Установка привилегий

Советы » Windows » Установка привилегий

{ 
  For some functions you need to get the right privileges 
  on a Windows NT machine. 
  (e.g: To shut down or restart windows with ExitWindowsEx or 
  to change the system time) 
  The following code provides a procedure to adjust the privileges. 
  The AdjustTokenPrivileges() function enables or disables privileges 
  in the specified access token. 
} 

// NT Defined Privileges from winnt.h 

const

SE_CREATE_TOKEN_NAME = 'SeCreateTokenPrivilege'; SE_ASSIGNPRIMARYTOKEN_NAME = 'SeAssignPrimaryTokenPrivilege'; SE_LOCK_MEMORY_NAME = 'SeLockMemoryPrivilege'; SE_INCREASE_QUOTA_NAME = 'SeIncreaseQuotaPrivilege'; SE_UNSOLICITED_INPUT_NAME = 'SeUnsolicitedInputPrivilege'; SE_MACHINE_ACCOUNT_NAME = 'SeMachineAccountPrivilege'; SE_TCB_NAME = 'SeTcbPrivilege'; SE_SECURITY_NAME = 'SeSecurityPrivilege'; SE_TAKE_OWNERSHIP_NAME = 'SeTakeOwnershipPrivilege'; SE_LOAD_DRIVER_NAME = 'SeLoadDriverPrivilege'; SE_SYSTEM_PROFILE_NAME = 'SeSystemProfilePrivilege'; SE_SYSTEMTIME_NAME = 'SeSystemtimePrivilege'; SE_PROF_SINGLE_PROCESS_NAME = 'SeProfileSingleProcessPrivilege'; SE_INC_BASE_PRIORITY_NAME = 'SeIncreaseBasePriorityPrivilege'; SE_CREATE_PAGEFILE_NAME = 'SeCreatePagefilePrivilege'; SE_CREATE_PERMANENT_NAME = 'SeCreatePermanentPrivilege'; SE_BACKUP_NAME = 'SeBackupPrivilege'; SE_RESTORE_NAME = 'SeRestorePrivilege'; SE_SHUTDOWN_NAME = 'SeShutdownPrivilege'; SE_DEBUG_NAME = 'SeDebugPrivilege'; SE_AUDIT_NAME = 'SeAuditPrivilege'; SE_SYSTEM_ENVIRONMENT_NAME = 'SeSystemEnvironmentPrivilege'; SE_CHANGE_NOTIFY_NAME = 'SeChangeNotifyPrivilege'; SE_REMOTE_SHUTDOWN_NAME = 'SeRemoteShutdownPrivilege'; SE_UNDOCK_NAME = 'SeUndockPrivilege'; SE_SYNC_AGENT_NAME = 'SeSyncAgentPrivilege'; SE_ENABLE_DELEGATION_NAME = 'SeEnableDelegationPrivilege'; SE_MANAGE_VOLUME_NAME = 'SeManageVolumePrivilege'; // Enables or disables privileges debending on the bEnabled function

NTSetPrivilege(sPrivilege: string

; bEnabled: Boolean): Boolean; var

hToken: THandle; TokenPriv: TOKEN_PRIVILEGES; PrevTokenPriv: TOKEN_PRIVILEGES; ReturnLength: Cardinal; begin

Result := True

; // Only for Windows NT/2000/XP and later. if

not

(Win32Platform = VER_PLATFORM_WIN32_NT) then

Exit; Result := False

; // obtain the processes token if

OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES or

TOKEN_QUERY, hToken) then

begin

try

// Get the locally unique identifier (LUID) . if

LookupPrivilegeValue(nil

, PChar(sPrivilege), TokenPriv.Privileges[0].Luid) then

begin

TokenPriv.PrivilegeCount := 1; // one privilege to set case

bEnabled of

True

: TokenPriv.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED; False

: TokenPriv.Privileges[0].Attributes := 0; end

; ReturnLength := 0; // replaces a var parameter PrevTokenPriv := TokenPriv; // enable or disable the privilege AdjustTokenPrivileges(hToken, False

, TokenPriv, SizeOf(PrevTokenPriv), PrevTokenPriv, ReturnLength); end

; finally

CloseHandle(hToken); end

; end

; // test the return value of AdjustTokenPrivileges. Result := GetLastError = ERROR_SUCCESS; if

not

Result then

raise

Exception.Create(SysErrorMessage(GetLastError)); end

;

Другое по теме:

Категории

Статьи

Советы

Copyright © 2022 - All Rights Reserved - www.delphirus.com