/******************************************************************************
Module: ProcessInfo.cpp
Notices: Copyright (c) 2008 Jeffrey Richter & Christophe Nasarre
******************************************************************************/
#include "..\CommonFiles\CmnHdr.h" /* See Appendix A. */
#include "..\CommonFiles\Toolhelp.h"
#include <windowsx.h>
#include <stdarg.h>
#include <stdio.h>
#include "Resource.h"
#include <winternl.h> // for Windows internal declarations.
#include <aclapi.h> // for ACL management.
#include <shlwapi.h> // for StrFormatKBSize.
#include <shlobj.h> // for IsUserAnAdmin.
#include <AclApi.h> // for ACL/ACE functions.
#include <tchar.h>
#include <StrSafe.h>
#pragma comment (lib,"shlwapi.lib")
#pragma comment (lib,"shell32.lib")
// static variables
TOKEN_ELEVATION_TYPE s_elevationType = TokenElevationTypeDefault;
BOOL s_bIsAdmin = FALSE;
const int s_cchAddress = sizeof(PVOID) * 2;
///////////////////////////////////////////////////////////////////////////////
// Add a string to an edit control
void AddText(HWND hwnd, PCTSTR pszFormat, ...) {
va_list argList;
va_start(argList, pszFormat);
TCHAR sz[20 * 1024];
Edit_GetText(hwnd, sz, _countof(sz));
_vstprintf_s(_tcschr(sz, TEXT('\0')), _countof(sz) - _tcslen(sz),
pszFormat, argList);
Edit_SetText(hwnd, sz);
va_end(argList);
}
///////////////////////////////////////////////////////////////////////////////
BOOL GetProcessIntegrityLevel(HANDLE hProcess, PDWORD pIntegrityLevel,
PDWORD pPolicy, PDWORD pResourceIntegrityLevel, PDWORD pResourcePolicy) {
HANDLE hToken = NULL;
if (!OpenProcessToken(hProcess, TOKEN_READ, &hToken)) {
return(FALSE);
}
BOOL bReturn = FALSE;
// First, compute the size of the buffer to get the Integrity level
DWORD dwNeededSize = 0;
if (!GetTokenInformation(
hToken, TokenIntegrityLevel, NULL, 0, &dwNeededSize)) {
PTOKEN_MANDATORY_LABEL pTokenInfo = NULL;
if (GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
// Second, allocate a memory block with the the required size
pTokenInfo = (PTOKEN_MANDATORY_LABEL)LocalAlloc(0, dwNeededSize);
if (pTokenInfo != NULL) {
// And finally, ask for the integrity level
if (GetTokenInformation(hToken, TokenIntegrityLevel, pTokenInfo,
dwNeededSize, &dwNeededSize)) {
*pIntegrityLevel =
*GetSidSubAuthority(
pTokenInfo->Label.Sid,
(*GetSidSubAuthorityCount(pTokenInfo->Label.Sid)-1)
);
bReturn = TRUE;
}
// Don't forget to free the memory
LocalFree(pTokenInfo);
}
}
}
// Try to get the policy if the integrity level was available
if (bReturn) {
*pPolicy = TOKEN_MANDATORY_POLICY_OFF;
dwNeededSize = sizeof(DWORD);
GetTokenInformation(hToken, TokenMandatoryPolicy, pPolicy,
dwNeededSize, &dwNeededSize);
}
// Look for the resource policy
*pResourceIntegrityLevel = 0; // 0 means none explicitely set
*pResourcePolicy = 0;
PACL pSACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
DWORD dwResult = ERROR_SUCCESS;
// Look for the no-read-up/no-write-up policy in the SACL
if (hToken != NULL) {
dwResult =
GetSecurityInfo(
hProcess, SE_KERNEL_OBJECT,
LABEL_SECURITY_INFORMATION,
NULL, NULL, NULL,
&pSACL, &pSD
);
if (dwResult == ERROR_SUCCESS) {
if (pSACL != NULL) {
SYSTEM_MANDATORY_LABEL_ACE* pACE = NULL;
if ((pSACL->AceCount > 0) && (GetAce(pSACL, 0, (PVOID*)&pACE))) {
if (pACE != NULL) {
SID* pSID = (SID*)(&pACE->SidStart);
*pResourceIntegrityLevel = pSID->SubAuthority[0];
*pResourcePolicy = pACE->Mask;
}
}
}
}
// Cleanup memory allocated on our behalf
if (pSD != NULL) LocalFree(pSD);
}
// Don't forget to close the token handle.
CloseHandle(hToken);
return(bReturn);
}
BOOL GetProcessIntegrityLevel(DWORD PID, PDWORD pIntegrityLevel,
PDWORD pPolicy, PDWORD pResourceIntegrityLevel, PDWORD pResourcePolicy) {
// Sanity checks
if ((PID <= 0) || (pIntegrityLevel == NULL))
return(FALSE);
// Check if we can get information for this process
HANDLE hProcess = OpenProcess(
READ_CONTROL | PROCESS_QUERY_INFORMATION,
FALSE, PID);
if (hProcess == NULL)
return(FALSE);
BOOL bReturn = GetProcessIntegrityLevel(hProcess, pIntegrityLevel,
pPolicy, pResourceIntegrityLevel, pResourcePolicy);
// Don't forget to release the process handle
CloseHandle(hProcess);
return(bReturn);
}
VOID Dlg_PopulateProcessList(HWND hwnd) {
HWND hwndList = GetDlgItem(hwnd, IDC_PROCESSMODULELIST);
SetWindowRedraw(hwndList, FALSE);
ComboBox_ResetContent(hwndList);
CToolhelp thProcesses(TH32CS_SNAPPROCESS);
PROCESSENTRY32 pe = { sizeof(pe) };
BOOL fOk = thProcesses.ProcessFirst(&pe);
for (; fOk; fOk = thProcesses.ProcessNext(&pe)) {
TCHAR sz[1024];
// Place the process name (without its path) & ID in the list
PCTSTR pszExeFile = _tcsrchr(pe.szExeFile, TEXT('\\'));
if (pszExeFile == NULL) {
pszExeFile = pe.szExeFile;
} else {
pszExeFile++; // Skip over the slash
}
// Append the code/resource integrity level and policy
DWORD dwCodeIntegrityLevel = 0;
DWORD dwCodePolicy = TOKEN_MANDATORY_POLICY_OFF;
DWORD dwResourcePolicy = 0;
DWORD dwResourceIntegrityLevel = 0;
TCHAR szCodeDetails[256];
szCodeDetails[0] = TEXT('\0');
TCHAR szResourceDetails[256];
szResourceDetails[0] = TEXT('\0');
if (GetProcessIntegrityLevel(pe.th32ProcessID, &dwCodeIntegrityLevel,
&dwCodePolicy, &dwResourceIntegrityLevel, &dwResourcePolicy)) {
switch (dwCodeIntegrityLevel) {
case SECURITY_MANDATORY_LOW_RID:
_tcscpy_s(szCodeDetails, _countof(szCodeDetails),
TEXT("- Low "));
break;
case SECURITY_MANDATORY_MEDIUM_RID:
_tcscpy_s(szCodeDetails, _countof(szCodeDetails),
TEXT("- Medium "));
break;
case SECURITY_MANDATORY_HIGH_RID:
_tcscpy_s(szCodeDetails, _countof(szCodeDetails),
TEXT("- High "));
break;
case SECURITY_MANDATORY_SYSTEM_RID:
_tcscpy_s(szCodeDetails, _countof(szCodeDetails),
TEXT("- System "));
break;
default:
_tcscpy_s(szCodeDetails, _countof(szCodeDetails),
TEXT("- ??? "));
}
if (dwCodePolicy == TOKEN_MANDATORY_POLICY_OFF) { // = 0
_tcscat_s(szCodeDetails,
_countof(szCodeDetails), TEXT(" + no policy"));
} else {
if ((dwCodePolicy & TOKEN_MANDATORY_POLICY_VALID_MASK) == 0) {
_tcscat_s(szCodeDetails, _countof(szCodeDetails),
TEXT(" + ???"));
} else {
if ((dwCodePolicy & TOKEN_MANDATORY_POLICY_NO_WRITE_UP)
== TOKEN_MANDATORY_POLICY_NO_WRITE_UP) {
_tcscat_s(szCodeDetails, _countof(szCodeDetails),
TEXT(" + no write-up"));
}
if ((dwCodePolicy & TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
== TOKEN_MANDATORY_POLICY_NEW_PROCESS_M
没有合适的资源?快使用搜索试试~ 我知道了~
Windows via C/C++ source code
共198个文件
h:52个
cpp:40个
vcproj:38个
5星 · 超过95%的资源 需积分: 49 320 下载量 13 浏览量
2008-04-17
10:18:40
上传
评论 1
收藏 255KB ZIP 举报
温馨提示
Windows via C/C++ 随书代码
资源推荐
资源详情
资源评论
收起资源包目录
Windows via C/C++ source code (198个子文件)
Clean.bat 455B
ProcessInfo.cpp 36KB
JobLab.cpp 20KB
CustomizedWER.cpp 14KB
APIHook.cpp 14KB
Queue.cpp 13KB
VMMap.cpp 11KB
PrivateBatch.cpp 11KB
MMFSparse.cpp 10KB
Counter.cpp 9KB
VMAlloc.cpp 9KB
SysInfo.cpp 9KB
FileCopy.cpp 9KB
InjLib.cpp 8KB
Queue.cpp 8KB
DIPSLib.cpp 8KB
BadLock.cpp 8KB
FileRev.cpp 7KB
Singleton.cpp 7KB
VMQuery.cpp 7KB
DelayLoadApp.cpp 7KB
SchedLab.cpp 7KB
Spreadsheet.cpp 6KB
LastMsgBoxInfoLib.cpp 5KB
LockCop.cpp 5KB
Handshake.cpp 5KB
Summation.cpp 5KB
AWE.cpp 5KB
UserSyncCompare.cpp 5KB
MMFShare.cpp 5KB
Batch.cpp 4KB
ErrorShow.cpp 4KB
DIPS.cpp 4KB
TimedMsgBox.cpp 3KB
VMStat.cpp 3KB
SEHTerm.cpp 3KB
MemReset.cpp 3KB
AppInst.cpp 3KB
LastMsgBoxInfo.cpp 2KB
ImgWalk.cpp 2KB
DelayLoadLib.cpp 876B
Job.h 9KB
CmnHdr.h 9KB
Toolhelp.h 8KB
ChainParser.h 8KB
VMArray.h 7KB
EnsureCleanup.h 5KB
AddrWindow.h 5KB
WaitChainTraversal.h 5KB
SparseStream.h 4KB
APIHook.h 3KB
IoCompletionPort.h 2KB
Resource.h 2KB
Resource.h 1KB
VMQuery.h 1KB
Resource.h 1014B
Resource.h 924B
Resource.h 915B
Resource.h 889B
Resource.h 883B
Resource.h 807B
Resource.h 797B
Resource.h 774B
Resource.h 766B
Resource.h 747B
Resource.h 746B
Resource.h 745B
Resource.h 728B
Resource.h 706B
Resource.h 706B
Resource.h 704B
Resource.h 695B
Resource.h 694B
Resource.h 683B
Resource.h 654B
Resource.h 652B
LastMsgBoxInfoLib.h 638B
Resource.h 637B
Resource.h 630B
Resource.h 609B
DIPSLib.h 590B
Resource.h 588B
DelayLoadLib.h 584B
Resource.h 554B
Resource.h 461B
Resource.h 460B
Resource.h 457B
Resource.h 456B
Resource.h 456B
Batch.h 39B
PrivateBatch.h 39B
Queue.h 39B
CustomizedWER.h 39B
CustomizedWER.ico 29KB
Batch.ico 23KB
PrivateBatch.ico 23KB
LockCop.ico 3KB
SchedLab.ico 2KB
Handshake.ico 2KB
Spreadsheet.ico 2KB
共 198 条
- 1
- 2
justnetbobo
- 粉丝: 2
- 资源: 10
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
- 1
- 2
- 3
前往页