Конференция VBStreets

[M.A.R.K]

Код: Выделить всё

Option Explicit
Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function GetCurrentProcess Lib "kernel32.dll" () As Long
Private Declare Function GetTokenInformation Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal TokenInformationClass As Long, TokenInformation As Any, ByVal TokenInformationLength As Long, ReturnLength As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function VirtualAlloc Lib "kernel32" (ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function VirtualFree Lib "kernel32" (ByVal lpAddress As Long, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (pDst As Any, pSrc As Any, ByVal ByteLen As Long)

Private Type LUID
    LowPart As Long
    HighPart As Long
End Type
Private Type LUID_AND_ATTRIBUTES
        pLuid As LUID
        Attributes As Long
End Type
Private Type TOKEN_PRIVILEGES
        PrivilegeCount As Long
        Privilege() As LUID_AND_ATTRIBUTES
End Type
Private Cost PAGE_READWRITE = &H4
Private Cost MEM_COMMIT = &H1000
Private Cost MEM_DECOMMIT = &H8000
Private Sub Form_Load()
Dim hProcess As Long
Dim Priv As Long
Dim Priv_Normal As TOKEN_PRIVILEGES
Dim Temp As Long
Dim Ret As Long
Call OpenProcessToken(GetCurrentProcess, &H8, hProcess)
Call GetTokenInformation(hProcess, 3, ByVal 0, 0, Ret)
Priv = VirtualAlloc(0, Ret, MEM_COMMIT, PAGE_READWRITE)
Call GetTokenInformation(hProcess, 3, Priv, Ret, Ret)
Call CopyMemory(Temp, Priv, 4)
MsgBox Temp
Call VirtualFree(Priv, Ret, MEM_DECOMMIT)
CloseHandle hProcess
End Sub

Данным кодом я планирую показывать (Включеные\Выключеные) привилегии у процесса.
Проблема в том, что VB "киляется" при выполнении строки "Call GetTokenInformation(hProcess, 3, Priv, Ret, Ret)", при чем код я менял по всякому, вобщем пробовал все, но VB "летит" по всякому...
Подскажите, пожалуйста, что я не учел.
Заранее благодарен.

[Viper]

Потому что здесь требуется передать указатель на буфер в третьем аргументе. Т.е. надо вызывать так:

Код: Выделить всё

Call GetTokenInformation(hProcess, 3, ByVal Priv, Ret, Ret)

при условии, что Priv указывает на буфер заданного размера, или

Код: Выделить всё

Call GetTokenInformation(hProcess, 3, ByVal 0&, 0, Ret)

тогда в Ret будет необходиый размер буфера

[M.A.R.K]

Viper, благодарю, подсказал правильно, а вот готовый код:

Код: Выделить всё

Option Explicit
Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function GetCurrentProcess Lib "kernel32.dll" () As Long
Private Declare Function GetTokenInformation Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal TokenInformationClass As Long, TokenInformation As Any, ByVal TokenInformationLength As Long, ReturnLength As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function VirtualAlloc Lib "kernel32" (ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function VirtualFree Lib "kernel32" (ByVal lpAddress As Long, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (pDst As Any, pSrc As Any, ByVal ByteLen As Long)
Private Declare Function LookupPrivilegeName Lib "advapi32.dll" Alias "LookupPrivilegeNameA" (ByVal lpSystemName As String, lpLuid As LUID, ByVal lpName As String, cbName As Long) As Long

Private Type LUID
    LowPart As Long
    HighPart As Long
End Type
Private Sub Form_Load()
Dim hProcess As Long
Dim Priv As Long
Dim pLuid As LUID
Dim i As Long
Dim Privileges_Count As Long
Dim Ret As Long
Dim Priv_Attributes As Long
Dim Priv_Name As String
Call OpenProcessToken(GetCurrentProcess, &H8, hProcess)
Call GetTokenInformation(hProcess, 3, ByVal 0, 0, Ret)
Priv = VirtualAlloc(0, Ret, &H1000, &H4)
Call GetTokenInformation(hProcess, 3, ByVal Priv, Ret, Ret)
Call CopyMemory(Privileges_Count, ByVal Priv, 4)
Priv_Normal = Priv
For i = 0 To Privileges_Count - 1
    Priv_Normal = Priv + (i * 12) + 4
    Call CopyMemory(pLuid.LowPart, ByVal Priv_Normal, 4)
    Priv_Normal = Priv_Normal + 4
    Call CopyMemory(pLuid.HighPart, ByVal Priv_Normal, 4)
    Priv_Normal = Priv_Normal + 4
    Call CopyMemory(Priv_Attributes, ByVal Priv_Normal, 4)
    Ret = 0
    Call LookupPrivilegeName(vbNullString, pLuid, vbNullString, Ret)
    Priv_Name = Space(Ret)
    Call LookupPrivilegeName(vbNullString, pLuid, Priv_Name, Ret)
    Priv_Name = Left$(Priv_Name, InStr(1, Priv_Name, Chr$(0)) - 1)
    Select Case Priv_Attributes
        Case 3: List1.AddItem Priv_Name + " Включена по умолчанию"
        Case 2: List1.AddItem Priv_Name + " Включена"
        Case 0: List1.AddItem Priv_Name + " Выключена"
    End Select
Next
Call VirtualFree(Priv, Ret, &H8000)
CloseHandle hProcess
End Sub

[Хакер]

Код: Выделить всё

    Call CopyMemory(pLuid.LowPart, ByVal Priv_Normal, 4)
    Priv_Normal = Priv_Normal + 4
    Call CopyMemory(pLuid.HighPart, ByVal Priv_Normal, 4)

Почему бы не сделать это одним вызовом CopyMemery?

[M.A.R.K]

Почему бы не сделать это одним вызовом CopyMemery?

Как я понимаю, это можно сделать так:

Код: Выделить всё

Call CopyMemory(ByVal VarPtr(pLuid), ByVal Priv_Normal,

[M.A.R.K]

Еще один вопрос:

Код: Выделить всё

Option Explicit
Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function GetCurrentProcess Lib "kernel32.dll" () As Long
Private Declare Function GetTokenInformation Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal TokenInformationClass As Long, TokenInformation As Any, ByVal TokenInformationLength As Long, ReturnLength As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function VirtualAlloc Lib "kernel32" (ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function VirtualFree Lib "kernel32" (ByVal lpAddress As Long, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (pDst As Any, pSrc As Any, ByVal ByteLen As Long)
Private Declare Function LookupPrivilegeName Lib "advapi32.dll" Alias "LookupPrivilegeNameA" (ByVal lpSystemName As String, lpLuid As LUID, ByVal lpName As String, cbName As Long) As Long
Private Declare Function SetTokenInformation Lib "advapi32.dll" (ByVal TokenHandle As Long, TokenInformationClass As Integer, TokenInformation As Any, ByVal TokenInformationLength As Long) As Long

Private Type LUID
    LowPart As Long
    HighPart As Long
End Type

Private Sub Command1_Click()
Dim hProcess As Long
Dim Priv As Long
Dim Priv_To_Save As Long
Dim Priv_Normal As Long
Dim pLuid As LUID
Dim i As Long
Dim Privileges_Count As Long
Dim Ret As Long
Dim Priv_Attributes As Long
Dim Priv_Name As String
Dim Dummy As Long
Dummy = 2
Call OpenProcessToken(GetCurrentProcess, 131296 Or 8, hProcess)
'131296 - TOKEN_WRITE
'8 TOKEN_QUERY
Call GetTokenInformation(hProcess, 3, ByVal 0, 0, Ret)
Priv = VirtualAlloc(0, Ret, &H1000, &H4)
Priv_To_Save = VirtualAlloc(0, Ret, &H1000, &H4)
Call GetTokenInformation(hProcess, 3, ByVal Priv, Ret, Ret)
Call CopyMemory(Privileges_Count, ByVal Priv, 4)
Priv_Normal = Priv
Call CopyMemory(ByVal Priv_To_Save, ByVal Priv, Ret)
For i = 0 To Privileges_Count - 1
    Priv_Normal = Priv + (i * 12) + 4
    Call CopyMemory(pLuid.LowPart, ByVal Priv_Normal, 4)
    Priv_Normal = Priv_Normal + 4
    Call CopyMemory(pLuid.HighPart, ByVal Priv_Normal, 4)
    Priv_Normal = Priv_Normal + 4
    Call CopyMemory(Priv_Attributes, ByVal Priv_Normal, 4)
    Ret = 0
    Call LookupPrivilegeName(vbNullString, pLuid, vbNullString, Ret)
    Priv_Name = Space(Ret)
    Call LookupPrivilegeName(vbNullString, pLuid, Priv_Name, Ret)
    Priv_Name = Left$(Priv_Name, InStr(1, Priv_Name, Chr$(0)) - 1)
    If Priv_Name = "SeDebugPrivilege" Then
        Priv_To_Save = Priv_To_Save + (i * 12) + 12
        Call CopyMemory(ByVal Priv_To_Save, Dummy, 4)
        Call SetTokenInformation(hProcess, 3, ByVal Priv_To_Save, Ret)
        Exit For
    End If
Next
Call VirtualFree(Priv, Ret, &H8000)
Call VirtualFree(Priv_To_Save, Ret, &H8000)
CloseHandle hProcess
End Sub

Код не работает...
Подскажите, можно ли с помощью такого кода включить привилегию?

[Viper]

Почему бы не сделать это одним вызовом CopyMemery?

Как я понимаю, это можно сделать так:

Код: Выделить всё

Call CopyMemory(ByVal VarPtr(pLuid), ByVal Priv_Normal,

Даже еще проще:

Код: Выделить всё

CopyMemory pLuid, ByVal Priv_Normal, 8

[M.A.R.K]

Viper, это понятно...
А как с вышеприведенном мною кодом.
Теоритически, он может работать?

[Viper]

Теоретически да, а практически ты зря игнорируешь возвращаемые значения функций. Из-за этого у тебя не получается вовремя локализовать ошибку.

З.Ы. Используй константы вместо явных значений, а то трудно воспринять, например, такое:

Код: Выделить всё

VirtualAlloc(0, Ret, &H1000, &H4)

Что здесь есть &H1000 и &H4?

[M.A.R.K]

Что здесь есть &H1000 и &H4?

Код: Выделить всё

Const MEM_COMMIT = &H1000
Const PAGE_READWRITE = &H4

[M.A.R.K]

Еще одна проблема:
При обработке процессов (получение привилегий) все работает нормально, но если этот процесс от NETWORK SERVICE и LOCAL SERVICE то доступ блокируется.
1) Возможно моему процессу нехватает привилегии (какой?).
2) Возможно OpenProcessToken имеет неправильный флаг доступа, я использую TOKEN_QUERY = &H8.
Как считаете, что не так?