windowsXP擷取權限

WindowsXp也可以向Win7一樣擷取管理者權限滴！以下代碼經過測試，可以在xp下正常檢測。

當以管理者使用者運作此程式時（包括右鍵選擇以管理者權限運作），IsAdmin傳回為TRUE。

BOOL IsAdmin();

int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])

{

int nRetCode = 0;

// initialize MFC and print and error on failure

if (!AfxWinInit(::GetModuleHandle(NULL), NULL, ::GetCommandLine(), 0))

{

// TODO: change error code to suit your needs

_tprintf(_T("Fatal Error: MFC initialization failed\n"));

nRetCode = 1;

}

else

{

// TODO: code your application's behavior here.

if (IsAdmin())

{

_tprintf(_T("Yes, is Admin \n"));

AfxMessageBox(_T("Yes, is Admin!"));

return nRetCode;

}

_tprintf(_T("No, is not Admin \n"));

AfxMessageBox(_T("No, is not Admin!"));

}

return nRetCode;

}

#define   ACCESS_READ   1 

#define   ACCESS_WRITE   2

BOOL IsAdmin() 

{ 

HANDLE   hToken; 

DWORD   dwStatus; 

DWORD   dwAccessMask; 

DWORD   dwAccessDesired; 

DWORD   dwACLSize; 

DWORD   dwStructureSize   =   sizeof(PRIVILEGE_SET); 

PACL   pACL   =   NULL; 

PSID   psidAdmin   =   NULL; 

BOOL   bReturn   =   FALSE; 

PRIVILEGE_SET   ps; 

GENERIC_MAPPING   GenericMapping; 

PSECURITY_DESCRIPTOR   psdAdmin   =   NULL; 

SID_IDENTIFIER_AUTHORITY   SystemSidAuthority   =   SECURITY_NT_AUTHORITY; 

if(!ImpersonateSelf(SecurityImpersonation))

goto   LeaveIsAdmin; 

if   (!OpenThreadToken(GetCurrentThread(),   TOKEN_QUERY,   FALSE,   &hToken)) 

{ 

if   (GetLastError()   !=   ERROR_NO_TOKEN) 

goto   LeaveIsAdmin; 

if   (!OpenProcessToken(GetCurrentProcess(),   TOKEN_QUERY,   &hToken)) 

goto   LeaveIsAdmin; 

if   (!OpenProcessToken(GetCurrentProcess(),   TOKEN_QUERY,   &hToken)) 

goto   LeaveIsAdmin; 

} 

if   (!AllocateAndInitializeSid(&SystemSidAuthority,   2, 

SECURITY_BUILTIN_DOMAIN_RID,   DOMAIN_ALIAS_RID_ADMINS, 

0,   0,   0,   0,   0,   0,   &psidAdmin)) 

goto   LeaveIsAdmin; 

psdAdmin   =   LocalAlloc(LPTR,   SECURITY_DESCRIPTOR_MIN_LENGTH); 

if   (psdAdmin   ==   NULL) 

goto   LeaveIsAdmin; 

if   (!InitializeSecurityDescriptor(psdAdmin, 

SECURITY_DESCRIPTOR_REVISION)) 

goto   LeaveIsAdmin; 

dwACLSize   =   sizeof(ACL)   +   sizeof(ACCESS_ALLOWED_ACE)   + 

GetLengthSid(psidAdmin)   -   sizeof(DWORD); 

pACL   =   (PACL)LocalAlloc(LPTR,   dwACLSize); 

if   (pACL   ==   NULL) 

goto   LeaveIsAdmin; 

if   (!InitializeAcl(pACL,   dwACLSize,   ACL_REVISION2)) 

goto   LeaveIsAdmin; 

dwAccessMask=   ACCESS_READ   |   ACCESS_WRITE; 

if   (!AddAccessAllowedAce(pACL,   ACL_REVISION2,   dwAccessMask,   psidAdmin)) 

goto   LeaveIsAdmin; 

if   (!SetSecurityDescriptorDacl(psdAdmin,   TRUE,   pACL,   FALSE)) 

goto   LeaveIsAdmin; 

if(!SetSecurityDescriptorGroup(psdAdmin,   psidAdmin,   FALSE)) 

goto   LeaveIsAdmin; 

if(!SetSecurityDescriptorOwner(psdAdmin,   psidAdmin,   FALSE)) 

goto   LeaveIsAdmin; 

if   (!IsValidSecurityDescriptor(psdAdmin)) 

goto   LeaveIsAdmin; 

dwAccessDesired   =   ACCESS_READ; 

GenericMapping.GenericRead   =   ACCESS_READ; 

GenericMapping.GenericWrite   =   ACCESS_WRITE; 

GenericMapping.GenericExecute   =   0; 

GenericMapping.GenericAll   =   ACCESS_READ   |   ACCESS_WRITE; 

if   (!AccessCheck(psdAdmin,   hToken,   dwAccessDesired, 

&GenericMapping,   &ps,   &dwStructureSize,   &dwStatus,   &bReturn)) 

goto   LeaveIsAdmin; 

if(!RevertToSelf()) 

bReturn   =   FALSE; 

LeaveIsAdmin: 

if   (pACL)   LocalFree(pACL); 

if   (psdAdmin)   LocalFree(psdAdmin); 

if   (psidAdmin)   FreeSid(psidAdmin); 

return   bReturn; 

}