Получение дополнительных привилегий под NT

Code:

{ **** UBPFD ***************

>> Получение дополнительных привилегий под НТ

В принципе и так все понятно - задаеш название привилегии и

если это возможно, то система их тебе дает

Зависимости: uses Windows, SysUtils;

Автор:       Денис, Этот адрес электронной почты защищён от спам-ботов. У вас должен быть включен JavaScript для просмотра., Lviv

Copyright:   by LiquidStorm, HomeSoftStudios(tm) aka Denis L.

********************************************** }

unit NTPrivelegsU;

////////////////////////////////////////////////////////////////////////

// //

// NT Defined Privileges //

// //

////////////////////////////////////////////////////////////////////////

interface

uses Windows, SysUtils;

const SE_CREATE_TOKEN_NAME = 'SeCreateTokenPrivilege';

const SE_ASSIGNPRIMARYTOKEN_NAME = 'SeAssignPrimaryTokenPrivilege';

const SE_LOCK_MEMORY_NAME = 'SeLockMemoryPrivilege';

const SE_INCREASE_QUOTA_NAME = 'SeIncreaseQuotaPrivilege';

const SE_UNSOLICITED_INPUT_NAME = 'SeUnsolicitedInputPrivilege';

const SE_MACHINE_ACCOUNT_NAME = 'SeMachineAccountPrivilege';

const SE_TCB_NAME = 'SeTcbPrivilege';

const SE_SECURITY_NAME = 'SeSecurityPrivilege';

const SE_TAKE_OWNERSHIP_NAME = 'SeTakeOwnershipPrivilege';

const SE_LOAD_DRIVER_NAME = 'SeLoadDriverPrivilege';

const SE_SYSTEM_PROFILE_NAME = 'SeSystemProfilePrivilege';

const SE_SYSTEMTIME_NAME = 'SeSystemtimePrivilege';

const SE_PROF_SINGLE_PROCESS_NAME = 'SeProfileSingleProcessPrivilege';

const SE_INC_BASE_PRIORITY_NAME = 'SeIncreaseBasePriorityPrivilege';

const SE_CREATE_PAGEFILE_NAME = 'SeCreatePagefilePrivilege';

const SE_CREATE_PERMANENT_NAME = 'SeCreatePermanentPrivilege';

const SE_BACKUP_NAME = 'SeBackupPrivilege';

const SE_RESTORE_NAME = 'SeRestorePrivilege';

const SE_SHUTDOWN_NAME = 'SeShutdownPrivilege';

const SE_DEBUG_NAME = 'SeDebugPrivilege';

const SE_AUDIT_NAME = 'SeAuditPrivilege';

const SE_SYSTEM_ENVIRONMENT_NAME = 'SeSystemEnvironmentPrivilege';

const SE_CHANGE_NOTIFY_NAME = 'SeChangeNotifyPrivilege';

const SE_REMOTE_SHUTDOWN_NAME = 'SeRemoteShutdownPrivilege';

function AdjustPriviliges(const PrivelegStr: String) : Bool; forward;

implementation

function AdjustPriviliges(const PrivelegStr: String) : Bool;

var

hTok : THandle;

tp : TTokenPrivileges;

begin

Result := False;

// Get the current process token handle so we can get privilege.

if OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES + TOKEN_QUERY, hTok) then

try

// Get the LUID for privilege.

  if LookupPrivilegeValue(nil,PChar(PrivelegStr), tp.Privileges[0].Luid) then

  begin

    tp.PrivilegeCount := 1; // one privilege to set

    tp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;

// Get privilege for this process.

    Result := AdjustTokenPrivileges(hTok, False, tp, 0, PTokenPrivileges(nil)^, PDWord(nil)^)

  end

finally

// Cannot test the return value of AdjustTokenPrivileges.

  if (GetLastError <> ERROR_SUCCESS) then

     raise Exception.Create('AdjustTokenPrivileges enable failed');

  CloseHandle(hTok)

end

else raise Exception.Create('OpenProcessToken failed');

end;

end.

Code:

unit uWDog;

// define _DEV_ in developing stage - this mean DEBUG version

{.$DEFINE _DEV_}

// define WRITE_DESKTOP in developing stage if you want

// visible confirmation of service work

{.$DEFINE WRITE_DESKTOP}

// define WRITE_NO_LOGIN if you want to write log when

// nobody logged in

{$DEFINE WRITE_NO_LOGIN}

// define WRITE_FOUND if you want to write log when

// everything ok and process found

{$DEFINE WRITE_FOUND}

// define WRITE_UNCHECKED_LOGINS if you want to write log for

// not checked logins (like Administrator - in release)

{$DEFINE WRITE_UNCHECKED_LOGINS}

{$IFNDEF _DEV_}

{$UNDEF WRITE_DESKTOP}

{$ENDIF}

interface

uses

Windows, Messages, SysUtils, Classes, Graphics, Controls, SvcMgr, Dialogs,

ExtCtrls;

type

TwDog = class(TService)

   dx_time: TTimer;

   procedure ServiceStart(Sender: TService; var Started: Boolean);

   procedure ServiceStop(Sender: TService; var Stopped: Boolean);

   procedure dx_timeTimer(Sender: TObject);

   procedure ServiceCreate(Sender: TObject);

   procedure ServiceDestroy(Sender: TObject);

   procedure ServiceShutdown(Sender: TService);

private

   { Private declarations }

   procedure InitiateShutdown;

   //procedure AbortShutdown;

public

   function GetServiceController: TServiceController; override;

   { Public declarations }

end;

var

wDog: TwDog;

implementation

{$R *.DFM}

uses ShellAPI, NTPrivelegsU, WinSecur,

    FileCtrl {$IFDEF WRITE_DESKTOP}, DeskTopMsg{$ENDIF};

const

     TimerInterval = 5000; // in msec = 5 sec

     SleepAftLogin = 3000; // in msec = 3 sec

     ProcessName = 'Q3Arena.exe';

     ClassName = 'Quake3ArenaClassWnd';

     WndName = ' '; // 1 space

     CheckUsersCount = 2;

{$IFDEF _DEV_}

     StekServer = '127.0.0.1';

     CheckUsers: array [0..CheckUsersCount-1] of String =

                           ('Internet','Administrator');

{$ELSE}

     StekServer = '132.0.0.16';

     CheckUsers: array [0..CheckUsersCount-1] of String =

                           ('Gamer','Office');

{$ENDIF}

var

   hLog: THandle;

   CreateOptScan: LongWord;

   xBuf: array [0..$FF-1] of Char;

   LogPath: String;

// ------------- forward declarations

function IsLoggedIn: Boolean; forward;

function WriteLog(Status: String): DWord; forward;

procedure SndMessage; forward;

procedure Kill; forward;

{$IFDEF _DEV_}

procedure ShowError(erno: DWord); forward;

{$ENDIF}

// function ProcessTerminate(dwPID:Cardinal):Boolean; forward;

// -------------

procedure AdjTokenPrivelegs(mmName: String);

var gler : DWord;

begin

AdjustPriviliges(mmName);

gler := GetLastError;

if (gler <> ERROR_SUCCESS) then

begin

   WriteLog(Format('%s: [FAILED] ',[mmName]));

{$IFDEF _DEV_}

   ShowError(gler);

{$ENDIF}

   exit;

end;

WriteLog(Format('%s: [OK] ',[mmName]));

end;

// -------------

function MyCtrlHandler(dwCtrlType: Dword): Bool; stdcall;

begin

//

case dwCtrlType of

   CTRL_LOGOFF_EVENT : begin

                          WriteLog('CTRL_LOGOFF_EVENT');

                          Result := True;

                        end;

   CTRL_SHUTDOWN_EVENT: begin

                          WriteLog('CTRL_SHUTDOWN_EVENT');

                          Result := True;

                        end;

else Result := False

end;

end;

// -------------

procedure ServiceController(CtrlCode: DWord); stdcall;

begin

wDog.Controller(CtrlCode);

end;

// -------------

function TwDog.GetServiceController: TServiceController;

begin

Result := ServiceController;

end;

// -------------

procedure TwDog.ServiceStart(Sender: TService; var Started: Boolean);

begin

WriteLog('OnStart');

Started := True;

end;

// -------------

procedure TwDog.ServiceStop(Sender: TService; var Stopped: Boolean);

begin

WriteLog('OnStop');

Stopped := True;

end;

// -------------

procedure TwDog.ServiceCreate(Sender: TObject);

begin

if sysutils.Win32Platform = VER_PLATFORM_WIN32_NT then

      CreateOptScan := FILE_FLAG_SEQUENTIAL_SCAN

else CreateOptScan := 0;

GetWindowsDirectory(xBuf,$FF);

LogPath := Format('%s\wDog',[xBuf]);

ForceDirectories(LogPath);

LogPath := Format('%s\%s.log',[LogPath,FormatDateTime('dd.mm.yyyy',Now)]);

WriteLog('Starting ...');

AdjTokenPrivelegs(SE_SHUTDOWN_NAME);

AdjTokenPrivelegs(SE_DEBUG_NAME);

SetConsoleCtrlHandler(@MyCtrlHandler,True);

dx_time.Interval:=TimerInterval;

dx_time.Enabled:=true;

WriteLog('Started: [OK]');

end;

// -------------

procedure TwDog.ServiceDestroy(Sender: TObject);

begin

dx_time.Enabled:=false;

WriteLog('Stopped: [OK]');

CloseHandle(hLog);

end;

// -------------

function IsLoggedIn: Boolean;

var stmp: String;

   i : Byte;

   pid : DWord;

begin

Result := False;

pid := GetPidFromProcessName(GetShellProcessName);

if (pid = 0) or (pid = INVALID_HANDLE_VALUE) then

   // no shell running - no body logged in

   stmp := EmptyStr

else

   // shell running - get interactive user name

   stmp := GetInteractiveUserName; // get DOMAIN\User

if stmp = EmptyStr then

begin

{$IFDEF WRITE_NO_LOGIN}

   WriteLog('[No_Login]');

{$ENDIF}

   Exit;

end;

Delete(stmp,1,Pos('\',stmp)); // get User

for i:=0 to CheckUsersCount do

  if AnsiSameText(stmp,CheckUsers[i]) then

  begin

    WriteLog(Format('[%s]: check',[stmp]));

    Result := True;

    exit;

  end;

// if no login detected

{$IFDEF WRITE_UNCHECKED_LOGINS}

WriteLog(Format('[%s]: no_check',[stmp]));

{$ENDIF}

end;

// -------------

function IsFoundByClass: Boolean;

var hwnd: DWord;

begin

// try to find by classname

hwnd := FindWindowEx(0,0,PChar(ClassName),nil);

if (hwnd = 0) or (hwnd = INVALID_HANDLE_VALUE) then

    Result := False

else

    Result := True;

{$IFDEF _DEV_}

{$IFDEF WRITE_DESKTOP}

if not Result then writeDirect(10,30,'IsFoundByClass: [NO]')

else writeDirect(10,30,'IsFoundByClass: [YES]')

{$ENDIF}

{$ENDIF}

end;

// -------------

function IsFoundByProcName: Boolean;

var

Pid,

hwnd: DWord;

begin

Pid := GetPidFromProcessName(ProcessName);

hwnd := OpenProcess(PROCESS_ALL_ACCESS, False, Pid);

// if hwnd = 0 then RaiseLastWin32Error;

if (hwnd = 0) or (hwnd = INVALID_HANDLE_VALUE) then

    Result := False

else

    Result := True;

CloseHandle(hwnd);

{$IFDEF _DEV_}

{$IFDEF WRITE_DESKTOP}

if not Result then writeDirect(10,70,'IsFoundByProcName: [NO]')

else writeDirect(10,70,'IsFoundByProcName: [YES]')

{$ENDIF}

{$ENDIF}

end;

// -------------

// enable complete Boolean expression evaluation

{$B+}

procedure TwDog.dx_timeTimer(Sender: TObject);

begin

// Check login

// - service started under SYSTEM account, so it works on system boot.

// To prevent machine from deadlock we must check if someone

// has logged in.

if IsLoggedIn then

begin

   // turn off timer - to prevent

   // double elimination

   dx_time.Enabled:=false;

   // make some delay - for user processes startup

   // just after login

   Sleep(SleepAftLogin);

   // try to find by classname, process name

   if IsFoundByClass and

      IsFoundByProcName then

   begin

{$IFDEF WRITE_FOUND}

     WriteLog('[FOUND]');

{$ENDIF}

   end

   else // cheater found

   begin

{$IFNDEF _DEV_}

     SndMessage;

{$ENDIF}

     Kill;

     InitiateShutdown;

   end;

   dx_time.Enabled:=True;

end;

end;

{$B-}

// -------------

procedure SndMessage;

var stmp: string;

   buf: array [0..127] of Char;

   num: DWord;

begin

num := 128;

stmp := EmptyStr;

if GetComputerName(buf,num) then

   SetString(stmp,buf,num)

else ;// no result for netbios name

//

stmp := Format('::Cheater detected on [%s]::',[stmp]);

WriteLog(stmp);

stmp := Format('%s %s',[StekServer,stmp]);

// NetMessageBufferSend

ShellExecute(0,'open','net',PChar('send '+stmp),nil,SW_HIDE);

sleep(50);

end;

// -------------

procedure Kill;

begin

WriteLog('[KILL]');

{$IFDEF _DEV_}

{$IFDEF WRITE_DESKTOP}

writeDirect(10,10,'KILL');

{$ENDIF}

{$ELSE}

ExitWindowsEx(EWX_LOGOFF or EWX_FORCE,0);

{$ENDIF}

end;

// -------------

function WriteLog(Status: String): DWord;

begin

if (hLog = INVALID_HANDLE_VALUE) or (hLog = 0) then

begin

   if FileExists(LogPath) then

   hLog := CreateFile(PChar(LogPath),

                      GENERIC_READ or GENERIC_WRITE,

                      FILE_SHARE_READ,

                      nil,

                      OPEN_EXISTING,

                      FILE_ATTRIBUTE_NORMAL or CreateOptScan,

                      0)

   else

   hLog := CreateFile(PChar(LogPath),

                     GENERIC_READ or GENERIC_WRITE,

                     FILE_SHARE_READ,

                     nil,

                     CREATE_ALWAYS,

                     FILE_ATTRIBUTE_NORMAL or CreateOptScan,

                     0);

   if hLog = INVALID_HANDLE_VALUE then

   begin

     Result := DWord(-1);

     exit;

   end;

   // seek to the end of log

   FileSeek(hLog,0,2);

end;

FillChar(xBuf,$FF,0);

Status := Format('%s - %s'#13#10,

                  [FormatDateTime('hh:nn:ss',Now),

                   Status]);

move((Pointer(@Status[1]))^,xBuf,Length(Status));

// write buffer

FileWrite(hLog,xBuf,Length(Status));

// flush file buffers

FlushFileBuffers(hLog);

Result := 0;

end;

// -------------

{$IFDEF _DEV_}

procedure ShowError(erno: DWord);

var MsgBuf: array [0..$FF-1] of Char;

begin

if erno = ERROR_SUCCESS then exit;

//

FillChar(MsgBuf,$FF,0);

FormatMessage(

       FORMAT_MESSAGE_FROM_SYSTEM,

       nil,

       erno,

       ((WORD(SUBLANG_DEFAULT) shl 10) or WORD(LANG_NEUTRAL)),

       MsgBuf,

       $FF,

       nil);

// Display the string.

MessageBox(0, MsgBuf, 'GetLastError', MB_OK + MB_ICONINFORMATION + MB_TASKMODAL + MB_SERVICE_NOTIFICATION);

end;

{$ENDIF}

// -------------

procedure TwDog.InitiateShutdown;

begin

InitiateSystemShutdown(nil, // shut down local computer

   'Cheater detected on this system. Shutdown initiated.', // message to user

   10, // time-out period

   FALSE, // ask user to close apps

   TRUE); // reboot after shutdown

// bQuite:=False;

end;

Code:

{

For some functions you need to get the right privileges

on a Windows NT machine.

(e.g: To shut down or restart windows with ExitWindowsEx or

to change the system time)

The following code provides a procedure to adjust the privileges.

The AdjustTokenPrivileges() function enables or disables privileges

in the specified access token.

}

// NT Defined Privileges from winnt.h

const

SE_CREATE_TOKEN_NAME = 'SeCreateTokenPrivilege';

SE_ASSIGNPRIMARYTOKEN_NAME = 'SeAssignPrimaryTokenPrivilege';

SE_LOCK_MEMORY_NAME = 'SeLockMemoryPrivilege';

SE_INCREASE_QUOTA_NAME = 'SeIncreaseQuotaPrivilege';

SE_UNSOLICITED_INPUT_NAME = 'SeUnsolicitedInputPrivilege';

SE_MACHINE_ACCOUNT_NAME = 'SeMachineAccountPrivilege';

SE_TCB_NAME = 'SeTcbPrivilege';

SE_SECURITY_NAME = 'SeSecurityPrivilege';

SE_TAKE_OWNERSHIP_NAME = 'SeTakeOwnershipPrivilege';

SE_LOAD_DRIVER_NAME = 'SeLoadDriverPrivilege';

SE_SYSTEM_PROFILE_NAME = 'SeSystemProfilePrivilege';

SE_SYSTEMTIME_NAME = 'SeSystemtimePrivilege';

SE_PROF_SINGLE_PROCESS_NAME = 'SeProfileSingleProcessPrivilege';

SE_INC_BASE_PRIORITY_NAME = 'SeIncreaseBasePriorityPrivilege';

SE_CREATE_PAGEFILE_NAME = 'SeCreatePagefilePrivilege';

SE_CREATE_PERMANENT_NAME = 'SeCreatePermanentPrivilege';

SE_BACKUP_NAME = 'SeBackupPrivilege';

SE_RESTORE_NAME = 'SeRestorePrivilege';

SE_SHUTDOWN_NAME = 'SeShutdownPrivilege';

SE_DEBUG_NAME = 'SeDebugPrivilege';

SE_AUDIT_NAME = 'SeAuditPrivilege';

SE_SYSTEM_ENVIRONMENT_NAME = 'SeSystemEnvironmentPrivilege';

SE_CHANGE_NOTIFY_NAME = 'SeChangeNotifyPrivilege';

SE_REMOTE_SHUTDOWN_NAME = 'SeRemoteShutdownPrivilege';

SE_UNDOCK_NAME = 'SeUndockPrivilege';

SE_SYNC_AGENT_NAME = 'SeSyncAgentPrivilege';

SE_ENABLE_DELEGATION_NAME = 'SeEnableDelegationPrivilege';

SE_MANAGE_VOLUME_NAME = 'SeManageVolumePrivilege';

// Enables or disables privileges debending on the bEnabled

function NTSetPrivilege(sPrivilege: string; bEnabled: Boolean): Boolean;

var

hToken: THandle;

TokenPriv: TOKEN_PRIVILEGES;

PrevTokenPriv: TOKEN_PRIVILEGES;

ReturnLength: Cardinal;

begin

Result := True;

// Only for Windows NT/2000/XP and later.

if not (Win32Platform = VER_PLATFORM_WIN32_NT) then Exit;

Result := False;

// obtain the processes token

if OpenProcessToken(GetCurrentProcess(),

   TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken) then

begin

   try

     // Get the locally unique identifier (LUID) .

     if LookupPrivilegeValue(nil, PChar(sPrivilege),

       TokenPriv.Privileges[0].Luid) then

     begin

       TokenPriv.PrivilegeCount := 1; // one privilege to set

       case bEnabled of

         True: TokenPriv.Privileges[0].Attributes  := SE_PRIVILEGE_ENABLED;

         False: TokenPriv.Privileges[0].Attributes := 0;

       end;

       ReturnLength := 0; // replaces a var parameter

       PrevTokenPriv := TokenPriv;

       // enable or disable the privilege

       AdjustTokenPrivileges(hToken, False, TokenPriv, SizeOf(PrevTokenPriv),

         PrevTokenPriv, ReturnLength);

     end;

   finally

     CloseHandle(hToken);

   end;

end;

// test the return value of AdjustTokenPrivileges.

Result := GetLastError = ERROR_SUCCESS;

if not Result then

   raise Exception.Create(SysErrorMessage(GetLastError));

end;