DropMyRights

出自ProgWiki
跳至導覽 跳至搜尋

DropMyRights,是一種在Windows XP降低應用程式權限的方法,常用來防止病毒或木馬透過管理員權限的Windows登入帳號而入侵。

技術文件

建立DropMyRights.exe

⒈使用Visual Studio 2010開一個名為DropMyRights的C++的Win32主控台應用程式專案
⒉將 DropMyRights.cpp 改為下列內容

// DropMyRights.cpp : 定義主控台應用程式的進入點。
//
 
#include "stdafx.h"
#include <Windows.h>
#include <Strsafe.h>
#include <WinSafer.h>
 
void Usage()
{
    fwprintf(stdout,L"The arguments to DropMyRights are:\n");
    fwprintf(stdout,L"\n");
    fwprintf(stdout,L"DropMyRights {path} [N|C|U]\n");
    fwprintf(stdout,L"\n");
    fwprintf(stdout,L"The meanings of the variables are:\n");
    fwprintf(stdout,L"\n");
    fwprintf(stdout,L"Path is the full path of the application to launch.\n");
    fwprintf(stdout,L"N means run the application as a normal user. This is the default if you provide no argument.\n");
    fwprintf(stdout,L"C means run the application as a constrained user.\n");
    fwprintf(stdout,L"U means run the application as an untrusted user. Chances are, this will cause some applications to fail.\n");
}
 
 
//////////////////////////////////////////////////////////////////////////////////
//DWORD wmain(int argc, wchar_t **argv) 
int _tmain(int argc, _TCHAR* argv[])
{
 
   DWORD fStatus = ERROR_SUCCESS;
 
   if (2 != argc && 3 != argc) {
      Usage();
      return ERROR_INVALID_PARAMETER;
   }
 
   // get the SAFER level
   DWORD hSaferLevel = SAFER_LEVELID_NORMALUSER;
   if (3 == argc && argv[2]) {
      switch(argv[2][0]) {
         case 'C' : 
         case 'c' :  hSaferLevel = SAFER_LEVELID_CONSTRAINED; 
                  break;
         case 'U' :
         case 'u' :   hSaferLevel = SAFER_LEVELID_UNTRUSTED;
                  break;
 
         default  :   hSaferLevel = SAFER_LEVELID_NORMALUSER;
                  break;
      }
   }
 
   // get the command line, and make sure it's not bogus
   wchar_t *wszPath = argv[1];
   size_t cchLen = 0;
   if (FAILED(StringCchLength(wszPath,MAX_PATH,&cchLen)))
      return ERROR_INVALID_PARAMETER;
 
    SAFER_LEVEL_HANDLE hAuthzLevel = NULL;
    if (SaferCreateLevel(SAFER_SCOPEID_USER,
                         hSaferLevel,
                         0, 
             &hAuthzLevel, NULL)) {
 
        //  Generate the restricted token we will use.
        HANDLE hToken = NULL;
        if (SaferComputeTokenFromLevel(
            hAuthzLevel,    // SAFER Level handle
            NULL,           // NULL is current thread token.
            &hToken,        // Target token
            0,              // No flags
            NULL)) {        // Reserved
 
         STARTUPINFO si;
         ZeroMemory(&si, sizeof(STARTUPINFO));
         si.cb = sizeof(STARTUPINFO);
         si.lpDesktop = NULL;
 
         // Spin up the new process
         PROCESS_INFORMATION pi;
         if (CreateProcessAsUser( 
            hToken,
            wszPath, NULL,
            NULL, NULL,
            FALSE, CREATE_NEW_CONSOLE,
            NULL, NULL,  
            &si, &pi)) {
 
               CloseHandle(pi.hProcess);
               CloseHandle(pi.hThread);
 
         } else {
            fStatus = GetLastError();
            fwprintf(stderr,L"CreateProcessAsUser failed (%lu)\n",fStatus);
         } 
      } else {
         fStatus = GetLastError();
      }
 
      SaferCloseLevel(hAuthzLevel);
 
   } else {
      fStatus = GetLastError();
   }
 
   return fStatus;
}


⒊重建專案
⒋把產生的DropMyRights.exe複製到資料夾 C:\Program Files\

FAQ

在WinXP下對Internet Explorer使用DropMyRights

"C:\Program Files\DropMyRights.exe" "C:\Program Files\Internet Explorer\iexplore.exe"