设置权限

设置权限

 

  v9 = operator new(0x1Cu);
  v10 =(struct _TOKEN_PRIVILEGES *)v9;
  if (!v9 )
  {
    v15 =-2147024882;
    "Failedto allocate memory for privilege tokens.");
    goto LABEL_342;
  }
  *v9= 0;
  v11 =v9 + 3;
  *v9= 2;
  v12 =0;
  do
  {
    v13 =PRIVILEGES_BACKUP_RESTORE[v12];
    ++v12;
    *(v11 - 2) = v13;
    *(v11 - 1) = (unsigned__int64)v13 >> 32;
    *v11= 2;
    v11 +=3;
  }
  while (v12 < 2);
  v14 =SetPrivileges((int)v11, v10, (int)v11);
  v15 = v14;
  if (v14 < 0)
    "Failedto set privileges.");
  operator delete(v10);

 

//----- (10095F72)--------------------------------------------------------
signed int __fastcall SetPrivileges(int a1, struct _TOKEN_PRIVILEGES *a2, int a3)
{

  v3 =a2;
  v4 =0;
  TokenHandle =0;
  BufferLength = 0;
  if (a2->PrivilegeCount )
  {
    v5 =GetCurrentProcess();
    if (OpenProcessToken(v5, 0x20028u, &TokenHandle))
    {
      if (!AdjustTokenPrivileges(TokenHandle, 0,v3, BufferLength, 0, &BufferLength) )
      {
        if ( GetLastError() == 122 )
        {
          v9 =(struct _TOKEN_PRIVILEGES *)operatornew(BufferLength);
          if ( v9 )
          {
            v9->PrivilegeCount= 0;
            if ( !AdjustTokenPrivileges(TokenHandle, 0,v3, BufferLength, v9, &BufferLength) )
            {
              v10 = GetLastError();
              v4 = v10;
              v11 = v10 <0;
              if ( v10 >0 )
              {
                v4 = (unsigned__int16)v10 | 0x80070000;
                v11 = v4 <0;
              }
              if ( !v11 )
                v4 = -2147467259;
                "Failedto adjust token privileges after resizing to accommodate modifiedprivileges.");
            }
            operator delete(v9);
          }
          else
          {
            v4 = -2147024882;
            "Failedto allocate memory for modified privilege tokens.");
          }
        }
        else
        {
          v12 =GetLastError();
          v4 =v12;
          v13 =v12 < 0;
          if ( v12 >0 )
          {
            v4 = (unsigned __int16)v12 | 0x80070000;
            v13 = v4 <0;
          }
          if ( !v13 )
            v4 = -2147467259;
          "Failedto adjust token privileges.");
        }
      }
      if (TokenHandle && TokenHandle != (HANDLE)-1 )
        CloseHandle(TokenHandle);
    }
    else
    {
      v7 =GetLastError();
      v4 =v7;
      v8 =v7 < 0;
      if (v7 > 0)
      {
        v4 =(unsigned __int16)v7 | 0x80070000;
        v8 =v4 < 0;
      }
      if (!v8 )
        v4 =-2147467259;
      "Failedto get process token to set privileges into.");
    }
  }
  return v4;
}

 

 

TOKEN_PRIVILEGEScontains information about a set of privileges for an access token.

typedef struct_TOKEN_PRIVILEGES

{

ULONGPrivilegeCount; //数组元素的个数

LUID_AND_ATTRIBUTESPrivileges[ANYSIZE_ARRAY]; //数组.类型为LUID_AND_ATTRIBUTES

}TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;

有关LUID_AND_ATTRIBUTES,请查阅MSDN.

TOKEN_PRIVILEGES成员

PrivilegeCount

指定特权数组的个数(因为下一个参数是一个数组)

Privileges

一个LUID_AND_ATTRIBUTES结构体.每个结构体包括LUID和特权的属性. 特权的属性可以是下列值的组合：

属性	描述
SE_PRIVILEGE_ENABLED_BY_DEFAULT	特权默认启用
SE_PRIVILEGE_ENABLED	特权启用.
SE_PRIVILEGE_USED_FOR_ACCESS	特权被用来访问一个对象或服务。 这个标志 被用于 标识有关特权，因为 通过一组客户端应用程序，可能包含不必要的特权