4

如何确定我自己的进程是否启用了 SeDebugPrivilege?

4

1 回答 1

4

如果有人更需要它,这是解决方案。

type
  TPrivilegesArray = array [0..1024] of TLuidAndAttributes;
  PPrivilegesArray = ^TPrivilegesArray;
var
  luid          : TLargeInteger;
  LuidSDP       : TLargeInteger;
  hToken        : THandle;

  Size          : Cardinal;
  Privileges    : PTokenPrivileges;
  I             : Integer;

  Name          : string;
  Attr          : Longword;

  function AttrToString: string;
  begin
    Result := 'Disabled';
    if (Attr and SE_PRIVILEGE_ENABLED) <> 0 then Result := 'Enabled';
    if (Attr and SE_PRIVILEGE_ENABLED_BY_DEFAULT) <> 0 then Result := 'Enabled By Default';

    Result := Result;
  end;
begin
  OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, hToken);

  GetTokenInformation(hToken, TokenPrivileges, nil, 0, Size);
  Privileges := AllocMem(Size);
  GetTokenInformation(hToken, TokenPrivileges, Privileges, Size, Size);
  LookupPrivilegeValue(nil, 'SeDebugPrivilege', LuidSDP);

  for I := 0 to Privileges.PrivilegeCount - 1 do
  begin
    if LuidSDP <> PPrivilegesArray(@Privileges^.Privileges)^[I].Luid then Continue;

    Luid := PPrivilegesArray(@Privileges^.Privileges)^[I].Luid;
    Attr := PPrivilegesArray(@Privileges^.Privileges)^[I].Attributes;
    Size := 0;

    LookupPrivilegeName(nil, Luid, nil, Size);
    SetLength(Name, Size);
    LookupPrivilegeName(nil, Luid, PChar(Name), Size);

    Form1.Memo2.Lines.Add(Format('[%d][%s][%s]', [Luid, PChar(Name), AttrToString]));
  end;

  FreeMem(Privileges);
  CloseHandle(hToken);

此代码列出所有权限以及是否禁用、默认启用或启用。经过一些搜索和修改后,此代码运行良好。

如果需要列出所有权限,只需注释该行

if LuidSDP <> PPrivilegesArray(@Privileges^.Privileges)^[I].Luid then Continue;
于 2018-12-16T22:33:12.017 回答