7 个解决方案
#1
CreateProcessAsUser 或者ShellExecuteEx lpVerb = _T("run as");..
#2
你第二个函数是提升权限运行的,和降低没啥关系。第一个函数我知道。但是你知道怎么用吗?在进程中没有成功
#3
你以标准用户创建进程无非就是为了限制进程的某些权限,你用JobObject限制不就可以了...
#4
用CreateRestrictedToken创建一个受限token,然后用CreateProcessAsUser创建进程
#5
这个方法试过了,CreateProcessAsUser的使用好像也有权限方面的问题,能不能给些例子。
#6
CreateProcessAsUser无需特殊特权,只要传入有效的token即可
现在没时间做,这是我以前用PowerBasic编的
现在没时间做,这是我以前用PowerBasic编的
#Compile Exe
#Dim All
%USEMACROS=1
#If Not %Def(%PB_CC32)
%PB_CC32=1
#EndIf
%NOGDI=1
%NOMMIDS=1
#Include Once "WIN32API.INC"
Declare Function CreateRestrictedToken Lib "ADVAPI32.DLL" Alias "CreateRestrictedToken"(ByVal ExistingTokenHandle As Dword,ByVal Flags As Dword,ByVal DisableSidCount As Dword,SidsToDisable As Any,ByVal DeletePrivilegeCount As Dword, _
PrivilegesToDelete As Any,ByVal RestrictedSidCount As Dword,SidsToRestrict As Any,NewTokenHandle As Dword) As Long
Declare Function CreateProcessAsUserW Lib "ADVAPI32.DLL" Alias "CreateProcessAsUserW" (ByVal TokenHandle As Dword,ByVal lpApplicationName As Dword,ByVal lpCommandLine As Dword,ByVal lpProcessAttributes As Dword,ByVal lpThreadAttributes As Dword, _
ByVal bInheritHandles As Long, ByVal dwCreationFlags As Dword, lpEnvironment As Any,ByVal lpCurrentDirectory As Dword, lpStartupInfo As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As Long
Function PBMain () As Long
Dim hToken As Dword,hNewToken As Dword,Length As Dword,CmdLine$,SI As STARTUPINFO,PI As PROCESS_INFORMATION,SidAttrib As SID_AND_ATTRIBUTES,Privileges(0 To 25) As LUID_AND_ATTRIBUTES
Dim ia As SID_IDENTIFIER_AUTHORITY
If Len(Command$)=0 Then
MsgBox "Create a process with restricted privileges."+$CrLf+$CrLf+"Usage:"+$CrLf+"RunRestrained [Command Line]"+$CrLf+$CrLf+"Sample:"+$CrLf+"RunRestrained cmd.exe /k dir c:\",,"RunRestrained"
ExitProcess 0
End If
If OpenProcessToken(-1,%TOKEN_ALL_ACCESS,hToken) Then
ia.Value(0)=0
ia.Value(1)=0
ia.Value(2)=0
ia.Value(3)=0
ia.Value(4)=0
ia.Value(5)=5
AllocateAndInitializeSid ia,2,%SECURITY_BUILTIN_DOMAIN_RID,%DOMAIN_ALIAS_RID_ADMINS,0,0,0,0,0,0,SidAttrib.pSid
SidAttrib.Attributes=0
Privileges(0).pLuid.LowPart=2
Privileges(1).pLuid.LowPart=3
Privileges(2).pLuid.LowPart=4
Privileges(3).pLuid.LowPart=5
Privileges(4).pLuid.LowPart=6
Privileges(5).pLuid.LowPart=7
Privileges(6).pLuid.LowPart=8
Privileges(7).pLuid.LowPart=9
Privileges(8).pLuid.LowPart=10
Privileges(9).pLuid.LowPart=11
Privileges(10).pLuid.LowPart=12
Privileges(11).pLuid.LowPart=13
Privileges(12).pLuid.LowPart=14
Privileges(13).pLuid.LowPart=15
Privileges(14).pLuid.LowPart=16
Privileges(15).pLuid.LowPart=17
Privileges(16).pLuid.LowPart=18
Privileges(17).pLuid.LowPart=20
Privileges(18).pLuid.LowPart=21
Privileges(19).pLuid.LowPart=22
Privileges(20).pLuid.LowPart=24
Privileges(21).pLuid.LowPart=26
Privileges(22).pLuid.LowPart=27
Privileges(23).pLuid.LowPart=28
Privileges(24).pLuid.LowPart=29
Privileges(25).pLuid.LowPart=30
If CreateRestrictedToken(hToken,0,1,SidAttrib,26,Privileges(0),0,ByVal 0,hNewToken) Then
CmdLine$=UCode$(Command$)
SI.cb=SizeOf(STARTUPINFO)
CreateProcessAsUserW hNewToken,0,StrPtr(CmdLine$),0,0,0,0,ByVal 0,0,SI,PI
CloseHandle hToken
CloseHandle hNewToken
CloseHandle PI.hThread
CloseHandle PI.hProcess
End If
FreeSid SidAttrib.pSid
End If
End Function
#7
例子很多,自己去Google
http://topic.csdn.net/u/20091118/17/8614965e-0a50-4a3d-891b-ff61bf76902c.html
#1
CreateProcessAsUser 或者ShellExecuteEx lpVerb = _T("run as");..
#2
你第二个函数是提升权限运行的,和降低没啥关系。第一个函数我知道。但是你知道怎么用吗?在进程中没有成功
#3
你以标准用户创建进程无非就是为了限制进程的某些权限,你用JobObject限制不就可以了...
#4
用CreateRestrictedToken创建一个受限token,然后用CreateProcessAsUser创建进程
#5
这个方法试过了,CreateProcessAsUser的使用好像也有权限方面的问题,能不能给些例子。
#6
CreateProcessAsUser无需特殊特权,只要传入有效的token即可
现在没时间做,这是我以前用PowerBasic编的
现在没时间做,这是我以前用PowerBasic编的
#Compile Exe
#Dim All
%USEMACROS=1
#If Not %Def(%PB_CC32)
%PB_CC32=1
#EndIf
%NOGDI=1
%NOMMIDS=1
#Include Once "WIN32API.INC"
Declare Function CreateRestrictedToken Lib "ADVAPI32.DLL" Alias "CreateRestrictedToken"(ByVal ExistingTokenHandle As Dword,ByVal Flags As Dword,ByVal DisableSidCount As Dword,SidsToDisable As Any,ByVal DeletePrivilegeCount As Dword, _
PrivilegesToDelete As Any,ByVal RestrictedSidCount As Dword,SidsToRestrict As Any,NewTokenHandle As Dword) As Long
Declare Function CreateProcessAsUserW Lib "ADVAPI32.DLL" Alias "CreateProcessAsUserW" (ByVal TokenHandle As Dword,ByVal lpApplicationName As Dword,ByVal lpCommandLine As Dword,ByVal lpProcessAttributes As Dword,ByVal lpThreadAttributes As Dword, _
ByVal bInheritHandles As Long, ByVal dwCreationFlags As Dword, lpEnvironment As Any,ByVal lpCurrentDirectory As Dword, lpStartupInfo As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As Long
Function PBMain () As Long
Dim hToken As Dword,hNewToken As Dword,Length As Dword,CmdLine$,SI As STARTUPINFO,PI As PROCESS_INFORMATION,SidAttrib As SID_AND_ATTRIBUTES,Privileges(0 To 25) As LUID_AND_ATTRIBUTES
Dim ia As SID_IDENTIFIER_AUTHORITY
If Len(Command$)=0 Then
MsgBox "Create a process with restricted privileges."+$CrLf+$CrLf+"Usage:"+$CrLf+"RunRestrained [Command Line]"+$CrLf+$CrLf+"Sample:"+$CrLf+"RunRestrained cmd.exe /k dir c:\",,"RunRestrained"
ExitProcess 0
End If
If OpenProcessToken(-1,%TOKEN_ALL_ACCESS,hToken) Then
ia.Value(0)=0
ia.Value(1)=0
ia.Value(2)=0
ia.Value(3)=0
ia.Value(4)=0
ia.Value(5)=5
AllocateAndInitializeSid ia,2,%SECURITY_BUILTIN_DOMAIN_RID,%DOMAIN_ALIAS_RID_ADMINS,0,0,0,0,0,0,SidAttrib.pSid
SidAttrib.Attributes=0
Privileges(0).pLuid.LowPart=2
Privileges(1).pLuid.LowPart=3
Privileges(2).pLuid.LowPart=4
Privileges(3).pLuid.LowPart=5
Privileges(4).pLuid.LowPart=6
Privileges(5).pLuid.LowPart=7
Privileges(6).pLuid.LowPart=8
Privileges(7).pLuid.LowPart=9
Privileges(8).pLuid.LowPart=10
Privileges(9).pLuid.LowPart=11
Privileges(10).pLuid.LowPart=12
Privileges(11).pLuid.LowPart=13
Privileges(12).pLuid.LowPart=14
Privileges(13).pLuid.LowPart=15
Privileges(14).pLuid.LowPart=16
Privileges(15).pLuid.LowPart=17
Privileges(16).pLuid.LowPart=18
Privileges(17).pLuid.LowPart=20
Privileges(18).pLuid.LowPart=21
Privileges(19).pLuid.LowPart=22
Privileges(20).pLuid.LowPart=24
Privileges(21).pLuid.LowPart=26
Privileges(22).pLuid.LowPart=27
Privileges(23).pLuid.LowPart=28
Privileges(24).pLuid.LowPart=29
Privileges(25).pLuid.LowPart=30
If CreateRestrictedToken(hToken,0,1,SidAttrib,26,Privileges(0),0,ByVal 0,hNewToken) Then
CmdLine$=UCode$(Command$)
SI.cb=SizeOf(STARTUPINFO)
CreateProcessAsUserW hNewToken,0,StrPtr(CmdLine$),0,0,0,0,ByVal 0,0,SI,PI
CloseHandle hToken
CloseHandle hNewToken
CloseHandle PI.hThread
CloseHandle PI.hProcess
End If
FreeSid SidAttrib.pSid
End If
End Function
#7
例子很多,自己去Google
http://topic.csdn.net/u/20091118/17/8614965e-0a50-4a3d-891b-ff61bf76902c.html