问题描述

我想创建一个权限受限的C ++程序.我在互联网上进行了一些研究，发现我必须创建一个令牌，然后使用AdjustTokenPrivileges()方法更改其特权.

I want to create a C++ program with limited privileges. I made some research on the internet and found out that I have to create a token and then use the AdjustTokenPrivileges() method to alter its privileges.

但是，我不太明白该怎么做.有人可以为我提供一个如何创建令牌并禁用其特权的示例吗?谢谢:)

However, I didn't quite understand how this is to be done. Can someone please provide me with an example of how to create a token and disable its privileges? Thanks :)

推荐答案

您是否在使用C ++执行特权操作?似乎您只需要在使用GetTokenInformation()函数后弄清楚哪些令牌是哪个令牌，然后禁用其中一些令牌即可.

Did you check out the example at Executing Privileged Operations Using C++ ? Seems like you just need to figure out which tokens are which after using the GetTokenInformation() function, and then disable some of them.

详细解释.

• 第一次调用GetTokenInformation()可以获取令牌特权信息对象的长度(以字节为单位).
• 然后，您实际上在堆上构建了该大小的缓冲区.
• 第二个调用检索令牌信息对象并将其存储在缓冲区中.
• 然后，您将缓冲区重新发送到TOKEN_PRIVILEGES *，这使您可以正确解释它.
• 然后，您遍历此对象的Privileges成员，并将不同的属性设置为allowed.

以下是有关的详细信息TOKEN_PRIVILEDGES结构.对于特权数组的每个成员，您可以使用 LookupPrivilegeName .

Here are specifics about the TOKEN_PRIVILEDGES structure. For each member of Priviledges array, you can look up the name of the priviledge using LookupPrivilegeName.

这是特权名称和描述.

在知道特权是什么(即通过检查名称)之后，可以将Priviledges [i]成员的属性设置为

After you know what priviledge it is (i.e. by checking the name), you can set the Attributes of the Priviledges[i] member to one of

• SE_PRIVILEGE_ENABLED
• SE_PRIVILEGE_ENABLED_BY_DEFAULT
• SE_PRIVILEGE_REMOVED
• SE_PRIVILEGE_USED_FOR_ACCESS

就您而言，我认为这将是第三个.

In your case, I recon it will be mostly the third.

这篇关于使用令牌和特权进行程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！