| 用过whoami吧,这个tokenInfor和它的功能相仿,不过是查看指定进程的用户信息和访问令牌信息。
本版管理员不能查看普通用户进程的信息,功能完整的版本可以从www.red8black.com上下载。
用法如下:
D:/>E:/projects/tinfor/lcc/tinfor.exe /?
TokenInfor tell Token Infor and Owner Infor of Specify Process, -- bingle
Usage : E:/projects/tinfor/lcc/tinfor.exe [pid]
pid -- ID of target process, if not provide, use current process
-?|/? -- show this.
如果没有指定进程ID就查询当前进程,也就是tinfor自己了,就和whoami一样了。
D:/>tinfor 160
TokenInfor tell Token Infor and Owner Infor of Specify Process, -- bingle
Token Information of Process ID = 160.
Execute File Path = /??/D:/WINNT/system32/csrss.exe.
User Name : NT AUTHORITY/SYSTEM S-1-5-18
Belong to 3 groups
[group 0] "BUILTIN/Administrators" S-1-5-32-544
[group 1] "/Everyone" S-1-1-0
[group 2] "NT AUTHORITY/Authenticated Users" S-1-5-11
Have 21 Privileges
[Privilege 0] SeTcbPrivilege - 以操作系统方式操作
[Privilege 1] SeCreateTokenPrivilege - 创建记号对象
[Privilege 2] SeTakeOwnershipPrivilege - 取得文件或其它对象的所有权
[Privilege 3] SeCreatePagefilePrivilege - 创建页面文件
[Privilege 4] SeLockMemoryPrivilege - 内存中锁定页
[Privilege 5] SeAssignPrimaryTokenPrivilege - 替换进程级记号
[Privilege 6] SeIncreaseQuotaPrivilege - 添加配额
[Privilege 7] SeIncreaseBasePriorityPrivilege - 增加进度优先级
[Privilege 8] SeCreatePermanentPrivilege - 创建永久共享对象
[Privilege 9] SeDebugPrivilege - 调试程序
[Privilege 10] SeAuditPrivilege - 产生安全审核
[Privilege 11] SeSecurityPrivilege - 管理审核和安全日志
[Privilege 12] SeSystemEnvironmentPrivilege - 修改固件环境值
[Privilege 13] SeChangeNotifyPrivilege - 跳过遍历检查
[Privilege 14] SeBackupPrivilege - 备份文件和目录
[Privilege 15] SeRestorePrivilege - 还原文件和目录
[Privilege 16] SeShutdownPrivilege - 关闭系统
[Privilege 17] SeLoadDriverPrivilege - 装载和卸载设备驱动程序
[Privilege 18] SeProfileSingleProcessPrivilege - 配置单一进程
[Privilege 19] SeSystemtimePrivilege - 更改系统时间
[Privilege 20] SeUndockPrivilege - 从插接工作站中取出计算机
Token Type : Primary Token
OpenProcessToken QUERY_SOURCE error : 5
whoami.exe是一个有错误的debug版tokenInfor程序,什么错误,你调试看看把,这个错误不影响
程序的主要功能,程序代码的实现也没有问题。不要用vc重新编译whoami.c,否则错误就没有了。
vc和lcc有点不同。 源程序
/**
TokenInfor tell Token Infor and Owner Infor of Specify Process
--bingle, bingle@email.com.cn
*/
#include
#include
#include
#include
#define UULEN 256
#define true 1
#define false 0
typedef DWORD GetModuleFileNameExType(
HANDLE hProcess, // handle to the process
HMODULE hModule, // handle to the module
LPTSTR lpFilename, // buffer that receives the path
DWORD nSize // size of the buffer
);
GetModuleFileNameExType *GetModuleFileNameExAddr;
HMODULE psapi;
int GetUserNameFromToken(HANDLE htoken, char user[]);
int OutPutGroupsFromToken(HANDLE htoken);
int OutPutPrivilegesFromToken(HANDLE htoken);
int OutPutTokenType(TOKEN_STATISTICS *tstat);
int GetProcessTokenSource(HANDLE hp, char src[]);
int EnableDebugPriv(int fEnable);
void Usage(char *prog)
{
printf(" Usage : [pid]/r/n", prog);
printf("/tpid -- ID of target process, if not provide, use current process/r/n");
printf("/t-?|/? -- show this. /r/n");
exit(0);
}
int LoadPsapi()
{
psapi = LoadLibrary("psapi.dll");
GetModuleFileNameExAddr = NULL;
if(psapi == NULL) return 0;
GetModuleFileNameExAddr = (GetModuleFileNameExType*)GetProcAddress(psapi, "GetModuleFileNameExA");
if(GetModuleFileNameExAddr == NULL)
{
psapi = NULL;
return 0;
}
return 1;
}
int main(int argc,char *argv[])
{
printf("TokenInfor tell Token Infor and Owner Infor of Specify Process, -- bingle/r/n/r/n");
if(argc == 2 && strcmp(argv[1], "/?") == 0)Usage(argv[0]);
if(argc == 2 && strcmp(argv[1], "-?") == 0)Usage(argv[0]);
HANDLE hp , htoken;
char buff[1024];
unsigned long size = 1024, ret, procID;
hp = htoken = INVALID_HANDLE_VALUE;
if(argc > 1)procID= atoi(argv[1]);
else procID = GetCurrentProcessId();
if(procID == 0)
{
printf(" Bad Process ID provided!!/r/n");
Usage(argv[0]);
}
if((ret = EnableDebugPriv(1)) != 0)printf("EnableDebugPriv(1) error : 0 /r/n", ret);
hp = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, procID);
ret = GetLastError();
EnableDebugPriv(0);
if(hp == NULL)
{
printf("Unable to open target process ID=0. Error : 0/r/n", procID, ret);
exit(0);
}
printf("Token Information of Process ID = 0./r/n", procID);
if(LoadPsapi())
{
ret = GetModuleFileNameExAddr(hp, NULL, buff, 1024);
if(ret)printf("Execute File Path = ./r/n", buff);
else printf("Get Execute File Path Error : 0./r/n", GetLastError());
FreeLibrary(psapi);
}else printf("Cannot Get Execute File Path, Load Psapi.dll Error./r/n");
puts("");
ret = OpenProcessToken(hp, TOKEN_QUERY, &htoken);
if(!ret)
{
printf("OpenProcessToken QUERY error : 0/r/n", GetLastError());
goto exit_main;
}
if(GetUserNameFromToken(htoken, buff))
printf("User Name : /r/n", buff);
OutPutGroupsFromToken(htoken);
OutPutPrivilegesFromToken(htoken); size = 1024;
TOKEN_STATISTICS *tstat;
if(!GetTokenInformation(htoken, TokenStatistics, (void*)buff, size, &size))
{
printf("GetTokenInformation TokenStatistics error : 0/r/n", GetLastError());
goto exit_main;
}
tstat = (TOKEN_STATISTICS *)buff;
OutPutTokenType(tstat);
char src[10];
if(GetProcessTokenSource(hp, src))
printf("Token source : /r/n", src);
exit_main:
if(htoken != INVALID_HANDLE_VALUE)CloseHandle(htoken);
if(hp != INVALID_HANDLE_VALUE)CloseHandle(hp);
return 0;
}
int GetUserNameFromToken(HANDLE htoken, char user[])
{
char buff[1024], tusr[UULEN], domain[UULEN];
unsigned long size;
TOKEN_USER *tuser;
PSID sid;
SID_NAME_USE snu;
size = 1024;
if(!GetTokenInformation(htoken, TokenUser, (void*)buff, size, &size))
{
printf("GetTokenInformation error : 0/r/n", GetLastError());
return false;
}
tuser = (TOKEN_USER*)buff;
sid = tuser->User.Sid;
size = UULEN;
if(!LookupAccountSid(NULL, sid, tusr, &size, domain, &size, &snu))
{
printf("LookupAccountSid error : 0/r/n", GetLastError());
return false;
}
sprintf(user, "//", domain, tusr);
return true;
}
int OutPutGroupsFromToken(HANDLE htoken)
{
char buff[1024];
unsigned long size = 1024;
TOKEN_GROUPS *tgrps;
if(!GetTokenInformation(htoken, TokenGroups, (void*)buff, size, &size))
{
printf("GetTokenInformation TokenGroups error : 0/r/n", GetLastError());
return false;
}
tgrps = (TOKEN_GROUPS *)buff;
printf("/r/nBelong to 0 groups/r/n", tgrps->GroupCount);
PSID sid;
char group[UULEN], domain[UULEN];
SID_NAME_USE snu;
for(int i = 0; i < tgrps->GroupCount; i++)
{
sid = tgrps->Groups[i].Sid;
size = UULEN;
if(!LookupAccountSid(NULL, sid, group, &size, domain, &size, &snu))
printf("[group 0] error : 0/r/n", i, GetLastError());
else printf("[group 0] ///r/n", i, domain, group);
}
return true;
}
int OutPutPrivilegesFromToken(HANDLE htoken)
{
char buff[1024];
unsigned long size = 1024;
TOKEN_PRIVILEGES *tpriv;
if(!GetTokenInformation(htoken, TokenPrivileges, (void*)buff, size, &size))
{
printf("GetTokenInformation TokenPrivileges error : 0/r/n", GetLastError());
return false;
}
tpriv = (TOKEN_PRIVILEGES *)buff;
printf("/r/nHave 0 Privileges/r/n", tpriv->PrivilegeCount);
LUID_AND_ATTRIBUTES la;
char spriv[UULEN], sdisp[UULEN * 2];
for(int i = 0; i < tpriv->PrivilegeCount; i++)
{
la = tpriv->Privileges[i];
size = UULEN;
LookupPrivilegeName(NULL, &la.Luid, spriv, &size);
size = UULEN * 2;
if(!LookupPrivilegeDisplayName(NULL, spriv, sdisp, &size, &size))
printf("[Privilege 0] error : 0/r/n", i, GetLastError());
else printf("[Privilege 0] - /r/n", i, spriv, sdisp);
}
return true;
}
int OutPutTokenType(TOKEN_STATISTICS *tstat)
{
if(tstat->TokenType == TokenPrimary)
printf("Token Type : Primary Token/r/n");
else printf("Token Type : Impersonation Token/r/n"); struct IMPERSONATION_LEVEL
{
SECURITY_IMPERSONATION_LEVEL il;
char *dsp;
}imperLevel[4];
imperLevel[0].il = SecurityAnonymous;
imperLevel[0].dsp = "SecurityAnonymous -- The server process cannot obtain identification information/
about the client and it cannot impersonate the client. It is defined with no value given,/
and thus, by ANSI C rules, defaults to a value of 0.";
imperLevel[1].il = SecurityIdentification;
imperLevel[1].dsp = "SecurityIdentification -- The server process can obtain information about the client,/
such as security identifiers and privileges, but it cannot impersonate the client./
This is useful for servers that export their own objects ― for example,/
database products that export tables and views. Using the retrieved client-security/
information, the server can make access-validation decisions without being able to utilize/
other services using the client's security context.";
imperLevel[2].il = SecurityImpersonation;
imperLevel[2].dsp = "SecurityImpersonation -- The server process can impersonate the client's security context/
on its local system. The server cannot impersonate the client on remote systems.";
imperLevel[3].il = SecurityDelegation;
imperLevel[3].dsp = "SecurityDelegation -- The server process can impersonate the client's security context/
on remote systems./r/n/
Windows NT: This impersonation level is not supported./r/n/
Windows 2000: This impersonation level is supported.";
if(tstat->TokenType != TokenPrimary)
for(int i = 0; i < 4; i++)
if(tstat->ImpersonationLevel == imperLevel[i].il)
{
printf("/tToken Impersonation Level : /r/n", imperLevel[i].dsp);
break;
}
return 0;
}
int GetProcessTokenSource(HANDLE hp, char *src)
{
HANDLE htoken;
char buff[100];
unsigned long size;
src[0] = '/0';
if(!OpenProcessToken(hp, TOKEN_QUERY_SOURCE, &htoken))
{
printf("OpenProcessToken QUERY_SOURCE error : 0/r/n", GetLastError());
return false;
}
size = 100;
TOKEN_SOURCE *tsrc;
if(!GetTokenInformation(htoken, TokenSource, (void*)buff, size, &size))
{
CloseHandle(htoken);
printf("GetTokenInformation TokenSource error : 0/r/n", GetLastError());
return false;
}
CloseHandle(htoken);
tsrc = (TOKEN_SOURCE *)buff;
tsrc->SourceName[7] = '/0';
strcpy(src, tsrc->SourceName);
return true;
}
int EnableDebugPriv(int fEnable)
{
HANDLE htoken;
int fError=0;
if(OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &htoken))
{
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount=1;
if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid))
if(!fError)fError = GetLastError();
tp.Privileges[0].Attributes=fEnable?SE_PRIVILEGE_ENABLED:0;
if(!AdjustTokenPrivileges(htoken, FALSE, &tp, sizeof(tp), NULL, NULL))
if(!fError)fError = GetLastError();
CloseHandle(htoken);
if(!fError)fError=GetLastError();
}
else fError=GetLastError();
return fError;
} |