13 Security Lab

System 권한여부체크 [2] 본문

Computer Science/Windows Externals

System 권한여부체크 [2]

Maj0r Tom 2015. 5. 11. 18:11
출처 : http://blog.daum.net/aswip/8429343


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80 
#include <stdio.h>
#include <windows.h>
#include <shlobj.h>                  // for IsUserAnAdmin() function.
#pragma comment(lib, "shell32.lib")  // for IsUserAnAdmin() function.
 
BOOL GetProcessElevation(TOKEN_ELEVATION_TYPE *pElevationType, BOOL *pIsAdmin)
{
    HANDLE hToken = NULL;
    BOOL bResult = FALSE;
    DWORD dwSize = 0;
 
    // 현재 프로세스의 토큰을 얻는다.
    if ( !OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken) )
        return FALSE;
 
    // 권한상승 형태에 대한 정보를 얻는다.
    if ( GetTokenInformation(hToken, TokenElevationType, pElevationType, sizeof(TOKEN_ELEVATION_TYPE), &dwSize) )
    {
        BYTE adminSID[SECURITY_MAX_SID_SIZE];
        dwSize = sizeof(adminSID);
        
        // 관리자 그룹의 SID 값을 생성한다.
        CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, &adminSID, &dwSize);
 
        if ( *pElevationType == TokenElevationTypeLimited )
        {
            HANDLE hUnfilteredToken = NULL;
            
            // 연결된 토큰의 핸들을 얻는다.
            GetTokenInformation(hToken, TokenLinkedToken, (void *)&hUnfilteredToken, sizeof(HANDLE), &dwSize);
 
            // 원래의 토큰이 관리자의 SID를 포함하고 있는지 여부를 확인한다.
            if ( CheckTokenMembership(hUnfilteredToken, &adminSID, pIsAdmin) )
                bResult = TRUE;
            
            CloseHandle(hUnfilteredToken);
        }
        else
        {
            *pIsAdmin = IsUserAnAdmin();
            bResult = TRUE;
        }
    }
 
    CloseHandle(hToken);
    return bResult;
}
 
int main(int argc, char **argv)
{
    TOKEN_ELEVATION_TYPE t;
    BOOL bAdmin = FALSE;
    char szUser[0xFF= {0};
    DWORD dwUser = _countof(szUser);
    GetUserName(szUser, &dwUser);
 
    if ( GetProcessElevation(&t, &bAdmin) )
    {
        if ( bAdmin )
            printf("%s is admin, ", szUser);
        else
            printf("%s is not admin, ", szUser);
 
        switch (t)
        {
        case TokenElevationTypeDefault:
            printf("기본 사용자이거나, UAC 기능이 OFF 된 상태임.\n");
            break;
        case TokenElevationTypeFull:
            printf("권한상승되었음\n");
            break;
        case TokenElevationTypeLimited:
            printf("필터된 토큰에 의해 제한된 권한으로 수행되었음.\n");
            break;
        default:
            break;
        }
    }
    return 0;
cs
 



공유하기 링크
'Computer Science/Windows Externals' Related Articles more
Comments