't forget to disable the privileges after you enabled them,
// or have already completed your task. Don't mess up your system :o)
if(bEnablePrivilege)
{
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
printf("tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED\n");
}
else
{
tp.Privileges[0].Attributes = 0;
printf("tp.Privileges[0].Attributes = 0\n");
}
// Enable the privilege (or disable all privileges).
if(!AdjustTokenPrivileges(
hToken,
FALSE, // If TRUE, function disables all privileges, if FALSE the function modifies privilege based on the tp
&tp,
sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES) NULL,
(PDWORD) NULL))
{
printf("AdjustTokenPrivileges() error: %u\n", GetLastError());
return FALSE;
}
else
{
printf("AdjustTokenPrivileges() is OK, last error if any: %u\n", GetLastError());
printf("Should be 0, means the operation completed successfully = ERROR_SUCCESS\n");
}
return TRUE;
}
我的主要功能
int main()
{
LPCTSTR lpszPrivilege = L"SeSecurityPrivilege";
// Change this BOOL value to set/unset the SE_PRIVILEGE_ENABLED attribute
BOOL bEnablePrivilege = TRUE;
HANDLE hToken;
// Open a handle to the access token for the calling process. That is this running program
if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
{
printf("OpenProcessToken() error %u\n", GetLastError());
return FALSE;
}
else
printf("OpenProcessToken() is OK\n");
// Call the user defined SetPrivilege() function to enable and set the needed privilege
BOOL test = SetPrivilege(hToken, lpszPrivilege, bEnablePrivilege);
printf("The SetPrivilege() return value: %d\n\n", test);
ofstream myFile;
myFile.open("C:\\test.txt");
myFile << "I am C";
myFile.close();
bEnablePrivilege = FALSE;
BOOL test1 = SetPrivilege(hToken, lpszPrivilege, bEnablePrivilege);
printf("The SetPrivilage() return value: %d\n", test1);
system("PAUSE");
return 0;
}
控制台中的输出如下所示:
OpenProcessToken() is OK
LookupPrivilegeValue() is OK
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED
AdjustTokenPrivileges() is OK, last error if any: 1300
Should be 0, means the operation completed successfully = ERROR_SUCCESS
The SetPrivilege() return value: 1
LookupPrivilegeValue() is OK
tp.Privileges[0].Attributes = 0
AdjustTokenPrivileges() is OK, last error if any: 1300
Should be 0, means the operation completed successfully = ERROR_SUCCESS
The SetPrivilage() return value: 1
Press any key to continue . . .
答案 0 :(得分:4)
SeSecurityPrivilege是“管理审核和安全日志”用户权限(请参阅list of privilege constants)。它与编写文件完全无关。实际上,在正常情况下,您不需要启用任何权限就可以将文件写入驱动器的根目录,尽管该进程确实需要以管理员身份运行。
Error 1300表示“并非所有引用的权限或组都分配给调用者。”也就是说,未成功启用该权限,因为该进程无权使用该权限。这是因为该过程不是以管理员身份运行。
因此,首先,您可以删除示例中的几乎所有代码,除了实际写入文件的四行之外的所有代码。然后,您只需要以管理员身份运行该应用程序。
要执行此操作,请右键单击可执行文件,然后选择“以管理员身份运行”。如果以这种方式运行应用程序,它将能够写入该文件。 (注意:在Windows XP中,您不需要这样做,但您确实需要以具有管理权限的用户身份登录。)
答案 1 :(得分:2)
AdjustTokenPrivileges 无法在令牌中添加或删除权限。它只能启用当前禁用的现有权限或禁用当前启用的现有权限。
ERROR 1300表示您尚未拥有“SeSecurityPrivilege”。因此,您无法启用或禁用它。
有关更多信息,请查看: Changing Privileges in a Token