在禁用UAC的情況下,我需要創建一個具有與使用UAC啓用的進程相同特徵的進程 - 基本上我正在模擬啓用UAC的進程創建。啓用FS虛擬化創建進程
我唯一的障礙是虛擬化。下面的示例代碼應該在啓用虛擬化的情況下在中等IL創建一個記事本實例。實際上,它在中型IL上創建一個記事本實例,禁用虛擬化。我不完全確定爲什麼虛擬化令牌被忽略。有任何想法嗎?
BOOL bRet;
HANDLE hToken;
HANDLE hNewToken;
// Notepad is used as an example
WCHAR wszProcessName[MAX_PATH] =
L"C:\\Windows\\System32\\Notepad.exe";
// Medium integrity SID
WCHAR wszIntegritySid[20] = L"S-1-16-8192";
PSID pIntegritySid = NULL;
DWORD EnableVirtualization = 1;
TOKEN_MANDATORY_LABEL TIL = {0};
PROCESS_INFORMATION ProcInfo = {0};
STARTUPINFO StartupInfo = {0};
ULONG ExitCode = 0;
if (OpenProcessToken(GetCurrentProcess(),MAXIMUM_ALLOWED, &hToken))
{
if (DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL,
SecurityImpersonation, TokenPrimary, &hNewToken))
{
if (ConvertStringSidToSid(wszIntegritySid, &pIntegritySid))
{
TIL.Label.Attributes = SE_GROUP_INTEGRITY;
TIL.Label.Sid = pIntegritySid;
// Set the process integrity level
if (SetTokenInformation(hNewToken, TokenIntegrityLevel, &TIL,
sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(pIntegritySid)))
{
// Enable FS Virtualization
if (SetTokenInformation(hNewToken, TokenVirtualizationEnabled,
&EnableVirtualization, sizeof(EnableVirtualization)))
{
// Create the new process at Low integrity
bRet = CreateProcessAsUser(hNewToken, NULL,
wszProcessName, NULL, NULL, FALSE,
0, NULL, NULL, &StartupInfo, &ProcInfo);
}
}
LocalFree(pIntegritySid);
}
CloseHandle(hNewToken);
}
CloseHandle(hToken);
}
UAC的功能不是虛擬化嗎?沒有UAC,我認爲你不能進行虛擬化。 – Luke 2010-08-17 19:08:51