我正在以管理员组中的用户身份运行进程,尝试获取另一个进程的进程令牌.另一个进程由不在Administrators组中的用户运行.这是我正在使用的代码的要点.此代码中的pid表示非管理进程的进程ID.所有这些都在Windows XP SP 2上,并且都在同一台机器上.这里没有远程访问.
HANDLE handle;
HANDLE token;
handle = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,pid);
token = NULL;
OpenProcessToken(handle,TOKEN_DUPLICATE,&token);
这里参考OpenProcess:http://msdn.microsoft.com/en-us/library/ms684320%28VS.85%29.aspx
这里参考OpenProcessToken:http://msdn.microsoft.com/en-us/library/aa379295%28VS.85%29.aspx
OpenProcess成功,但无论我将DesiredAccess参数传递给OpenProcessToken,它都会失败并且GetLastError()返回ERROR_ACCESS_DENIED.我添加了一些代码来了解运行此代码的进程的权限,并尽可能多地启用,以及收集有关我正在尝试获取令牌的进程的信息.这涉及从OpenProcess请求更多访问(READ_CONTROL | ACCESS_SYSTEM_SECURITY以及PROCESS_QUERY_INFORMATION)并调用GetKernelObjectSecurity(句柄).这是我得到的:
current user: PLEASE_T\dbyron (S-1-5-21-3405506234-1792454352-3826119157-1005) current process: group 0: flags: 0x00000007 sid: S-1-5-21-3405506234-1792454352-3826119157-513 (PLEASE_T\None) current process: group 1: flags: 0x00000007 sid: S-1-1-0 (\Everyone) current process: group 2: flags: 0x0000000F sid: S-1-5-32-544 (BUILTIN\Administrators) current process: group 3: flags: 0x00000007 sid: S-1-5-32-545 (BUILTIN\Users) current process: group 4: flags: 0x00000007 sid: S-1-5-4 (NT AUTHORITY\INTERACTIVE) current process: group 5: …