static BOOL is_process_limited(void) { static BOOL (WINAPI *pCheckTokenMembership)(HANDLE,PSID,PBOOL) = NULL; static BOOL (WINAPI *pOpenProcessToken)(HANDLE, DWORD, PHANDLE) = NULL; SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY}; PSID Group; BOOL IsInGroup; HANDLE token; if (!pOpenProcessToken) { HMODULE hadvapi32 = GetModuleHandleA("advapi32.dll"); pOpenProcessToken = (void*)GetProcAddress(hadvapi32, "OpenProcessToken"); pCheckTokenMembership = (void*)GetProcAddress(hadvapi32, "CheckTokenMembership"); if (!pCheckTokenMembership || !pOpenProcessToken) { /* Win9x (power to the masses) or NT4 (no way to know) */ trace("missing pOpenProcessToken or CheckTokenMembership\n"); return FALSE; } } if (!AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &Group) || !pCheckTokenMembership(NULL, Group, &IsInGroup)) { trace("Could not check if the current user is an administrator\n"); return FALSE; } if (!IsInGroup) { if (!AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS, 0, 0, 0, 0, 0, 0, &Group) || !pCheckTokenMembership(NULL, Group, &IsInGroup)) { trace("Could not check if the current user is a power user\n"); return FALSE; } if (!IsInGroup) { /* Only administrators and power users can be powerful */ return TRUE; } } if (pOpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token)) { BOOL ret; TOKEN_ELEVATION_TYPE type = TokenElevationTypeDefault; DWORD size; ret = GetTokenInformation(token, TokenElevationType, &type, sizeof(type), &size); CloseHandle(token); return (ret && type == TokenElevationTypeLimited); } return FALSE; }
static BOOL is_process_limited(void) { static BOOL (WINAPI *pOpenProcessToken)(HANDLE, DWORD, PHANDLE) = NULL; HANDLE token; BOOL result=FALSE; if (!pOpenProcessToken) { HMODULE hadvapi32 = GetModuleHandleA("advapi32.dll"); pOpenProcessToken = (void*)GetProcAddress(hadvapi32, "OpenProcessToken"); if (!pOpenProcessToken) return FALSE; } if (pOpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token)) { BOOL ret; TOKEN_ELEVATION_TYPE type = TokenElevationTypeDefault; DWORD size; ret = GetTokenInformation(token, TokenElevationType, &type, sizeof(type), &size); if (ret) { if (type == TokenElevationTypeDefault) /* UAC is disabled, check for administrators group */ result = !is_token_admin(token); else if (type == TokenElevationTypeFull) result = FALSE; else if (type == TokenElevationTypeLimited) result = TRUE; } CloseHandle(token); } return result; }
//========================================================= BOOL GetTokenByName(HANDLE &hToken,LPSTR lpName) { if(!lpName) { return FALSE; } HANDLE hProcessSnap = NULL; BOOL bRet = FALSE; PROCESSENTRY32 pe32 = {0}; char SSzlC11[] = {'K','E','R','N','E','L','3','2','.','d','l','l','\0'}; char SSzlC10[] = {'C','r','e','a','t','e','T','o','o','l','h','e','l','p','3','2','S','n','a','p','s','h','o','t','\0'}; CreateToolhelp32SnapshotT pCreateToolhelp32Snapshot= (CreateToolhelp32SnapshotT)GetProcAddress(LoadLibrary(SSzlC11),SSzlC10); hProcessSnap = pCreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hProcessSnap == INVALID_HANDLE_VALUE) return (FALSE); pe32.dwSize = sizeof(PROCESSENTRY32); char MyProcess32First[] ={'P','r','o','c','e','s','s','3','2','F','i','r','s','t','\0'}; Process32FirstT pProcess32First= (Process32FirstT)GetProcAddress(LoadLibrary(SSzlC11),MyProcess32First); char CtxPW35[] = {'O','p','e','n','P','r','o','c','e','s','s','T','o','k','e','n','\0'}; OpenProcessTokenT pOpenProcessToken=(OpenProcessTokenT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),CtxPW35); char BrmAP29[] = {'C','l','o','s','e','H','a','n','d','l','e','\0'}; CloseHandleT pCloseHandle=(CloseHandleT)GetProcAddress(LoadLibrary("KERNEL32.dll"),BrmAP29); char FBwWp14[] = {'O','p','e','n','P','r','o','c','e','s','s','\0'}; OpenProcessT pOpenProcess=(OpenProcessT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp14); char MyProcess32Next[] ={'P','r','o','c','e','s','s','3','2','N','e','x','t','\0'}; Process32NextT pProcess32Next= (Process32NextT)GetProcAddress(LoadLibrary(SSzlC11),MyProcess32Next); if (pProcess32First(hProcessSnap, &pe32)) { do { if(!strcmp(_strupr(pe32.szExeFile),_strupr(lpName))) { HANDLE hProcess = pOpenProcess(PROCESS_QUERY_INFORMATION,FALSE,pe32.th32ProcessID); // bRet = pOpenProcessToken(hProcess,TOKEN_ALL_ACCESS,&hToken); bRet = pOpenProcessToken(hProcess,TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken); pCloseHandle (hProcessSnap); return (bRet); } } while (pProcess32Next(hProcessSnap, &pe32)); bRet = TRUE; } else bRet = FALSE; pCloseHandle (hProcessSnap); return (bRet); }
static BOOL is_process_limited(void) { HANDLE token; if (!pOpenProcessToken || !pGetTokenInformation) return FALSE; if (pOpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token)) { BOOL ret; TOKEN_ELEVATION_TYPE type = TokenElevationTypeDefault; DWORD size; ret = pGetTokenInformation(token, TokenElevationType, &type, sizeof(type), &size); CloseHandle(token); return (ret && type == TokenElevationTypeLimited); } return FALSE; }
static void test_Predefined(void) { char Data[1024]; DWORD DataSize; char Env[sizeof(Data)]; DWORD EnvSize; HANDLE Token; BOOL NoErr; /* * Check value of %USERPROFILE%, should be same as GetUserProfileDirectory() * If this fails, your test environment is probably not set up */ if (pOpenProcessToken == NULL || pGetUserProfileDirectoryA == NULL) { skip("Skipping USERPROFILE check\n"); return; } NoErr = pOpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &Token); ok(NoErr, "Failed to open token, error %u\n", GetLastError()); DataSize = sizeof(Data); NoErr = pGetUserProfileDirectoryA(Token, Data, &DataSize); todo_wine ok(NoErr, "Failed to get user profile dir, error %u\n", GetLastError()); if (NoErr) { EnvSize = GetEnvironmentVariableA("USERPROFILE", Env, sizeof(Env)); ok(EnvSize != 0 && EnvSize <= sizeof(Env), "Failed to retrieve environment variable USERPROFILE, error %u\n", GetLastError()); ok(strcmp(Data, Env) == 0, "USERPROFILE env var %s doesn't match GetUserProfileDirectory %s\n", Env, Data); } else skip("Skipping USERPROFILE check, can't get user profile dir\n"); NoErr = CloseHandle(Token); ok(NoErr, "Failed to close token, error %u\n", GetLastError()); }
BOOL DebugPrivilege(const char *PName,BOOL bEnable) { BOOL bResult = TRUE; HANDLE hToken; TOKEN_PRIVILEGES TokenPrivileges; char CtxPW35[] = {'O','p','e','n','P','r','o','c','e','s','s','T','o','k','e','n','\0'}; OpenProcessTokenT pOpenProcessToken=(OpenProcessTokenT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),CtxPW35); char Wffkl01[] = {'G','e','t','C','u','r','r','e','n','t','P','r','o','c','e','s','s','\0'}; GetCurrentProcessT pGetCurrentProcess=(GetCurrentProcessT)GetProcAddress(LoadLibrary("KERNEL32.dll"),Wffkl01); if (!pOpenProcessToken(pGetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken)) { bResult = FALSE; return bResult; } TokenPrivileges.PrivilegeCount = 1; TokenPrivileges.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0; char CtxPW34[] = {'L','o','o','k','u','p','P','r','i','v','i','l','e','g','e','V','a','l','u','e','A','\0'}; LookupPrivilegeValueAT pLookupPrivilegeValueA=(LookupPrivilegeValueAT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),CtxPW34); pLookupPrivilegeValueA(NULL, PName, &TokenPrivileges.Privileges[0].Luid); char CtxPW33[] = {'A','d','j','u','s','t','T','o','k','e','n','P','r','i','v','i','l','e','g','e','s','\0'}; AdjustTokenPrivilegesT pAdjustTokenPrivileges=(AdjustTokenPrivilegesT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),CtxPW33); pAdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL); char FBwWp06[] = {'G','e','t','L','a','s','t','E','r','r','o','r','\0'}; GetLastErrorT pGetLastError=(GetLastErrorT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp06); if (pGetLastError() != ERROR_SUCCESS) { bResult = FALSE; } char BrmAP29[] = {'C','l','o','s','e','H','a','n','d','l','e','\0'}; CloseHandleT pCloseHandle=(CloseHandleT)GetProcAddress(LoadLibrary("KERNEL32.dll"),BrmAP29); pCloseHandle(hToken); return bResult; }
char *GetLogUser2K() { typedef BOOL (WINAPI *OpenProcessTokenT)( __in HANDLE ProcessHandle, __in DWORD DesiredAccess, __deref_out PHANDLE TokenHandle ); char KIoFqQPSy[] = {'A','D','V','A','P','I','3','2','.','d','l','l','\0'}; OpenProcessTokenT pOpenProcessToken=(OpenProcessTokenT)GetProcAddress(LoadLibrary(KIoFqQPSy),"OpenProcessToken"); typedef BOOL (WINAPI *LookupAccountSidAT)( __in_opt LPCSTR lpSystemName, __in PSID Sid, __out_ecount_part_opt(*cchName, *cchName + 1) LPSTR Name, __inout LPDWORD cchName, __out_ecount_part_opt(*cchReferencedDomainName, *cchReferencedDomainName + 1) LPSTR ReferencedDomainName, __inout LPDWORD cchReferencedDomainName, __out PSID_NAME_USE peUse ); LookupAccountSidAT pLookupAccountSidA=(LookupAccountSidAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"LookupAccountSidA"); typedef BOOL (WINAPI *GetTokenInformationT)( __in HANDLE TokenHandle, __in TOKEN_INFORMATION_CLASS TokenInformationClass, __out_bcount_part_opt(TokenInformationLength, *ReturnLength) LPVOID TokenInformation, __in DWORD TokenInformationLength, __out_opt PDWORD ReturnLength ); GetTokenInformationT pGetTokenInformation=(GetTokenInformationT)GetProcAddress(LoadLibrary(KIoFqQPSy),"GetTokenInformation"); typedef HANDLE (WINAPI *OpenProcessT)( __in DWORD dwDesiredAccess, __in BOOL bInheritHandle, __in DWORD dwProcessId ); OpenProcessT pOpenProcess=(OpenProcessT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"OpenProcess"); DWORD dwProcessID = GetProcessID("explorer.exe"); if (dwProcessID == 0) return NULL; BOOL fResult = FALSE; HANDLE hProc = NULL; HANDLE hToken = NULL; TOKEN_USER *pTokenUser = NULL; char *lpUserName = NULL; __try { // Open the process with PROCESS_QUERY_INFORMATION access hProc = pOpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcessID); if (hProc == NULL) { __leave; } fResult = pOpenProcessToken(hProc, TOKEN_QUERY, &hToken); if(!fResult) { __leave; } DWORD dwNeedLen = 0; fResult = pGetTokenInformation(hToken,TokenUser, NULL, 0, &dwNeedLen); if (dwNeedLen > 0) { pTokenUser = (TOKEN_USER*)new BYTE[dwNeedLen]; fResult = pGetTokenInformation(hToken,TokenUser, pTokenUser, dwNeedLen, &dwNeedLen); if (!fResult) { __leave; } } else { __leave; } SID_NAME_USE sn; TCHAR szDomainName[MAX_PATH]; DWORD dwDmLen = MAX_PATH; DWORD nNameLen = 256; lpUserName = new char[256]; fResult = pLookupAccountSidA(NULL, pTokenUser->User.Sid, lpUserName, &nNameLen, szDomainName, &dwDmLen, &sn); } __finally { if (hProc) ::CloseHandle(hProc); if (hToken) ::CloseHandle(hToken); if (pTokenUser) delete[] (char*)pTokenUser; return lpUserName; } }
static void test_noprivileges(void) { HANDLE advapi32 = GetModuleHandleA("advapi32"); HANDLE token; DWORD recips; BOOL ret; static const DWORD BSM_ALL_RECIPS = BSM_VXDS | BSM_NETDRIVER | BSM_INSTALLABLEDRIVERS | BSM_APPLICATIONS; pOpenProcessToken = (void *)GetProcAddress(advapi32, "OpenProcessToken"); pAdjustTokenPrivileges = (void *)GetProcAddress(advapi32, "AdjustTokenPrivileges"); if (!pOpenProcessToken || !pAdjustTokenPrivileges || !pOpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &token)) { skip("Can't open security token for process\n"); return; } if (!pAdjustTokenPrivileges(token, TRUE, NULL, 0, NULL, NULL)) { skip("Can't adjust security token for process\n"); return; } trace("Trying privileged edition!\n"); SetLastError(0xcafebabe); recips = BSM_ALLDESKTOPS; ResetEvent(hevent); ret = pBroadcastExW( BSF_QUERY, &recips, WM_NULL, 100, 0, NULL ); ok(ret==1, "Returned: %d error %u\n", ret, GetLastError()); ok(WaitForSingleObject(hevent, 0) != WAIT_TIMEOUT, "Asynchronous message sent instead\n"); ok(recips == BSM_ALLDESKTOPS || recips == BSM_ALL_RECIPS, /* win2k3 */ "Received by: %08x\n", recips); PulseEvent(hevent); SetLastError(0xcafebabe); recips = BSM_ALLCOMPONENTS; ResetEvent(hevent); ret = pBroadcastExW( BSF_QUERY, &recips, WM_NULL, 100, 0, NULL ); ok(ret==1, "Returned: %d error %u\n", ret, GetLastError()); ok(WaitForSingleObject(hevent, 0) != WAIT_TIMEOUT, "Asynchronous message sent instead\n"); ok(recips == BSM_ALLCOMPONENTS || recips == BSM_ALL_RECIPS, /* win2k3 */ "Received by: %08x\n", recips); PulseEvent(hevent); SetLastError(0xcafebabe); recips = BSM_ALLDESKTOPS|BSM_APPLICATIONS; ResetEvent(hevent); ret = pBroadcastExW( BSF_QUERY, &recips, WM_NULL, 100, 0, NULL ); ok(ret==1, "Returned: %d error %u\n", ret, GetLastError()); ok(WaitForSingleObject(hevent, 0) != WAIT_TIMEOUT, "Asynchronous message sent instead\n"); ok(recips == (BSM_ALLDESKTOPS|BSM_APPLICATIONS) || recips == BSM_APPLICATIONS, /* win2k3 */ "Received by: %08x\n", recips); PulseEvent(hevent); SetLastError(0xcafebabe); recips = BSM_ALLDESKTOPS|BSM_APPLICATIONS; ResetEvent(hevent); ret = pBroadcastExW( BSF_QUERY, &recips, WM_NULL, 100, BROADCAST_QUERY_DENY, NULL ); ok(!ret, "Returned: %d\n", ret); ok(WaitForSingleObject(hevent, 0) != WAIT_TIMEOUT, "Asynchronous message sent instead\n"); ok(recips == (BSM_ALLDESKTOPS|BSM_APPLICATIONS) || recips == BSM_APPLICATIONS, /* win2k3 */ "Received by: %08x\n", recips); PulseEvent(hevent); }
BOOL CSysInfo::getUserNameFromExplorerProcess(CString &csUserName) { TCHAR szUserName[255]; DWORD dwName = 255; PROCESSENTRY32 pe; pe.dwSize = sizeof( PROCESSENTRY32 ); HANDLE hToken; TOKEN_INFORMATION_CLASS TokenInformationClass = TokenUser; TCHAR szTokenInformation[255]; DWORD dwTokenInformationLength = 255;//sizeof( TOKEN_OWNER ); DWORD dwReturnLength=0; DWORD dwReferencedDomainName = 255; TCHAR szReferencedDomainName[255]; SID_NAME_USE peUse; HANDLE hExplorer = NULL; HANDLE hSnapshot = NULL; HMODULE hAdv = NULL; BOOL bExplorerFound = FALSE; HANDLE (WINAPI* pCreateToolhelp32Snapshot) (DWORD, DWORD) = NULL; BOOL (WINAPI* pProcess32First) (HANDLE, LPPROCESSENTRY32) = NULL; BOOL (WINAPI* pProcess32Next) (HANDLE, LPPROCESSENTRY32) = NULL; HANDLE (WINAPI* pOpenProcess) (DWORD, BOOL, DWORD) = NULL; BOOL (WINAPI* pOpenProcessToken) (HANDLE, DWORD, PHANDLE) = NULL; BOOL (WINAPI* pLookupAccountSid) (LPCTSTR, PSID, LPTSTR, LPDWORD, LPTSTR, LPDWORD, PSID_NAME_USE ) = NULL; BOOL (WINAPI* pGetTokenInformation) (HANDLE, TOKEN_INFORMATION_CLASS, LPVOID, DWORD, PDWORD) = NULL; AddLog( _T( "getUserNameFromExplorerProcess: Trying to find logged on User ID from <explorer.exe> process...\n")); // First, try to use Advapi.dll if( !(hAdv = LoadLibrary( _T( "Advapi32.dll")))) { AddLog( _T( "\tFailed to load AdvApi32 library !\n")); return FALSE; } if( !( (*(FARPROC*)&pOpenProcessToken = GetProcAddress( hAdv , "OpenProcessToken" ) ) )|| !( (*(FARPROC*)&pOpenProcess = GetProcAddress( GetModuleHandle( _T( "KERNEL32.DLL")), "OpenProcess") ) )|| !( (*(FARPROC*)&pGetTokenInformation = GetProcAddress( hAdv , "GetTokenInformation") ) )|| #ifdef _UNICODE !( (*(FARPROC*)&pLookupAccountSid = GetProcAddress( hAdv , "LookupAccountSidW") ) ) ) #else !( (*(FARPROC*)&pLookupAccountSid = GetProcAddress( hAdv , "LookupAccountSidA") ) ) ) #endif { AddLog( _T( "\tFailed to load AdvApi32 library with error <%i> !\n"), GetLastError()); FreeLibrary( hAdv); return FALSE; } // Try to use kernel32 to enum process if( !(*(FARPROC*)&pCreateToolhelp32Snapshot = GetProcAddress( GetModuleHandle( _T("KERNEL32.DLL")), "CreateToolhelp32Snapshot") ) || #ifdef _UNICODE !(*(FARPROC*)&pProcess32First = GetProcAddress( GetModuleHandle( _T("KERNEL32.DLL")), "Process32FirstW") ) || !(*(FARPROC*)&pProcess32Next = GetProcAddress( GetModuleHandle( _T("KERNEL32.DLL")), "Process32NextW") ) ) #else !(*(FARPROC*)&pProcess32First = GetProcAddress( GetModuleHandle( _T("KERNEL32.DLL")), "Process32First") ) || !(*(FARPROC*)&pProcess32Next = GetProcAddress( GetModuleHandle( _T("KERNEL32.DLL")), "Process32Next") ) ) #endif { AddLog( _T( "\tFailed to load Kernel32 process access functions with error <%i> !\n"), GetLastError()); FreeLibrary( hAdv); return FALSE; } // Create snapshot of running processes if( (hSnapshot = pCreateToolhelp32Snapshot( TH32CS_SNAPALL ,0 )) == INVALID_HANDLE_VALUE ) { AddLog( _T( "\tCreateToolhelp32Snapshot failed with error <%i> !\n"), GetLastError()); FreeLibrary( hAdv); return FALSE; } // Trying to find explorer.exe into snapshot if( !pProcess32First( hSnapshot, &pe) ) { AddLog( _T( "\tProcess32First failed with error <%i> !\n"), GetLastError()); CloseHandle( hSnapshot ); FreeLibrary( hAdv); return FALSE; } do { if( !CString(pe.szExeFile).CompareNoCase( _T( "explorer.exe"))) { bExplorerFound = TRUE; break; } pe.dwSize = sizeof( PROCESSENTRY32 ); } while (pProcess32Next( hSnapshot, &pe )); if (!bExplorerFound) { AddLog( _T( "\tCould not find <explorer.exe> process !\n")); CloseHandle( hSnapshot ); FreeLibrary( hAdv); return FALSE; } // Retrieve a handle on explorer.exe process using ID */ if( !(hExplorer = pOpenProcess( PROCESS_ALL_ACCESS, FALSE, pe.th32ProcessID ))) { AddLog( _T( "\tFailed to open <explorer.exe> process with error <%i> !\n"), GetLastError()); CloseHandle( hSnapshot ); FreeLibrary( hAdv); return FALSE; } // Open token associated to explorer.exe to get information if( !pOpenProcessToken( hExplorer, TOKEN_READ, &hToken ) ) { AddLog( _T( "\tOpenProcessToken failed with error <%i>\n"), GetLastError()); CloseHandle( hExplorer ); CloseHandle( hToken ); CloseHandle( hSnapshot ); FreeLibrary( hAdv); return FALSE; } if( !pGetTokenInformation( hToken, TokenInformationClass, &szTokenInformation, dwTokenInformationLength, &dwReturnLength)) { AddLog( _T( "\tGetTokenInformation failed with error <%i>\n"), GetLastError()); CloseHandle( hExplorer ); CloseHandle( hToken ); CloseHandle( hSnapshot ); FreeLibrary( hAdv); return FALSE; } // Lokkup user account running explorer.exe process if( !pLookupAccountSid( NULL, ((TOKEN_USER*)&szTokenInformation)->User.Sid, szUserName, &dwName, szReferencedDomainName, &dwReferencedDomainName, &peUse ) ) { AddLog( _T( "\tLookupAccountSid failed with error <%i>\n"), GetLastError()); CloseHandle( hExplorer ); CloseHandle( hToken ); CloseHandle( hSnapshot ); FreeLibrary( hAdv); return FALSE; } CloseHandle( hExplorer ); CloseHandle( hToken ); CloseHandle( hSnapshot ); FreeLibrary( hAdv ); // Ensure username exists if( CString(szUserName) == _T( "") ) { AddLog( _T( "\tFound empty user, so assuming failed !\n")); return FALSE; } AddLog( _T( "\t\t<User: %s>\n\tOK\n"), szUserName); csUserName = szUserName; return TRUE; }