Windows Vista UAC: 如何创建低权限令牌

  
 
#include <sddl.h>
 
void CreateLowProcess()
{
  BOOL bRet ;
  HANDLE hToken ;
  HANDLE hNewToken ;
 
  // Notepad is used as an example
  WCHAR wszProcessName [ MAX_PATH ] =
     L"C://Windows//System32//Notepad.exe";
 
  // Low integrity SID
  WCHAR wszIntegritySid [20] = L"S-1-16-4096";
  PSID pIntegritySid = NULL ;
 
 TOKEN_MANDATORY_LABEL TIL = {0};
 PROCESS_INFORMATION ProcInfo = {0};
  STARTUPINFO StartupInfo = {0};
  ULONG ExitCode = 0;
 
  if ( OpenProcessToken ( GetCurrentProcess (), MAXIMUM_ALLOWED , & hToken ))
 {
    if ( DuplicateTokenEx ( hToken , MAXIMUM_ALLOWED , NULL ,
        SecurityImpersonation, TokenPrimary, & hNewToken ))
    {
      if ( ConvertStringSidToSid ( wszIntegritySid , & pIntegritySid ))
      {
        TIL . Label . Attributes = SE_GROUP_INTEGRITY ;
        TIL . Label . Sid = pIntegritySid ;
 
        // Set the process integrity level
        if ( SetTokenInformation ( hNewToken , TokenIntegrityLevel, & TIL ,
            sizeof (TOKEN_MANDATORY_LABEL) + GetLengthSid ( pIntegritySid )))
            {
              // Create the new process at Low integrity
              bRet = CreateProcessAsUser ( hNewToken , NULL ,
                       wszProcessName , NULL , NULL , FALSE ,
                       0, NULL , NULL , & StartupInfo , & ProcInfo );
            }
 
        LocalFree ( pIntegritySid );
      }
      CloseHandle ( hNewToken );
    }
  CloseHandle ( hToken );
 }
}
 

你可能感兴趣的:(Windows Vista UAC: 如何创建低权限令牌)