SoftHub关联区 - 得到 windows 管理员权限的代码收集贴

您的位置：首页 >> SoftHub关联区 >> 主题: 得到 windows 管理员权限的代码收集贴 [回主站] [分站链接]

您的位置：首页 >> SoftHub关联区 >> 主题: 得到 windows 管理员权限的代码收集贴 [最新] [回主站]

得到 windows 管理员权限的代码收集贴

clq

浏览(236) - 2019-03-16 17:13:20 发表编辑

关键字: windows_code

[2020-08-11 20:44:24 最后更新]

得到 windows 管理员权限的代码收集贴

今天弄了一整天,怎样用管理员权限云运行另外一个程序(当然是在自己就是管理员运行程序的情况下,并不是指黑客手段).

没想到网上的很多代码居然是错误的,当然也有可能因为现在都是 win10 了,以前的用不了了.

首先要说的是网上盛传的 runas 并不能用,似乎是要使用密码才行.

比如 https://blog.csdn.net/qq125096885/article/details/72626886

就行不通

--------------------------------------------------------------------

#include <stdio.h>
#include<windows.h>
#include<tchar.h>

int main(void)
{
    SHELLEXECUTEINFO sei = { sizeof(SHELLEXECUTEINFO) };
    sei.lpVerb = TEXT("runas");
    sei.lpFile = TEXT("cmd.exe");//add application which you want to run as administrator here
    sei.nShow = SW_SHOWNORMAL;//without this,the windows will be hiden
    if (!ShellExecuteEx(&sei))
    {
        DWORD dwStatus = GetLastError();
        if (dwStatus == ERROR_CANCELLED)
        {
            printf("提升权限被用户拒绝\n");
        }
        else if (dwStatus == ERROR_FILE_NOT_FOUND)
        {
                printf("所要执行的文件没有找到\n");
        }
    }

    getchar();
    getchar();
    return 0;
}

--------------------------------------------------------------------

下面这份是用一个新的 api 运行的,很有点意思大家可以看看.

https://wedelphi.com/t/376196/

pApplicationName是可执行文件名字.lpCommandLine是命令行参数.
如果lpApplicationName是空的话,那么将会把第一个参数作为可执行文件执行.所有带参数执行的话有两种调用方式.
我给你两种调用方式的的例子,都是调用记事本打开C:/boot.ini文件的

const
LOGON_WITH_PROFILE = $00000001;
LOGON_NETCREDENTIALS_ONLY = $00000002;

function CreateProcessWithLogonW(lpUsername, lpDomain, lpPassword : LPCWSTR;
dwLogonFlags : DWORD; lpApplicationName : LPCWSTR; lpCommandLine : LPWSTR;
dwCreationFlags : DWORD; lpEnvironment : pointer; lpCurrentDirectory : LPCWSTR;
const lpStartupInfo : STARTUPINFOW; var lpProcessInformation : PROCESS_INFORMATION) : BOOL; stdcall;
external 'advapi32.dll';

procedure TForm1.Button1Click(Sender: TObject);
var
wUsername, wDomain, wPassword, wApplicationName, wCommandLine : WideString;
pwUsername, pwDomain, pwPassword, pwApplicationName, pwCommandLine : PWCHAR;
StartupInfo : STARTUPINFOW;
ProcessInfo : PROCESS_INFORMATION;
begin
wUsername := 'WANGRUI';
wDomain := '';
wPassword := 'wr';
wApplicationName := 'c:/windows/notepad.exe';
wCommandLine := ' c:/boot.ini';
pwUsername := PWCHAR(wUsername);
pwDomain := PWCHAR(wDomain);
pwPassword := PWCHAR(wPassword);
pwApplicationName := PWCHAR(wApplicationName);
pwCommandLine := PWCHAR(wCommandLine);

FillChar(StartupInfo, SizeOf(STARTUPINFOW), 0);
StartupInfo.cb := SizeOf(STARTUPINFOW);
if not CreateProcessWithLogonW(pwUsername,
pwDomain,
pwPassword,
LOGON_WITH_PROFILE,
pwApplicationName,
pwCommandLine,
CREATE_DEFAULT_ERROR_MODE,
nil,
nil,
StartupInfo,
ProcessInfo) then
RaiseLastOSError;

end;

procedure TForm1.Button2Click(Sender: TObject);
var
wUsername, wDomain, wPassword, wCommandLine : WideString;
pwUsername, pwDomain, pwPassword, pwCommandLine : PWCHAR;
StartupInfo : STARTUPINFOW;
ProcessInfo : PROCESS_INFORMATION;
begin
wUsername := 'WANGRUI';
wDomain := '';
wPassword := 'wr';
wCommandLine := 'c:/windows/notepad.exe c:/boot.ini';
pwUsername := PWCHAR(wUsername);
pwDomain := PWCHAR(wDomain);
pwPassword := PWCHAR(wPassword);
pwCommandLine := PWCHAR(wCommandLine);

FillChar(StartupInfo, SizeOf(STARTUPINFOW), 0);
StartupInfo.cb := SizeOf(STARTUPINFOW);
if not CreateProcessWithLogonW(pwUsername,
pwDomain,
pwPassword,
LOGON_WITH_PROFILE,
nil,
pwCommandLine,
CREATE_DEFAULT_ERROR_MODE,
nil,
nil,
StartupInfo,
ProcessInfo) then
RaiseLastOSError;

end;

--------------------------------------------------------------------

clq 2019-03-16 17:15:37 发表编辑

https://www.cnblogs.com/hsrzyn/articles/2146151.html
win7中使用runas命令（替代右键“以管理员身份运行”）

     在win7中，由于账户控制，使用cmd就不太方便，因为权限问题，比方说最简单的，输入“net start mssqlserver”(开启sql server服务)，就会提示“拒绝访问”。最简单的解决办法就是右键选择“以管理员身份运行”，获取权限就够了。

     现在发现这样也不方便，就想着是不是有什么命令可以达到这样的效果。查了下，就是“runas”。

     在cmd里输入“runas /?”查看帮助，其实我要的只是以管理员账号运行就够了，输入“runas /user:administrator cmd”(用administrator运行cmd)，之后会让输入密码，输入密码后报错了 “RUNAS 错误: 无法运行 - cmd 1058: 无法启动服务，原因可能是已被禁用或与其相关联的设备没有启动。”

     这个是因为 “Secondary Logo”服务没有启动，这个服务是“在不同凭据下启用启动过程”。直接在cmd中输入services.msc，将服务从禁用改为手动就好了，之后再次输入runas命令，就会弹出新的cmd窗口，且是以administrator账号运行的，权限问题搞定。

clq 2019-03-16 17:19:18 发表编辑

runas 的问题似乎是因为第一次运行时会提示要输入密码。

clq 2019-03-16 17:27:55 发表编辑

还有说用一个叫 psexec 的程序来运行的，这个就更扯得远了。其实在调用程序本身就有管理员权限的情况下，用最简单的 ShellExecute 就可以了！！！而我折腾了一天是原因是因为我要用的 mklink 实际上是内部命令而我一直去调用 mklink.exe ... 比较搞的是 windows 还真有这个

exe 而且还能提示错误 ... 例如

成功 mklink /D d:\clq c:\clq
失败 mklink.exe /D C:\Users\ccc\Desktop\3\aaa d:\clq

实际上正确的方法是

ShellExecute(0, nil, PChar('cmd.exe'), PChar('/c mklink /D "' + s2 + '" "' + s1 + '"'), nil, 0); //ok 如果程序本身是管理员的,这样的命令也会是管理员的

这是在

https://stackoverflow.com/questions/11385842/running-mklink-in-processstartinfo

得到的提示

--------------------------------------------------

Running `mklink` in ProcessStartInfo
Ask Question
4

I am working on a c# program that needs to be compatible with Windows and Linux (Mono).

I am trying to create a symbolic link in both platforms and I am using ProcessStartInfo in order for this to work. I haven't tried this on Linux yet but on Windows I am using the following code

ProcessStartInfo process = new ProcessStartInfo();

                    process.CreateNoWindow = true;
                    process.UseShellExecute = false;
                    process.FileName = "mklink";
                    process.WindowStyle = ProcessWindowStyle.Hidden;
                    process.Arguments = "/D " + webFolder + "MyFolder" + webFolder + "MyFolder_" + version;
                    Process.Start(process);

When I run the above code I get

    System.ComponentModel.Win32Exception: The system cannot find the file specified

If I run mklink in command prompt it works fine.

I've had a look on Google and it says about doing a [DllImport("kernel32.dll")] but this isn't going to work on Linux.

Thanks for any help you can provide.
c# process symlink
shareimprove this question
asked Jul 8 '12 at 19:03
Boardy
14.6k82209368
add a comment
1 Answer
active
oldest
votes
14

mklink is a command of the cmd.exe program, not a stand-alone program.

To run mklink, you have to actually invoke cmd.exe with an appropriate set of parameters, like this:

ProcessInfo = new ProcessStartInfo("cmd.exe", "/c mklink " + argumentsForMklink);

shareimprove this answer
edited Jul 8 '12 at 19:33
answered Jul 8 '12 at 19:27
Eric J.
120k47269494

    Thanks for your help – Boardy Jul 8 '12 at 19:54
    Glad to help... Note that when you run this on Linux (assuming you're running C# there), you probably don't need to run mklink through a shell (not done much Mono so not 100% sure). – Eric J. Jul 8 '12 at 21:19

I don't think there is a mklink command so I need to run a separate command for linux which would be ln -fs source target. I'm doing a check first to see which OS it is running on and performing the command accordingly. – Boardy Jul 9 '12 at 10:29
@Boardy: Good point. ln is a stand-alone command (I believe) so would not require a shell processor under Linux. – Eric J. Sep 24 '13 at 21:02
1
I had problems running mklink on a remote machine by means of PSEXEC \\someserver mklink .... Your answer gave me the crucial hint to use PSEXEC \\someserver cmd /c mklink ... instead, which worked well. – Hermann Schachner Sep 8 '15 at 11:31

clq 2019-03-16 17:31:38 发表编辑

那么怎样让程序本身就有管理员权限呢？对于新版本的 vc 直接在项目中设置就可以了。而对于 delphi7 这样比较老的 ide 来说，可以在 vc 中编辑好