如何在c ++中获取Wmi连接的SeSecurityPrivilege

时间:2018-02-20 09:13:52

标签: c++ wmi

我正在尝试使用c ++应用程序实时检测登录到窗口的任何新事件。我读到它可以通过使用wmi.But的ExecNotificationQuery方法来完成,当它尝试它时我得到访问冲突异常。它有人说应用程序必须有SeSecurityPrivilege.Now如何在创建wmi连接时设置此权限。只是忽略jni部分,我正在调用声明并将此函数用作java的本机函数

更新的代码:

 HANDLE hToken = NULL ;
    LPCTSTR lpszPrivilege = "SeSecurityPrivilege";
    BOOL bEnablePrivilege = true ; 

    TOKEN_PRIVILEGES tp ; 
    LUID luid ; 

    if ( !LookupPrivilegeValue(
    NULL,
    SE_SECURITY_NAME,
    &luid ))
    {
    cout << "LookupPrivilegeValue error : %u \n" << GetLastError() ;
    return  ; 
    }

    tp.PrivilegeCount = 1 ; 
    tp.Privileges[0].Luid = luid ; 
    if( bEnablePrivilege )
    {
    tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED ; 
    }
    else
    {
    tp.Privileges[0].Attributes = 0 ;
    }

    if(!OpenProcessToken(GetCurrentProcess(),
       TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY , & hToken ))
    {
    cout << "erroe in open process %u\n" << GetLastError();
    return ;
    }

    if( !AdjustTokenPrivileges(
    hToken,
    FALSE ,
    &tp,
    sizeof(TOKEN_PRIVILEGES),
    (PTOKEN_PRIVILEGES) NULL,
    (PDWORD) NULL ))
         {
    cout << "AdjustTokenPrivileges error : %u\n" << GetLastError();
    return; 
         }

        if(GetLastError() == ERROR_NOT_ALL_ASSIGNED)
        {
    cout << "The token does not have the specified privilege \n" ;
    return ;  
        }



    // Initializing the COM
    HRESULT hr ; 
    hr = CoInitializeEx( 0 , COINIT_MULTITHREADED );
    if(FAILED(hr))
    {
    cout << "first failed to initialize COM Library " << hex << hr << endl ; 
    return ;
    }

    //Initialize COM security
    hr = CoInitializeSecurity (
    NULL,
    -1,
    NULL,
    NULL,
    RPC_C_AUTHN_LEVEL_DEFAULT,
    RPC_C_IMP_LEVEL_IDENTIFY,
    NULL,
    EOAC_NONE,
    NULL
    );



    if(FAILED(hr))
    {
    cout << "second failed to initilize security."<< hex << hr << endl ; 
    CoUninitialize();
    return ;
    }

      cout << "Initilized the COM"<< endl ;

    //Initializing the IWbemLocator throught a call to CoCreateInstance.
    IWbemLocator *pLoc = 0 ; 

    hr = CoCreateInstance(CLSID_WbemLocator,0,CLSCTX_INPROC_SERVER,IID_IWbemLocator,(LPVOID*) & pLoc);
    if(FAILED(hr))
    {
    cout << "failed to create IWbemLocator object"<< hex << hr << endl ; 
    CoUninitialize();
    return ;
    }

    //Connect to WMI through a call to ConnectServer method of IWbemLocator
    IWbemServices *pSvc = 0 ; 

    hr = pLoc->ConnectServer(
    _bstr_t(L"ROOT\\CIMV2"),
    NULL,
    NULL,
    0,
    NULL,
    0,
    0,
    &pSvc);

    if(FAILED(hr))
    {
    cout << "could not connect to WMI from ConnectServer method"<<hex<<hr<<endl;
    pLoc->Release();
    CoUninitialize();
    return ;
    }

      cout << "Connected to WMI" << endl ; 

    //Setting security level on a Wmi connection

    hr = CoSetProxyBlanket(pSvc,
    RPC_C_AUTHN_WINNT,
    RPC_C_AUTHZ_NONE,
    NULL,
    RPC_C_AUTHN_LEVEL_CALL,
    RPC_C_IMP_LEVEL_IMPERSONATE,
    NULL,
    EOAC_NONE
    );

    if(FAILED(hr))
    {
    cout << "could not set security level on wmi connection" << hex << hr << endl;
    pSvc->Release();
    pLoc->Release();
    CoUninitialize();
    return ;
    }

      cout << "Security level set on wmi connection" << endl;


    // Querying for data using executeQuery Method of IWbemServies pointer

    IEnumWbemClassObject* pEnumerator = NULL ; 
    hr = pSvc->ExecNotificationQuery (
    bstr_t("WQL"),
    //bstr_t(Cquery),
    bstr_t("select * from __InstanceCreationEvent where TargetInstance ISA 'Win32_NTLogEvent'"),
    WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
    NULL,
    &pEnumerator);

    if(FAILED(hr))
    {
    cout << "Query for operating system failed for Win32_NTLogEvent" << hex << endl ; 
    pSvc->Release();
    pLoc->Release();
    CoUninitialize();
    return ; 
    }
      cout << "data is obtained from the operating system" << endl ; 

    //Getting the data from the query for Win32_NTLogEvent

    IWbemClassObject *pclsobj = NULL ; 
    ULONG uReturn = 0 ; 

    string logname ; int lognum = 0 ;

    while (pEnumerator && lognum < 2 )
    { 
    lognum++ ; 

    HRESULT hr = pEnumerator->Next(WBEM_INFINITE,1,&pclsobj,&uReturn);
    if( 0 == uReturn )
    {
    cout << "loop broke" << endl ;
    cout << "uReturn value :" << uReturn << endl ; 
    break;
    }
      cout << "uReturn value :" << uReturn << endl ; 
    VARIANT vtProp;


    string Properties[11] = {"ComputerName" , "Message" , "Logfile" , "SourceName" , "Type" , "EventCode" , "EventIdentifer" , "EventType" , "RecordNumber" , "TimeGenerated" , "TimeWritten"};



    int index = 0 ; 
    for( index = 0 ; index < 11 ; index++ )
    {

    LPWSTR prop ;
    std::wstring property(Properties[index].begin() , Properties[index].end()) ; 
    prop = (LPWSTR) property.c_str();
    hr = pclsobj->Get(prop, 0 , &vtProp , 0 , 0 );

    if(index < 5 )
    {
    cout << "getting property" << endl ; 
    BSTR bpropertyvalue = vtProp.bstrVal ;


    cout << Properties[index] << "reached here" << endl ;

    std::wstring wpropertyvalue(bpropertyvalue,SysStringLen(bpropertyvalue));**the crash occurs in this point**      //CONVERTING BSTR TO WSTRING
    cout << Properties[index] << "reached here again" << endl ;
    string propertyvalue(wpropertyvalue.begin(),wpropertyvalue.end());
    propertyvalue.assign(wpropertyvalue.begin(),wpropertyvalue.end());             //CONVERTING WSTRING TO C++ STRING

    cout << Properties[index] << ":" <<  propertyvalue << endl ;  
    VariantClear(&vtProp);
    }
    else if( index < 9 )
    {

    int propertyvalue ;             //CONVERTING UINT TO INT

    if( index == 5 )
    { propertyvalue = vtProp.uiVal ;} 
    else if(index == 6 )
    { propertyvalue = vtProp.ulVal ;} 
    else if(index == 7)
    { propertyvalue = vtProp.intVal ;} 
    else 
    { propertyvalue = vtProp.ulVal ; } 

    cout << Properties[index] << ":" <<  propertyvalue << endl ;
    VariantClear(&vtProp);
           }
        else
        {
    CString gendate(vtProp);
    cout << " gendate : " << gendate << endl ;
    string s(gendate); 
    string year(s,0,4);
    string month(s,4,2);
    string day(s,6,2);
    string hour(s,8,2);
    string minute(s,10,2);
    string sec(s,12,2);
    string millisec(s,15,6);

    struct tm t = {0} ; 
    stringstream yearstrm(year) ; 
    int yr = 0 ; yearstrm >> yr ; 
    stringstream monthstrm(month) ;
    int mn = 0 ; monthstrm >> mn ; 
    stringstream daystrm(day) ;
    int dy = 0 ; daystrm >> dy ; 
    stringstream hourstrm(hour) ;
    int hr = 0 ; hourstrm >> hr ; 
    stringstream minstrm(minute) ;
    int min = 0 ;minstrm >> min ; 
    stringstream secstrm(sec) ;
    int sc = 0 ;secstrm >> sc ;
    stringstream millisecstrm(millisec) ;
    int msec = 0 ; millisecstrm >> msec ; 


    t.tm_year = yr-1900 ; 
    t.tm_mon = mn-1 ; 
    t.tm_mday = dy ; 
    t.tm_hour = hr ; 
    t.tm_min = min ; 
    t.tm_sec = sc ; 
    time_t time = mktime(&t) * 1000 + msec ;
    cout << yr <<"-" << mn <<"-" << dy << "-" << hr << ":" <<  min << ":" << sc << endl ; 
    stringstream timegen ; 
    timegen << time ; 
    std::string timestr = timegen.str() ;
    cout << timestr << endl ;  

    VariantClear(&vtProp);

        }
    }


    //cout << "---------------------------------------------" << endl ; 

1 个答案:

答案 0 :(得分:1)

获取权限通常涉及3个步骤:查询权限LUID,获取具有访问权限的条目句柄,允许调整权限,调整权限。

// Fill struct.
::TOKEN_PRIVILEGES tkp;
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(FALSE == ::LookupPrivilegeValueW(nullptr, SE_SECURITY_NAME, ::std::addressof(tkp.Privileges[0].Luid)))
{
    // Handle error...
}
//  Obtain current process (pseudo) handle.
auto const this_process_handle{::GetCurrentProcess()};
assert(reinterpret_cast<::HANDLE>(-1) == this_process_handle); // No need to call CloseHandle.
//  Obtain privilege token for this process.
::HANDLE naked_token_handle{};
constexpr ::DWORD const access_flags{TOKEN_ADJUST_PRIVILEGES bitor TOKEN_QUERY};
if(FALSE == ::OpenProcessToken(this_process_handle, access_flags, ::std::addressof(naked_token_handle)))
{
    // Handle error...
}
assert(NULL != naked_token_handle); // Must call CloseHandle to cleanup.
//  Enable privilege.
if(FALSE == ::AdjustTokenPrivileges(naked_token_handle, FALSE, ::std::addressof(tkp), 0, nullptr, nullptr))
{
    // Handle error and close handle...
}
if(FALSE = ::CloseHandle(naked_token_handle))
{
    // Handle error...
}