最近我需要获取进程的完整性级别,我在MSDN上找到了帮助。示例代码如下:
if (GetTokenInformation(hToken, TokenIntegrityLevel,
pTIL, dwLengthNeeded, &dwLengthNeeded))
{
dwIntegrityLevel = *GetSidSubAuthority(pTIL->Label.Sid,
(DWORD)(UCHAR)(*GetSidSubAuthorityCount(pTIL->Label.Sid)-1));
if (dwIntegrityLevel == SECURITY_MANDATORY_LOW_RID)
{
// Low Integrity
wprintf(L"Low Process");
}
else if (dwIntegrityLevel >= SECURITY_MANDATORY_MEDIUM_RID &&
dwIntegrityLevel < SECURITY_MANDATORY_HIGH_RID)
{
// Medium Integrity
wprintf(L"Medium Process");
}
else if (dwIntegrityLevel >= SECURITY_MANDATORY_HIGH_RID)
{
// High Integrity
wprintf(L"High Integrity Process");
}
else if (dwIntegrityLevel >= SECURITY_MANDATORY_SYSTEM_RID)
{
// System Integrity
wprintf(L"System Integrity Process");
}
}
众所周知,
SECURITY_MANDATORY_LOW_RID == 0x00001000L
SECURITY_MANDATORY_MEDIUM_RID == 0x00002000L
SECURITY_MANDATORY_HIGH_RID == 0x00003000L
SECURITY_MANDATORY_SYSTEM_RID == 0x00004000L.
以下是我的问题:如果这个示例代码正确,那么如果进程A具有
dwIntegrityLevel
为0x00004100L
,它的完整性级别是什么? SECURITY_MANDATORY_HIGH_RID
和SECURITY_MANDATORY_SYSTEM_RID
?这是不是意味着一个具有SECURITY_MANDATORY_SYSTEM_RID
级别的进程也具有SECURITY_MANDATORY_HIGH_RID
级别?如果示例代码错误,那么确定进程的完整性级别的正确方法是什么?
some && dwIntegrityLevel <
? - BattleTested_закалённый в бою