找到方法了吗?
先在管理员下提升权限,代码如下,我调试过了,肯定行的!
BYTEaclBuffer[1024];
PACLpacl=(PACL)&aclBuffer;//声明一个ACL,长度是1024
BYTEsidBuffer[100];
PSIDpsid=(PSID)&sidBuffer;//声明一个SID,长度是100
DWORDsidBufferSize=100;
//chardomainBuffer[80];
DWORDdomainBufferSize=80;
//SID_NAME_USEsnu;
HANDLEfile;
UINTi=0;
SECURITY_DESCRIPTORsd;//声明一个SDBYTEaclBuffer[1024];
SECURITY_ATTRIBUTESsa;//和文件有关的安全结构
//初始化一个ACL
//初始化一个SD
HANDLEhAccessToken;
PSIDpsidAdministrators;
//当获得TOKEN句柄之后,我们还得获取这个TOKEN的分组信息:
BYTEInfoBuffer[1024];
DWORDdwInfoBufferSize;
SID_IDENTIFIER_AUTHORITYsiaNtAuthority=SECURITY_NT_AUTHORITY;
//初始化一个SD
InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION);
//初始化一个ACL
InitializeAcl(pacl,1024,ACL_REVISION);
//查找一个用户hchen,并取该用户的SID
OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY,&hAccessToken);
BOOLflag=GetTokenInformation(
hAccessToken,
TokenGroups,
InfoBuffer,
1024,
&dwInfoBufferSize);
AllocateAndInitializeSid(
&siaNtAuthority,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0,0,0,0,0,0,
&psidAdministrators);
PTOKEN_GROUPSptgGroups=(PTOKEN_GROUPS)InfoBuffer;
InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION);
InitializeAcl(pacl,1024,ACL_REVISION);
for(i=0;iGroupCount;i++)
{
//if(EqualSid(psidAdministrators,ptgGroups->Groups.Sid))
{
//此进程有管理权限
AddAccessAllowedAce(pacl,ACL_REVISION,GENERIC_ALL,ptgGroups->Groups.Sid);
//break;
}
}
//设置该用户的Access-Allowed的ACE,其权限为“所有权限”
AddAccessAllowedAce(pacl,ACL_REVISION,GENERIC_ALL,psid);
//把ACL设置到SD中
SetSecurityDescriptorDacl(&sd,TRUE,pacl,FALSE);
//把SD放到文件安全结构SA中
sa.nLength=sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle=FALSE;
sa.lpSecurityDescriptor=&sd;
HANDLEhDevUSB=NULL;
hDevUSB=CreateFile(
lpszFileName,//&guidHID_1,//
GENERIC_READ|GENERIC_WRITE,
FILE_SHARE_READ|FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
0,//FILE_ATTRIBUTE_NORMAL
NULL);
有问题可以和我联系,[email protected]共同学习! |