创建进程置新进程的父进程为指定进程 附 一个提权函数 一个进程名寻进程ID函数

pinkx

1. 
   
2. #include <cstdio>
   
3. #include <Windows.h>
   
4. #include <atlbase.h>
   
5. #include <Tlhelp32.h>
   
6. 
   
7. BOOL EnablePrivilege( LPCTSTR name )
   
8. {//提升进程权限
   
9.     BOOL    bRet=FALSE;
   
10.     //获得指定的权限值
    
11.     TOKEN_PRIVILEGES priv = { 1, { 0, 0, SE_PRIVILEGE_ENABLED } };
    
12.     BOOL bLookup = LookupPrivilegeValue( NULL, name, &priv.Privileges[0].Luid );
    
13.     if( !bLookup )
    
14.     {
    
15.         //OutLog("查找指定权限值失败");
    
16.         return bRet;
    
17.     }
    
18.     //打开进程的访问标记
    
19.     HANDLE hToken = NULL;
    
20.     BOOL bOpenToken = OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken );
    
21.     if( !bOpenToken )
    
22.     {
    
23.         //OutLog("打开进程的访问标记失败");
    
24.         return bRet;
    
25.     }
    
26. 
    
27.     //调整权限
    
28.     BOOL bAdjustpriv = AdjustTokenPrivileges( hToken, false, &priv, sizeof( priv ), 0, 0 );
    
29.     if( !bAdjustpriv )
    
30.     {
    
31.         //OutLog("调整权限失败");
    
32.         CloseHandle( hToken );
    
33.         return bRet;
    
34.     }
    
35.     CloseHandle( hToken );
    
36. 
    
37.     return TRUE;
    
38. }
    
39. 
    
40. DWORD FindProcessIDByProcessName(LPCTSTR lpszProcessName)//根据进程名寻找进程ID
    
41. {
    
42.     HANDLE hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
    
43.     if( hSnapshot == NULL )
    
44.     {
    
45.         return 0;
    
46.     }
    
47.     int nStrLen=lstrlen(lpszProcessName);
    
48.     const char *szFind=NULL;
    
49. #ifdef _UNICODE
    
50.     char szCopy[128];
    
51.     WideCharToMultiByte(CP_ACP,NULL,lpszProcessName,-1,szCopy,sizeof(szCopy),NULL,NULL);
    
52.     szFind=szCopy;
    
53. #else
    
54.     szFind=lpszProcessName;
    
55. #endif
    
56. 
    
57.     PROCESSENTRY32 stProcessEntry32 = {0};
    
58.     stProcessEntry32.dwSize = sizeof(PROCESSENTRY32);
    
59.     Process32First( hSnapshot, &stProcessEntry32 );
    
60.     BOOL bFind = FALSE;
    
61.     do
    
62.     {
    
63.         if(lstrcmpA( stProcessEntry32.szExeFile,szFind) == 0 )
    
64.         {
    
65.             bFind = TRUE;
    
66.             break;
    
67.         }
    
68.     }while( Process32Next( hSnapshot, &stProcessEntry32 ) );
    
69.     CloseHandle( hSnapshot );
    
70.     if (bFind)
    
71.     {
    
72.         return stProcessEntry32.th32ProcessID;
    
73.     }
    
74.     return 0;
    
75. }
    
76. 
    
77. int main()
    
78. {
    
79.     EnablePrivilege(SE_SECURITY_NAME);//提权
    
80.     PROCESS_INFORMATION pi={0};
    
81.     STARTUPINFOEX si={sizeof(STARTUPINFOEX)};
    
82.     SIZE_T    cbAListSize=0;
    
83. 
    
84.     InitializeProcThreadAttributeList(NULL,1,0,&cbAListSize);
    
85.     PPROC_THREAD_ATTRIBUTE_LIST pAList=(PPROC_THREAD_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeap(),0,cbAListSize);
    
86.     InitializeProcThreadAttributeList(pAList,1,0,&cbAListSize);
    
87.     HANDLE hParent=OpenProcess(PROCESS_ALL_ACCESS,FALSE,
    
88.             FindProcessIDByProcessName(TEXT("explorer.exe")));//要置为父进程的句柄
    
89.     UpdateProcThreadAttribute(pAList,0,PROC_THREAD_ATTRIBUTE_PARENT_PROCESS,&hParent,sizeof(HANDLE),NULL,NULL);
    
90.     si.lpAttributeList=pAList;
    
91. 
    
92.     CreateProcess(NULL,TEXT("notepad.exe"),NULL,NULL,FALSE,EXTENDED_STARTUPINFO_PRESENT,NULL,NULL,&si.StartupInfo,&pi);
    
93. 
    
94.     DeleteProcThreadAttributeList(pAList);
    
95.     HeapFree(GetProcessHeap(),0,pAList);
    
96.     system("pause");
    
97.     return 0;
    
98. }
    
99. //置新进程的父进程为指定进程 仅支持 vista win2008 及以上版本
    
100. 
     
101. 
     

复制代码