1. The OpenProcessToken function opens the access token associated with a process.

· ProcessHandle

Identifies the process whose access token is opened.

· DesiredAccess

Specifies an access mask that specifies the requested types of access to the access token. These requested access types are compared with the token’s discretionary access-control list (ACL) to determine which accesses are granted or denied. The following access rights have been defined for access tokens.

TOKEN_ADJUST_DEFAULT

Required to change the default ACL, primary group, or owner of an access token.

TOKEN_ADJUST_GROUPS

Required to change the groups specified in an access token.

TOKEN_ADJUST_PRIVILEGES

Required to change the privileges specified in an access token.

TOKEN_ALL_ACCESS

Combines the STANDARD_RIGHTS_REQUIRED standard access rights and all individual access rights for tokens.

TOKEN_ASSIGN_PRIMARY

Required to attach a primary token to a process in addition to the SE_CREATE_TOKEN_NAME privilege.

TOKEN_DUPLICATE

Required to duplicate an access token.

TOKEN_EXECUTE

Combines the STANDARD_RIGHTS_EXECUTE standard access rights and the TOKEN_IMPERSONATE access right.

TOKEN_IMPERSONATE

Required to attach an impersonation access token to a process.

TOKEN_QUERY

Required to query the contents of an access token.

TOKEN_QUERY_SOURCE

Required to query the source of an access token.

TOKEN_READ

Combines the STANDARD_RIGHTS_READ standard access rights and the TOKEN_QUERY access right.

TOKEN_WRITE

Combines the STANDARD_RIGHTS_WRITE standard access rights and the TOKEN_ADJUST_PRIVILEGES, TOKEN_ADJUST_GROUPS, and TOKEN_ADJUST_DEFAULT access rights.

· TokenHandle

Points to a handle identifying the newly-opened access token when the function returns.

=========

2.The AdjustTokenPrivileges function enables or disables privileges in the specified access token. Enabling or disabling privileges in an access token requires TOKEN_ADJUST_PRIVILEGES access.

· TokenHandle

Identifies the access token that contains the privileges to be modified.

· DisableAllPrivileges

Specifies whether the function disables all of the token’s privileges. If this value is TRUE, the function disables all privileges and ignores the NewState parameter. If it is FALSE, the function modifies privileges based on the information pointed to by the NewState parameter.

· NewState

Pointer to a TOKEN_PRIVILEGES structure that specifies an array of privileges and their attributes. If the DisableAllPrivileges parameter is FALSE, AdjustTokenPrivileges enables or disables these privileges for the token. If you set the SE_PRIVILEGE_ENABLED attribute for a privilege, the function enables that privilege; otherwise, it disables the privilege.

If DisableAllPrivileges is TRUE, the function ignores this parameter.

· BufferLength

Specifies the size, in bytes, of the buffer pointed to by the PreviousState parameter. This parameter can be NULL if the PreviousState parameter is NULL.

· PreviousState

Pointer to a buffer that the function fills with a TOKEN_PRIVILEGES structure containing the previous state of any privileges the function modifies. The token must be open for TOKEN_QUERY access to use this parameter. This parameter can be NULL.

If you specify a buffer that is too small to receive the complete list of modified privileges, the function fails and does not adjust any privileges. In this case, the function sets the variable pointed to by the ReturnLength parameter to the number of bytes required to hold the complete list of modified privileges.

· ReturnLength

Pointer to a variable that receives the required size, in bytes, of the buffer pointed to by the PreviousState parameter. This parameter can be NULL if PreviousState is NULL.

Ответить

Спасибо. Если можно в 2-х словах - что делает каждая ф-я.

Ответить

1. OpenProcessToken открывает позицию доступа к процессу.

2. AdjustTokenPrivileges включает или отключает привилегии в указанной позиции доступа(к процессу. Например, при выключении компьтера берётся привелегия на эту операцию).

Ответить