堆栈内存溢出
  简体   繁体   English

如何确定进程的完整性级别?

[英]How to determine the integrity level of a process?

 原文  2012-10-08 02:49:54       c++/ security/ winapi

问题描述

I recently needed to get the integrity level of a process, and I found help from MSDN.我最近需要获取进程的完整性级别,我从 MSDN 找到了帮助。 The sample code looks like this:示例代码如下所示:

if (GetTokenInformation(hToken, TokenIntegrityLevel, 
     pTIL, dwLengthNeeded, &dwLengthNeeded))
 {
  dwIntegrityLevel = *GetSidSubAuthority(pTIL->Label.Sid, 
    (DWORD)(UCHAR)(*GetSidSubAuthorityCount(pTIL->Label.Sid)-1));

  if (dwIntegrityLevel == SECURITY_MANDATORY_LOW_RID)
  {
   // Low Integrity
   wprintf(L"Low Process");
  }
  else if (dwIntegrityLevel >= SECURITY_MANDATORY_MEDIUM_RID && 
       dwIntegrityLevel < SECURITY_MANDATORY_HIGH_RID)
  {
   // Medium Integrity
   wprintf(L"Medium Process");
  }
  else if (dwIntegrityLevel >= SECURITY_MANDATORY_HIGH_RID)
  {
   // High Integrity
   wprintf(L"High Integrity Process");
  }
  else if (dwIntegrityLevel >= SECURITY_MANDATORY_SYSTEM_RID)
  {
   // System Integrity
   wprintf(L"System Integrity Process");
  }
 }

As you all know,众所周知,

SECURITY_MANDATORY_LOW_RID == 0x00001000L
SECURITY_MANDATORY_MEDIUM_RID == 0x00002000L
SECURITY_MANDATORY_HIGH_RID == 0x00003000L
SECURITY_MANDATORY_SYSTEM_RID == 0x00004000L.

Here is my question:这是我的问题:
If this sample code is correct, then what integrity level does process A have if it has the dwIntegrityLevel of 0x00004100L ?如果这个示例代码是正确的,那么如果进程 A 的dwIntegrityLevel0x00004100L它的完整性级别是0x00004100L SECURITY_MANDATORY_HIGH_RID and SECURITY_MANDATORY_SYSTEM_RID ? SECURITY_MANDATORY_HIGH_RIDSECURITY_MANDATORY_SYSTEM_RID Does it mean that a process that has the SECURITY_MANDATORY_SYSTEM_RID level also has the SECURITY_MANDATORY_HIGH_RID level?这是否意味着具有SECURITY_MANDATORY_SYSTEM_RID级别的进程也具有SECURITY_MANDATORY_HIGH_RID级别?

If the sample code is wrong, then what is the right way to determine the integrity level of a process?如果示例代码是错误的,那么确定流程完整性级别的正确方法是什么?

2 个解决方案

解决方案1
 4 已采纳  2012-10-08 11:46:46

Note an equivalent declaration in WinNT.h:请注意 WinNT.h 中的等效声明:

#define SECURITY_MANDATORY_MEDIUM_PLUS_RID  (SECURITY_MANDATORY_MEDIUM_RID + 0x100)

So that sounds like you ran into a process that's SYSTEM_PLUS.所以听起来你遇到了一个 SYSTEM_PLUS 进程。

解决方案2
 0  2020-04-13 13:28:09

I would recommend taking a look at the Chrome/Chromium GetCurrentProcessIntegrityLevel implementation that you'll find on https://github.com/chromium/chromium/blob/master/base/process/process_info_win.cc .我建议您查看https://github.com/chromium/chromium/blob/master/base/process/process_info_win.cc上的 Chrome/Chromium GetCurrentProcessIntegrityLevel实现。 This is likely a trustworthy reference.这可能是一个值得信赖的参考。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何挂钩具有更高完整性级别的进程? - How to hook a process with higher integrity level? 如何创建具有较低完整性等级(IL)的新流程? - How to create a new process with a lower Integrity Level (IL)? 在低完整性进程下如何查询进程名称? - How to Query process names under low integrity process? 如何确定线程模拟级别 - How to determine a thread impersonation level 如何确定一个进程是否具有GUI? - How to determine if a process has GUI or not? 如何确定valgrind / callgrind为什么杀死进程 - How to determine why valgrind/callgrind kills process 如何确定进程打开文件的顺序? - How to determine an order of opening files for a process? C++,如何确定 Windows 进程是否正在运行? - C++, How to determine if a Windows Process is running? 如何确定当前使用特定DLL的进程 - How to determine the process that currently using a specific DLL 如何确定进程“虚拟大小”(WinXP)? - How to determine a process “virtual size” (WinXP)?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM