[System] Process Token Library

Libraries/Delphi Library

[System] Process Token Library

째즈토끼 2022. 6. 17. 17:59

unit LibProcessToken;

interface

uses
  Windows, SysUtils, WinNT, WinBase, Sddl, WTSApi32, TlHelp32,
  LibSystemConst, LibProcessInfo;
  
function GetProcessHandle(Filename: String): THandle;           // CloseHandle로 해제할것, Filename은 경로 미포함
function GetProcessToken(ProcessHandle: THandle): THandle;	// CloseHandle로 해제할것
function GetCurrentProcessToken: THandle;                       // CloseHandle로 해제할것
function GetConsoleToken: THandle;                      	// CloseHandle로 해제할것
function GetLinkedToken(SourceToken: THandle): THandle;		// CloseHandle로 해제할것
function DuplicateToken(SourceToken: THandle): THandle;		// CloseHandle로 해제할것
function GetIntegrityLevel(Token: THandle): DWORD;
function GetElevationType(Token: THandle) : DWORD;

[System] System Const Library

unit LibSystemConst; interface uses Windows, SysUtils, LibProcessInfo, LibOSVersion; var __OverVista : Boolean; __OverXP : Boolean; __Over2K : Boolean; __64Bit : Boolean; // 2009.09.20 JAZZ __OverWi..

jazz16.tistory.com

[System] Process Information Library

unit LibProcessInfo; interface uses Windows, WinBase, SysUtils, TlHelp32, PSAPI; type TProcessFindProc = function (ProcessInfo : PProcessEntry32; UserPara : Pointer) : BOOL; stdcall; TModuleFindProc..

jazz16.tistory.com

function GetTokenInfo(Token: THandle; TokenInfoClass: TOKEN_INFORMATION_CLASS; DataLen: PDWORD = nil): Pointer;	// LocalFree(DWORD(xxx))로 해제할것
var
  Len: DWORD;
begin
  Len := 0;
  GetTokenInformation(Token, DWORD(TokenInfoClass), nil, 0, Len);
  if Len > 0 then begin
     RESULT := Pointer(LocalAlloc(0, Len));
     if GetTokenInformation(Token, DWORD(TokenInfoClass), RESULT, Len, Len) then begin
        if Assigned(DataLen) then DataLen^ := Len;
        end
     else begin
        LocalFree(DWORD(RESULT));
        RESULT := nil;
        end;
     end
  else begin
     RESULT := nil;
     end;
end;

function GetIntegrityLevel(Token: THandle): DWORD;
var
  pTIL: PTOKEN_MANDATORY_LABEL;
  C: DWORD;
begin
  RESULT := 0;
  pTIL := GetTokenInfo(Token, TokenIntegrityLevel);
  if Assigned(pTIL) then begin
     try
       C := GetSidSubAuthorityCount(pTIL^._Label.Sid)^;
       if C > 0 then  RESULT := GetSidSubAuthority(pTIL^._Label.Sid, C-1)^;
       finally
       LocalFree(DWORD(pTIL));
       end;
    end;
end;

function GetElevationType(Token: THandle) : DWORD;
var
  pTYPE: PDWORD;
begin
  RESULT := 0;
  pTYPE := GetTokenInfo(Token, TokenElevationType);
  if Assigned(pTYPE) then begin
     RESULT := pTYPE^;
     LocalFree(DWORD(pTYPE));
    end;
end;

type
  PSearchProcUserStruct = ^TSearchProcUserStruct;
  TSearchProcUserStruct = record
        FileName_UpperCase	: PChar;
	ActiveSessionID		: DWORD;
	ProcessID		: DWORD;
	end;

function __SearchProc(ProcessInfo: PProcessEntry32; UserPara: Pointer) : BOOL; stdcall;
var
  SessID : DWORD;
  PT : PSearchProcUserStruct;
begin
  PT := PSearchProcUserStruct(UserPara);

  RESULT := (UpperCase(ExtractFileName(ProcessInfo^.szExeFile)) = String(PT^.FileName_UpperCase))
  	and ProcessIdToSessionId(ProcessInfo^.th32ProcessID, SessID)
        and (SessID = PT^.ActiveSessionID);

  if RESULT then PT^.ProcessID := ProcessInfo^.th32ProcessID;
  // RESULT = TRUE 면 ENUM 종료
end;

function GetProcessHandle(Filename: String): THandle;
var
  SearchParam: TSearchProcUserStruct;
begin
  Filename := UpperCase(Filename);

  SearchParam.ActiveSessionID 	:= WTSGetActiveConsoleSessionId();
  SearchParam.ProcessID    	:= 0;
  SearchParam.FileName_UpperCase:= PChar(Filename);

  if Enum_ProcessList(__SearchProc, @SearchParam) and
     (SearchParam.ProcessID <> 0)
     then RESULT := OpenProcess(MAXIMUM_ALLOWED, FALSE, SearchParam.ProcessID)
     else RESULT := 0;
end;


function GetProcessToken(ProcessHandle: THandle): THandle;
begin
  try
     if not OpenProcessToken(ProcessHandle, TOKEN_ALL_ACCESS, RESULT) then begin
        RESULT := 0;
        Exit;
        end;
     except
     RESULT := 0
     end;
end;

function GetCurrentProcessToken: THandle;
begin
  RESULT := GetProcessToken(OpenProcess(PROCESS_QUERY_INFORMATION, TRUE, GetCurrentProcessID()));
end;

function GetConsoleToken: THandle;
var
  SessID : DWORD;
begin
  try
     SessID := WTSGetActiveConsoleSessionId();
     if SessID = $FFFFFFFF then begin
        RESULT := 0;
        Exit;
        end;

     if not WTSQueryUserToken(SessID, RESULT) then begin
        RESULT := 0;
        Exit;
        end;
     except
     RESULT := 0
     end;
end;

function GetLinkedToken(SourceToken: THandle): THandle;
var
  pLINK: PTOKEN_LINKED_TOKEN;
begin
  RESULT := 0;
  pLINK := GetTokenInfo(SourceToken, TokenLinkedToken);
  if Assigned(pLINK) then begin
     RESULT := pLINK^.LinkedToken;
     LocalFree(DWORD(pLINK));
    end;
end;

function DuplicateToken(SourceToken: THandle): THandle;
begin
  if not DuplicateTokenEx(	SourceToken,
                                MAXIMUM_ALLOWED,
                                nil,
                                SecurityIdentification, //SecurityImpersonation,
                                TokenPrimary,
                                RESULT) then begin
     RESULT := 0;
     end;
end;

저작자표시 비영리 변경금지 (새창열림)

'Libraries > Delphi Library' 카테고리의 다른 글

[Protocol] Modbus RTU Packet Library (0)	2022.06.17
[System] Execute Library 2 (0)	2022.06.17
[System] Process Information Library (0)	2022.06.17
[System] Execute Library (0)	2022.06.17
[TCP/IP] Mac Address 추출하기 (0)	2022.06.15

현재글[System] Process Token Library

개발자를 위한 커닝페이퍼