当前位置: 文江博客话题详情

EnumProcessModules 上的访问被拒绝 - C++

发布于 2024-11-25 20:10:18 字数 3324 浏览 1 评论 0原文

我试图列出特定进程上的所有模块,但即使我设置了令牌权限,我也收到“访问被拒绝”的消息。 这是代码:

#include <cstdlib>
#include <iostream>
#include <windows.h>
#include <psapi.h>
#include <Tlhelp32.h>
using namespace std;
#pragma comment(lib, "cmcfg32.lib")

BOOL SetPrivilege(HANDLE hToken, LPCTSTR lpszPrivilege, BOOL bEnablePrivilege) 
{
    TOKEN_PRIVILEGES tp;
    LUID luid;
    if (!LookupPrivilegeValue(NULL, lpszPrivilege, &luid))
    {
        char buf[256];
        FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), buf, 255, NULL);
        cout << "LookupPrivilegeValue error: " << buf;   
        return FALSE; 
    }
    tp.PrivilegeCount = 1;
    tp.Privileges[0].Luid = luid;
    if (bEnablePrivilege) { tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; }
    else { tp.Privileges[0].Attributes = 0; }

    if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL, (PDWORD)NULL))
    { 
        char buf[256];
        FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), buf, 255, NULL);
        cout << "AdjustTokenPrivileges error: " << buf;   
        return FALSE; 
    } 
    if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
    {
        printf("The token does not have the specified privilege. \n");
        return FALSE;
    } 
    return TRUE;
}

int GetPID(char pname[])
{
    PROCESSENTRY32 pEntry;
    HANDLE hSnapshot = NULL;
    pEntry.dwSize = sizeof(PROCESSENTRY32);
    hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 
    Process32First(hSnapshot,&pEntry);
    do { if(strcmp(pEntry.szExeFile, pname) == 0) { return pEntry.th32ProcessID; } } while(Process32Next(hSnapshot,&pEntry));
    return 0;
}

int main()
{
    HANDLE currentToken;
    OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &currentToken);
    if (!SetPrivilege(currentToken, SE_DEBUG_NAME, TRUE))
    {
        MessageBox(0, "Unable to adjust privileges", "Error", MB_ICONERROR);
    }
    DWORD ID = GetPID("test.exe");
    HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, ID);
    if(!hProcess)
    {
        MessageBox(0, "Process not found", "Error", MB_ICONERROR);
    }
    else
    {
        HMODULE hMods[2048];
        DWORD cbNeeded;
        if(EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
        {
            for (unsigned int i = 0; i < (cbNeeded/sizeof(HMODULE)); i++)
            {
                TCHAR szModName[MAX_PATH];
                if (GetModuleFileNameEx(hProcess, hMods[i], szModName, sizeof(szModName)/sizeof(TCHAR)))
                {
                    cout << "DLL: " << szModName << " Handle: " << hMods[i] << endl;
                }
            }
        }
        else
        {
            char buf[256];
            FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), buf, 255, NULL);
            cout << "Error: " << buf;
        }    
        system("pause");
    }
    CloseHandle(hProcess);
    return 0;
}

请注意,我可以列出任何其他进程的进程模块,但不能列出特定进程的模块。 两个进程都使用相同的用户凭据运行。

你能告诉我我是否做错了什么吗?

原文

I am trying to list all modules on a specific process, but I am getting "Access denied", even when I set token privileges.
Here is the code:

#include <cstdlib>
#include <iostream>
#include <windows.h>
#include <psapi.h>
#include <Tlhelp32.h>
using namespace std;
#pragma comment(lib, "cmcfg32.lib")

BOOL SetPrivilege(HANDLE hToken, LPCTSTR lpszPrivilege, BOOL bEnablePrivilege) 
{
    TOKEN_PRIVILEGES tp;
    LUID luid;
    if (!LookupPrivilegeValue(NULL, lpszPrivilege, &luid))
    {
        char buf[256];
        FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), buf, 255, NULL);
        cout << "LookupPrivilegeValue error: " << buf;   
        return FALSE; 
    }
    tp.PrivilegeCount = 1;
    tp.Privileges[0].Luid = luid;
    if (bEnablePrivilege) { tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; }
    else { tp.Privileges[0].Attributes = 0; }

    if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL, (PDWORD)NULL))
    { 
        char buf[256];
        FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), buf, 255, NULL);
        cout << "AdjustTokenPrivileges error: " << buf;   
        return FALSE; 
    } 
    if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
    {
        printf("The token does not have the specified privilege. \n");
        return FALSE;
    } 
    return TRUE;
}

int GetPID(char pname[])
{
    PROCESSENTRY32 pEntry;
    HANDLE hSnapshot = NULL;
    pEntry.dwSize = sizeof(PROCESSENTRY32);
    hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 
    Process32First(hSnapshot,&pEntry);
    do { if(strcmp(pEntry.szExeFile, pname) == 0) { return pEntry.th32ProcessID; } } while(Process32Next(hSnapshot,&pEntry));
    return 0;
}

int main()
{
    HANDLE currentToken;
    OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, ¤tToken);
    if (!SetPrivilege(currentToken, SE_DEBUG_NAME, TRUE))
    {
        MessageBox(0, "Unable to adjust privileges", "Error", MB_ICONERROR);
    }
    DWORD ID = GetPID("test.exe");
    HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, ID);
    if(!hProcess)
    {
        MessageBox(0, "Process not found", "Error", MB_ICONERROR);
    }
    else
    {
        HMODULE hMods[2048];
        DWORD cbNeeded;
        if(EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
        {
            for (unsigned int i = 0; i < (cbNeeded/sizeof(HMODULE)); i++)
            {
                TCHAR szModName[MAX_PATH];
                if (GetModuleFileNameEx(hProcess, hMods[i], szModName, sizeof(szModName)/sizeof(TCHAR)))
                {
                    cout << "DLL: " << szModName << " Handle: " << hMods[i] << endl;
                }
            }
        }
        else
        {
            char buf[256];
            FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), buf, 255, NULL);
            cout << "Error: " << buf;
        }    
        system("pause");
    }
    CloseHandle(hProcess);
    return 0;
}

Note that I can list process modules of any other process, but I can't with a specific one.
Both process are running with the same user credentials.

Can you tell me if I am doing something wrong?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

自由范儿 2024-12-02 20:10:18

使用 Process Explorer 查看您感兴趣的内核对象的安全性。可能是目标进程已设置其所有者/DACL 信息,不允许其他进程进行 READ。防病毒程序、服务、文件系统/内核驱动程序是拒绝此类操作的此类进程。

更重要的是:这取决于您自己的进程的海拔/管理/环级别。

额外:
权限并不直接应用于对象,而是应用于整个系统。尝试使用 TOKEN_ALL_ACCESS 打开并查看是否成功。

Use Process Explorer to see the Security of kernel objects you are interested in. May be the target process has set its owner/DACL information such that it disallows READ for other processes. AntiVirus programs, services, file-system/kernel-driver are such kind of processes denying such actions.

And more importantly: it depends on the elevation/admin/ring-level of your own process.

ADDED:
Privileges doesn't directly apply to objects, but to the system as a whole. Try opening with TOKEN_ALL_ACCESS and see if it succeeds.

回复 原文
~没有更多了~

关于作者

任谁

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文