当前位置: 首页>>代码示例>>C++>>正文


C++ OpenThreadToken函数代码示例

本文整理汇总了C++中OpenThreadToken函数的典型用法代码示例。如果您正苦于以下问题:C++ OpenThreadToken函数的具体用法?C++ OpenThreadToken怎么用?C++ OpenThreadToken使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了OpenThreadToken函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。

示例1: UnsetSeDebug

int UnsetSeDebug()
{
    HANDLE hToken;
    if(! OpenThreadToken(GetCurrentThread(),
                        TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
                        FALSE,
                        &hToken)
                        ){
        if(GetLastError() == ERROR_NO_TOKEN){
            if(! ImpersonateSelf(SecurityImpersonation)){
                //Log2File("Error setting impersonation! [UnsetSeDebug()]", L_DEBUG);
                return 0;
            }

            if(!OpenThreadToken(GetCurrentThread(),
                                TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
                                FALSE,
                                &hToken)
                                ){
                //Log2File("Error Opening Thread Token! [UnsetSeDebug()]", L_DEBUG);
                return 0;
            }
        }
    }

    //now disable SeDebug
    if(!SetPrivilege(hToken, SE_DEBUG_NAME, FALSE)){
        //Log2File("Error unsetting SeDebug Privilege [SetPrivilege()]", L_WARN);
        return 0;
    }

    CloseHandle(hToken);
    return 1;
}
开发者ID:jazinga,项目名称:psutil,代码行数:34,代码来源:security.c

示例2: s_GetThreadToken

static HANDLE s_GetThreadToken(DWORD access)
{
    HANDLE token;
    if ( !OpenThreadToken(GetCurrentThread(), access, FALSE, &token) ) {
        DWORD res = GetLastError();
        if ( res == ERROR_NO_TOKEN ) {
            if ( !ImpersonateSelf(SecurityImpersonation) ) {
                // Failed to obtain a token for the current thread and user
                CNcbiError::SetFromWindowsError();
                return INVALID_HANDLE_VALUE;
            }
            if ( !OpenThreadToken(GetCurrentThread(), access, FALSE, &token) ) {
                // Failed to open the current threads token with the required access rights
                CNcbiError::SetFromWindowsError();
                token = INVALID_HANDLE_VALUE;
            }
            RevertToSelf();
        } else {
            // Failed to open the current threads token with the required access rights
            CNcbiError::SetWindowsError(res);
            return NULL;
        }
    }
    return token;
}
开发者ID:DmitrySigaev,项目名称:ncbi,代码行数:25,代码来源:ncbi_os_mswin.cpp

示例3: set_privilege

/**
* @brief	adjust privilege
* @param	
* @see		
* @remarks http://support.microsoft.com/kb/131065/EN-US/
* @code		
* @endcode	
* @return	
*/
bool set_privilege(_In_z_ const wchar_t* privilege, _In_ bool enable)
{
	HANDLE token = INVALID_HANDLE_VALUE;
	if (TRUE != OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &token) )
	{
		if (ERROR_NO_TOKEN == GetLastError() )
		{
			if ( ImpersonateSelf(SecurityImpersonation)	!= TRUE ) { return FALSE; }

			if (TRUE != OpenThreadToken(GetCurrentThread(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,FALSE,&token) )
			{
				return FALSE;
			}
		}
		else
		{			
			return FALSE;
		}
	}

	TOKEN_PRIVILEGES tp = { 0 };		
	LUID luid = {0};
	DWORD cb = sizeof(TOKEN_PRIVILEGES);
	
	bool ret = false;
	do 
	{
		if(!LookupPrivilegeValueW( NULL, privilege, &luid )) { break; }

		tp.PrivilegeCount = 1;
		tp.Privileges[0].Luid = luid;
		if(enable) 
		{ 
			tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
		} 
		else 
		{
			tp.Privileges[0].Attributes = 0;
		}
	
		AdjustTokenPrivileges( token, FALSE, &tp, cb, NULL, NULL );
		if (GetLastError() != ERROR_SUCCESS) { break; }

		ret = true;
	} while (false);
	
	CloseHandle(token);
	return ret;
}
开发者ID:jujinesy,项目名称:apihook,代码行数:58,代码来源:injector.cpp

示例4: sizeof

/// <summary>
/// Grant current process arbitrary privilege
/// </summary>
/// <param name="name">Privilege name</param>
/// <returns>Status</returns>
NTSTATUS Process::GrantPriviledge( const std::basic_string<TCHAR>& name )
{
    TOKEN_PRIVILEGES Priv, PrivOld;
    DWORD cbPriv = sizeof(PrivOld);
    HANDLE hToken;

    if (!OpenThreadToken( GetCurrentThread(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, FALSE, &hToken ))
    {
        if (GetLastError() != ERROR_NO_TOKEN)
            return LastNtStatus();

        if (!OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken ))
            return LastNtStatus();
    }

    Priv.PrivilegeCount = 1;
    Priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    LookupPrivilegeValue( NULL, name.c_str(), &Priv.Privileges[0].Luid );

    if (!AdjustTokenPrivileges( hToken, FALSE, &Priv, sizeof(Priv), &PrivOld, &cbPriv ))
    {
        CloseHandle( hToken );
        return LastNtStatus();
    }

    if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
    {
        CloseHandle( hToken );
        return LastNtStatus();
    }
    
    return STATUS_SUCCESS;
}
开发者ID:ApocalypsEnd,项目名称:Blackbone,代码行数:38,代码来源:Process.cpp

示例5: request_sys_config_getuid

/*
 * sys_getuid
 * ----------
 *
 * Gets the user information of the user the server is executing as
 */
DWORD request_sys_config_getuid(Remote *remote, Packet *packet)
{
	Packet *response = packet_create_response(packet);
	DWORD res = ERROR_SUCCESS;
#ifdef _WIN32
	CHAR username[512], username_only[512], domainname_only[512];
	LPVOID TokenUserInfo[4096];
	HANDLE token;
	DWORD user_length = sizeof(username_only), domain_length = sizeof(domainname_only);
	DWORD size = sizeof(username), sid_type = 0, returned_tokinfo_length;

	memset(username, 0, sizeof(username));
	memset(username_only, 0, sizeof(username_only));
	memset(domainname_only, 0, sizeof(domainname_only));

	do
	{
		if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &token))
		{
			OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token);
		}

		if (!GetTokenInformation(token, TokenUser, TokenUserInfo, 4096, &returned_tokinfo_length))
		{
			res = GetLastError();
			break;
		}
		
		if (!LookupAccountSidA(NULL, ((TOKEN_USER*)TokenUserInfo)->User.Sid, username_only, &user_length, domainname_only, &domain_length, (PSID_NAME_USE)&sid_type))
		{
			res = GetLastError();
			break;
		}

 		// Make full name in DOMAIN\USERNAME format
		_snprintf(username, 512, "%s\\%s", domainname_only, username_only);
		username[511] = '\0';

		packet_add_tlv_string(response, TLV_TYPE_USER_NAME, username);

	} while (0);
#else
	CHAR info[512];
	uid_t ru, eu, su;
	gid_t rg, eg, sg;

	ru = eu = su = rg = eg = sg = 31337;

	getresuid(&ru, &eu, &su);
	getresgid(&rg, &eg, &sg);

	snprintf(info, sizeof(info)-1, "uid=%d, gid=%d, euid=%d, egid=%d, suid=%d, sgid=%d", ru, rg, eu, eg, su, sg);
	packet_add_tlv_string(response, TLV_TYPE_USER_NAME, info);
#endif

	// Transmit the response
	packet_transmit_response(res, remote, response);

	return res;
}
开发者ID:BaldyBadgersRunningRoundMyBrain,项目名称:meterpreter,代码行数:66,代码来源:config.c

示例6: GetAnonymousToken

HANDLE GetAnonymousToken()
{
  ImpersonateAnonymousToken(GetCurrentThread());
  HANDLE hToken;
  OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, &hToken);
  RevertToSelf();
  
  PSECURITY_DESCRIPTOR pSD;
  ULONG sd_length;
  if (!ConvertStringSecurityDescriptorToSecurityDescriptor(L"D:(A;;GA;;;WD)(A;;GA;;;AN)", SDDL_REVISION_1, &pSD, &sd_length))
  {
    printf("Error converting SDDL: %d\n", GetLastError());
    exit(1);
  }

  TOKEN_DEFAULT_DACL dacl;
  BOOL bPresent;
  BOOL bDefaulted;
  PACL pDACL;
  GetSecurityDescriptorDacl(pSD, &bPresent, &pDACL, &bDefaulted);
  dacl.DefaultDacl = pDACL;

  if (!SetTokenInformation(hToken, TokenDefaultDacl, &dacl, sizeof(dacl)))
  {
    printf("Error setting default DACL: %d\n", GetLastError());
    exit(1);
  }

  return hToken;
}
开发者ID:0x24bin,项目名称:exploit-database,代码行数:30,代码来源:39740.cpp

示例7: OpenThreadToken

bool DebugToken::Enable()
{
	if (enabled || hDebugToken == NULL)
		return true;

	BOOL rc = OpenThreadToken(GetCurrentThread(), TOKEN_IMPERSONATE, TRUE, &hSavedToken);

	if (!rc)
	{
		hSavedToken = NULL;

		if (GetLastError()==ERROR_NO_TOKEN)
			rc = ERROR_SUCCESS;
		else
			return false;
	}

	rc = SetThreadToken(NULL, hDebugToken);

	if (!rc)
	{
		if (hSavedToken != NULL)
		{
			CloseHandle(hSavedToken);
			hSavedToken = NULL;
		}

		return false;
	}

	enabled = true;
	return true;
}
开发者ID:CyberShadow,项目名称:FAR,代码行数:33,代码来源:Plist.cpp

示例8: ImpersonateAndCheckAccess

BOOL ImpersonateAndCheckAccess(PCtxtHandle phContext, 
							   PSECURITY_DESCRIPTOR psdSD, 
							   PDWORD pdwAccessGranted) {
	HANDLE hToken = NULL;
	
	// AccessCheck() variables
	DWORD           dwAccessDesired = MAXIMUM_ALLOWED;
	PRIVILEGE_SET   PrivilegeSet;
	DWORD           dwPrivSetSize = sizeof(PRIVILEGE_SET);
	BOOL            fAccessGranted = FALSE;
	GENERIC_MAPPING GenericMapping = { vncGenericRead, vncGenericWrite, 
									   vncGenericExecute, vncGenericAll };
	
	// This only does something if we want to use generic access
	// rights, like GENERIC_ALL, in our call to AccessCheck().
	MapGenericMask(&dwAccessDesired, &GenericMapping);
	
	// AccessCheck() requires an impersonation token.
	if ((fn._ImpersonateSecurityContext(phContext) == SEC_E_OK)
		&& OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken)
		&& AccessCheck(psdSD, hToken, dwAccessDesired, &GenericMapping,
		&PrivilegeSet, &dwPrivSetSize, pdwAccessGranted, &fAccessGranted)) {
		// Restrict access to relevant rights only
		fAccessGranted = AreAnyAccessesGranted(*pdwAccessGranted, ViewOnly | Interact);
	}
	
	// End impersonation
	fn._RevertSecurityContext(phContext);
	
	// Close handles
	if (hToken)
		CloseHandle(hToken);
	
	return fAccessGranted;
}
开发者ID:copilot-com,项目名称:CopilotVNC,代码行数:35,代码来源:authSSP.cpp

示例9: _tprintf

//*****************************************************************************
//* Function Name: DumpToken
//*   Description: 
//*****************************************************************************
STDMETHODIMP CTestObject::DumpToken (void)
{
	(void) _tprintf (_T("CTestObject::DumpToken\n"));

	DumpClientBlanket ();

	HRESULT l_hr = CoImpersonateClient ();

	if (SUCCEEDED (l_hr)) {
		HANDLE l_hToken = NULL;

		if (OpenThreadToken (GetCurrentThread (), TOKEN_QUERY | TOKEN_QUERY_SOURCE, TRUE, &l_hToken))
		{
			::DumpToken (l_hToken, TRUE);

			(void)CloseHandle (l_hToken);
			l_hToken = NULL;
		}
		else
		{
			DWORD l_dwLastError = GetLastError ();
			(void) _ftprintf (stderr, _T("OpenThreadToken() failed with %ld\n"), l_dwLastError);
		}
	}
	else {
		(void) _ftprintf (stderr, _T("CoImpersonateClient() failed with 0x%08lX\n"), l_hr);
	}

	return S_OK;
}
开发者ID:taylorjg,项目名称:DumpToken,代码行数:34,代码来源:TestObject.cpp

示例10: can_create_global_maps

static int can_create_global_maps(void)
{
    BOOL ok, has_priv;
    LUID priv_id;
    PRIVILEGE_SET privs;
    HANDLE hToken;

    ok = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken);
    if (!ok && GetLastError() == ERROR_NO_TOKEN) {
        /* no thread-specific access token, so try to get process access token
         */
        ok = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken);
    }

    if (ok) {
        ok = LookupPrivilegeValue(NULL, SE_CREATE_GLOBAL_NAME, &priv_id);
    }

    if (ok) {
        privs.PrivilegeCount = 1;
        privs.Control = PRIVILEGE_SET_ALL_NECESSARY;
        privs.Privilege[0].Luid = priv_id;
        privs.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
        ok = PrivilegeCheck(hToken, &privs, &has_priv);
    }

    if (ok && !has_priv) {
        return 0;
    }
    else {
        return 1;
    }
}
开发者ID:Orav,项目名称:kbengine,代码行数:33,代码来源:shm.c

示例11: get_user_token

/*
 * @brief Get the token information for the current thread/process.
 * @param pTokenUser Buffer to receive the token data.
 * @param dwBufferSize Size of the buffer that will receive the token data.
 * @returns Indication of success or failure.
 */
DWORD get_user_token(LPVOID pTokenUser, DWORD dwBufferSize)
{
	DWORD dwResult = 0;
	DWORD dwReturnedLength = 0;
	HANDLE hToken;

	do
	{
		if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken))
		{
			if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
			{
				BREAK_ON_ERROR("[TOKEN] Failed to get a valid token for thread/process.");
			}
		}

		if (!GetTokenInformation(hToken, TokenUser, pTokenUser, dwBufferSize, &dwReturnedLength))
		{
			BREAK_ON_ERROR("[TOKEN] Failed to get token information for thread/process.");
		}

		dwResult = ERROR_SUCCESS;
	} while (0);

	return dwResult;
}
开发者ID:hdm,项目名称:metasploit-payloads,代码行数:32,代码来源:config.c

示例12: _impersonateLevel

static DWORD _impersonateLevel()
{
    DWORD result = RPC_C_IMP_LEVEL_ANONYMOUS;
    HANDLE thr = NULL;

    BOOL status = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &thr);

    if (status)
    {
        SECURITY_IMPERSONATION_LEVEL level = SecurityAnonymous;
        DWORD ret = 0;

        status = GetTokenInformation(thr, TokenImpersonationLevel,
            &level, sizeof(SECURITY_IMPERSONATION_LEVEL), &ret);

        CloseHandle(thr);

        if (status == FALSE)
        {
            result = RPC_C_IMP_LEVEL_ANONYMOUS;
        }
        else
        {
            switch (level)
            {
                case SecurityAnonymous:
                    result = RPC_C_IMP_LEVEL_ANONYMOUS;
                    break;
                case SecurityIdentification:
                    result = RPC_C_IMP_LEVEL_IDENTIFY;
                    break;
                case SecurityImpersonation:
                    result = RPC_C_IMP_LEVEL_IMPERSONATE;
                    break;
                case SecurityDelegation:
                    result = RPC_C_IMP_LEVEL_DELEGATE;
                    break;
                default:
                    result = RPC_C_IMP_LEVEL_ANONYMOUS;
                    break;
            }
        }
    }
    else
    {
        ULONG error = GetLastError();

        if (error == ERROR_NO_IMPERSONATION_TOKEN || error == ERROR_NO_TOKEN)
            result = RPC_C_IMP_LEVEL_DELEGATE;
        else if (error == ERROR_CANT_OPEN_ANONYMOUS)
            result = RPC_C_IMP_LEVEL_ANONYMOUS;
        else
            result = RPC_C_IMP_LEVEL_ANONYMOUS;
    }

    return result;
}
开发者ID:LegalizeAdulthood,项目名称:cimple,代码行数:57,代码来源:GadgetProvider.cpp

示例13: Am_I_In_Admin_Group

BOOL uac::Am_I_In_Admin_Group(BOOL bCheckAdminMode /*= FALSE*/)
{
	BOOL   fAdmin;
	HANDLE  hThread;
	TOKEN_GROUPS *ptg = NULL;
	DWORD  cbTokenGroups;
	DWORD  dwGroup;
	PSID   psidAdmin;
	SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
	if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hThread))
	{
		if (GetLastError() == ERROR_NO_TOKEN)
		{
			if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY,
				&hThread))
				return (FALSE);
		}
		else
			return (FALSE);
	}
	if (GetTokenInformation(hThread, TokenGroups, NULL, 0, &cbTokenGroups))
		return (FALSE);
	if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
		return (FALSE);
	if (!(ptg = (TOKEN_GROUPS*)_alloca(cbTokenGroups)))
		return (FALSE);
	if (!GetTokenInformation(hThread, TokenGroups, ptg, cbTokenGroups,
		&cbTokenGroups))
		return (FALSE);
	if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
		SECURITY_BUILTIN_DOMAIN_RID,
		DOMAIN_ALIAS_RID_ADMINS,
		0, 0, 0, 0, 0, 0, &psidAdmin))
		return (FALSE);
	fAdmin = FALSE;
	for (dwGroup = 0; dwGroup < ptg->GroupCount; dwGroup++)
	{
		if (EqualSid(ptg->Groups[dwGroup].Sid, psidAdmin))
		{
			if (bCheckAdminMode)
			{
				if ((ptg->Groups[dwGroup].Attributes) & SE_GROUP_ENABLED)
				{
					fAdmin = TRUE;
				}
			}
			else
			{
				fAdmin = TRUE;
			}
			break;
		}
	}
	FreeSid(psidAdmin);
	return (fAdmin);
}
开发者ID:wangzhan,项目名称:UACElevation,代码行数:56,代码来源:UACElevation.cpp

示例14: get_token

static int get_token(connection_context *c)
{
	int res = 0;
	int wres;
	HANDLE token;

	if (c->runas) {
		credentials crd;
		if (!prepare_credentials(c->runas, &crd)) {
			hprintf(c->pipe, "error Incorrect runas credentials\n");
			goto finish;
		}
		wres = LogonUser(crd.user, crd.domain, crd.password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &c->token);
		if (!wres) {
			hprintf(c->pipe, "error Cannot LogonUser(%s,%s,%s) %d\n", crd.user, crd.domain, crd.password, GetLastError());
			goto finish;
		}
		res = 1;
		goto finish;
	} else if (c->system) {
		if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &token)) {
			hprintf(c->pipe, "error Cannot OpenProcessToken %d\n", GetLastError());
			goto finish;
		}
	} else {
		if (!ImpersonateNamedPipeClient(c->pipe->h)) {
			hprintf(c->pipe, "error Cannot ImpersonateNamedPipeClient %d\n", GetLastError());
			goto finish;
		}
		if (!OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, FALSE, &token)) {
			hprintf(c->pipe, "error Cannot OpenThreadToken %d\n", GetLastError());
			goto finishRevertToSelf;
		}
	}
	if (!DuplicateTokenEx(token, MAXIMUM_ALLOWED, 0, c->implevel, TokenPrimary, &c->token)) {
		hprintf(c->pipe, "error Cannot Duplicate Token %d\n", GetLastError());
		goto finishCloseToken;
	}
	res = 1;
finishCloseToken:
	CloseHandle(token);
finishRevertToSelf:
	if (!c->system) {
		if (!RevertToSelf()) {
			hprintf(c->pipe, "error Cannot RevertToSelf %d\n", GetLastError());
			res = 0;
		}
	}
finish:
	return res;
}
开发者ID:Jubei-Mitsuyoshi,项目名称:aaa-winexe,代码行数:51,代码来源:winexesvc_loop.c

示例15: enable_debug_privileges

// If the process is owned by another user, request SeDebugPrivilege to open it.
// Debug privileges are typically granted to Administrators.
static int enable_debug_privileges() {
    HANDLE hToken;
    if (!OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES, FALSE, &hToken)) {
        if (!ImpersonateSelf(SecurityImpersonation) ||
            !OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES, FALSE, &hToken)) {
            return 0;
        }
    }

    LUID luid;
    if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) {
        return 0;
    }

    TOKEN_PRIVILEGES tp;
    tp.PrivilegeCount = 1;
    tp.Privileges[0].Luid = luid;
    tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

    BOOL success = AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
    CloseHandle(hToken);
    return success ? 1 : 0;
}
开发者ID:apangin,项目名称:jattach,代码行数:25,代码来源:jattach_windows.c


注:本文中的OpenThreadToken函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。