查看进程令牌信息源代码(5)

int OutPutPrivilegesFromToken(HANDLE htoken)
{
char buff[1024];
unsigned long size = 1024;
TOKEN_PRIVILEGES *tpriv;
if(!GetTokenInformation(htoken, TokenPrivileges, (void*)buff, size, &size))
{
printf("GetTokenInformation TokenPrivileges error : 0 ", GetLastError());
return false;
}
tpriv = (TOKEN_PRIVILEGES *)buff;
printf(" Have 0 Privileges ", tpriv->PrivilegeCount);

LUID_AND_ATTRIBUTES la;
char spriv[UULEN], sdisp[UULEN * 2];
for(int i = 0; i < tpriv->PrivilegeCount; i++)
{
la = tpriv->Privileges[i];
size = UULEN;
LookupPrivilegeName(NULL, &la.Luid, spriv, &size);
size = UULEN * 2;
if(!LookupPrivilegeDisplayName(NULL, spriv, sdisp, &size, &size))
printf("[Privilege 0] error : 0 ", i, GetLastError());
else printf("[Privilege 0] - ", i, spriv, sdisp);
}
return true;
}

int OutPutTokenType(TOKEN_STATISTICS *tstat)
{
if(tstat->TokenType == TokenPrimary)
printf("Token Type : Primary Token ");
else printf("Token Type : Impersonation Token ");

struct IMPERSONATION_LEVEL
{
SECURITY_IMPERSONATION_LEVEL il;
char *dsp;
}imperLevel[4];
imperLevel[0].il = SecurityAnonymous;
imperLevel[0].dsp = "SecurityAnonymous -- The server process cannot obtain identification information
about the client and it cannot impersonate the client. It is defined with no value given,
and thus, by ANSI C rules, defaults to a value of 0.";
imperLevel[1].il = SecurityIdentification;
imperLevel[1].dsp = "SecurityIdentification -- The server process can obtain information about the client,
such as security identifiers and privileges, but it cannot impersonate the client.
This is useful for servers that export their own objects ― for example,
database products that export tables and views. Using the retrieved client-security
information, the server can make access-validation decisions without being able to utilize
other services using the client's security context.";
imperLevel[2].il = SecurityImpersonation;
imperLevel[2].dsp = "SecurityImpersonation -- The server process can impersonate the client's security context
on its local system. The server cannot impersonate the client on remote systems.";
imperLevel[3].il = SecurityDelegation;
imperLevel[3].dsp = "SecurityDelegation -- The server process can impersonate the client's security context
on remote systems.
Windows NT: This impersonation level is not supported.
Windows 2000: This impersonation level is supported.";