Makale numaras�: 185215 - Son G�zden Ge�irme: 13 Temmuz 2004 Sal� - G�zden ge�irme: 2.1

Herhangi bir i�lem tan�t�c�s� Al i�in SeDebugPrivilege nas�l kullan�l�r

�ngilizce ve T�rk�e'yi yan yana g�r�nt�leme

Buraya t�klayarak �ngilizce ve T�rk�e'yi yan yana g�r�nt�leyebilirsiniz.

Otomatik terc�me makalelerin ne oldu�unu a��klayan yaz�y� okumak i�in buraya t�klay�n

Kullan�m D�� Bilgi Bankas� ��eri�i Yasal Uyar�

Bu makalenin ge�erli oldu�u �r�nleri g�r�n.

Sistem �pucuBu makale, kulland��n�zdan farkl� bir i�letim sistemine y�neliktir. Sizinle ilgili olmayabilecek makale i�eri�i devre d�� b�rak�ld�.

�al��an i�lemi �zerinde SeDebugPrivilege ayr�cal�� ayarlayarak, �al��an her uygulaman�n i�lem tan�t�c� elde edebilirsiniz. Tan�t�c� bir i�lem edinirken, arama, normalde de�il yapabilirsiniz, i�lem tan�t�c�s� �zerinde �e�itli Win32 Ap�'lar�n sa�layacak PROCESS_ALL_ACCESS bayra�� sonra belirtebilirsiniz. Ba�ar�l� olarak adland�r�labilir Win32 Ap�'lerinin baz�lar� �unlard�r:

TerminateProcess
CreateRemoteThread

Bu makalede, nas�l ayarlayabilir SeDebugPrivilege uygulama i�lemi belirtecinizi ve, ba�ka bir uygulama sona erdirmek i�in kullanmak hakk�nda ayr�nt�l� �rnek i�erir. Bu geli�mi� bir konu ve g��l� bir bilgi i�lem g�venlik �nemle �nerilir.

Bu makalenin kapsam� i�inde hangi i�lemi Access i�lem simgeleri ve Token ayr�cal�klar�n� kapsad�� tart��ma. Bu makalede, okuyucu zaten bu geli�mi� konular anlad�� varsayar.

�ste

Daha fazla bilgi

Bu �rnek, �� ayr� bir Visual Basic uygulamalar�n� olu�turma i�erir. Her uygulama bir kerede olu�turulan ve birlikte SeDebugPrivilege i�lem ayr�cal�� g�c�n� g�stermek i�in kullan�l�r.

�ste

<a1>Uygulama</a1> (Term01.exe) # 1

Yeni bir proje standart exe DOSYAS�, Visual Basic 5.0 ile olu�turun.
Proje i�in Term01 de�i�tirin.
Form1 frmTerm01 i�in yeniden adland�r�n.
Bir komut d��mesi i�in frmTerm01 ekleyin.
Resim yaz�s� i�in "Sonland�rma Notepad" Command1 ayarlay�n

FrmTerm01 i�in a�a��daki kodu ekleyin:

      Option Explicit

      Private Sub Command1_Click()

         ' This is a simple application that attempts
         ' to shut down any process that is passed in through
         ' the command line.

         Call TerminateProcess(CLng(Command$), 0)

      End Sub

Proje i�in bir standart mod�l ekleme ve MdlApi01 i�in dosyay� yeniden adland�r�n.

MdlApi01 i�in a�a��daki kodu ekleyin:

      Option Explicit

      Declare Function TerminateProcess Lib "kernel32" _
         (ByVal hProcess As Long, _
         ByVal uExitCode As Long) As Long

Projeyi kaydedin ve exe dosyas�n� (Term01.exe).

�ste

<a1>Uygulama</a1> (Term02.exe) # 2

Yeni bir standart exe DOSYAS�, Visual Basic 5.0 ile olu�turun.
Proje i�in Term02 de�i�tirin.
Form1 frmTerm02 i�in yeniden adland�r�n.
Bir komut d��mesi i�in frmTerm02 ekleyin.
Resim yaz�s� i�in "Sonland�rma Notepad" Command1 ayarlay�n
Bir liste kutusu i�in frmTerm02 ekleyin.
ListBox1 geni�li�ini 3735 i�in ayarlay�n.

FrmTerm02 i�in a�a��daki kodu ekleyin:

      Private Sub Command1_Click()

         ' The PID of the application you want to kill will be received
         ' through the command line. Convert it to a long so it can be
         ' used with the various API calls.

         SeDebugSample CLng(Command$)

      End Sub

Proje i�in bir standart mod�l ekleme ve mdlAPI02 i�in dosyay� yeniden adland�r�n.

Mod�l mdlApi02 i�in a�a��daki kodu ekleyin:

      Option Explicit

      ' Constants used for various API calls. Refer to MSDN for detailed
      ' information about what these constants mean.

      Public Const TOKEN_ADJUST_PRIVILEGES = &H20
      Public Const TOKEN_QUERY = &H8
      Public Const ANYSIZE_ARRAY = 1
      Public Const PROCESS_ALL_ACCESS = &H1F0FFF
      Public Const SE_DEBUG_NAME = "SeDebugPrivilege"
      Public Const SE_PRIVILEGE_ENABLED = &H2

      ' Structures used with various API calls.
      ' Refer to MSDN for detailed information
      ' about what these structures are, and how they are used.

      Type LARGE_INTEGER
         lowpart As Long
         highpart As Long
      End Type

      Type Luid
         lowpart As Long
         highpart As Long
      End Type

      Type LUID_AND_ATTRIBUTES
         pLuid As Luid
         Attributes As Long
      End Type

      Type TOKEN_PRIVILEGES
         PrivilegeCount As Long
         Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES
      End Type

      ' Refer to the MSDN for detailed information on
      ' all of these API calls.

      Declare Function CloseHandle Lib "kernel32" _
         (ByVal hObject As Long)As Long
      Declare Function GetCurrentProcess Lib "kernel32" () As Long
      Declare Function OpenProcessToken Lib "advapi32.dll" _
         (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, _
      TokenHandle As Long) As Long
      Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias _
         "LookupPrivilegeValueA" (ByVal lpSystemName As String, _
         ByVal lpName As String, lpLuid As Luid) As Long
      Declare Function AdjustTokenPrivileges Lib "advapi32.dll" _
         (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, _
         NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, _
         PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long
      Declare Function OpenProcess Lib "kernel32" _
         (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, _
         ByVal dwProcessId As Long) As Long
      Declare Function TerminateProcess Lib "kernel32" _
         (ByVal hProcess As Long, ByVal uExitCode As Long) As Long

      ' SeDebugSample shows how to grab the Process Handle of any running
      ' Application, and then use the SeDebug privilege to shut it down.

      Public Sub SeDebugSample(ApplicationPID As Long)
         Dim hProcessID As Long         ' Handle to your sample
                                        ' process you are going to
                                        ' terminate.
         Dim hProcess As Long           ' Handle to your current process
                                        ' (Term02.exe).
         Dim hToken As Long             ' Handle to your process token.
         Dim lPrivilege As Long         ' Privilege to enable/disable
         Dim iPrivilegeflag As Boolean  ' Flag whether to enable/disable
                                        ' the privilege of concern.
         Dim lResult As Long            ' Result call of various APIs.

         ' clear the list box first
         frmTerm02.List1.Clear
         frmTerm02.List1.AddItem "Start SeDebug Sample"

         ' set the incoming PID to our internal variable
         hProcessID = ApplicationPID

         ' get our current process handle
         hProcess = GetCurrentProcess

         ' show our handle just for fun
         frmTerm02.List1.AddItem "Current (Pseudo) Process Handle : " & _
                                 Hex(hProcess)

         ' open the tokens for this process (Term02.exe)
         lResult = OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES Or _
                                   TOKEN_QUERY, hToken)

         ' if OpenProcessToken fails, the return result is zero, test for
         ' success here

         If (lResult = 0) Then
         frmTerm02.List1.AddItem "Error: _
                                 Unable To Open Process Token : " _
                                 & Err.LastDllError
            CloseHandle (hToken)
            Exit Sub
         Else
            ' show success
            frmTerm02.List1.AddItem "Opened Process Token : " & hToken
         End If

         ' Now that you have the token for this process, you want to set
         ' the SE_DEBUG_NAME privilege.

         lResult = SetPrivilege(hToken, SE_DEBUG_NAME, True)

         ' Make sure you could set the privilege on this token.

         If (lResult = False) Then
            frmTerm02.List1.AddItem _
               "Error : Could Not Set SeDebug Privilege on Token Handle"
            CloseHandle (hToken)
            Exit Sub
         Else
            frmTerm02.List1.AddItem "Set SeDebug Privilege On Token Handle"
         End If

         ' Now that you have changed the privileges on the token,
         ' have some fun. You can now get a process handle to the
         ' process ID that you passed into this program, and
         ' demand whatever access you want on it!

         hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, hProcessID)

         ' Make sure you opened the process so you can do stuff with it
         If (hProcess = Null) Then
            frmTerm02.List1.AddItem _
               "Error : Unable To Open Process : " & Err.LastDllError
            CloseHandle (hToken)
            Exit Sub
         Else
            frmTerm02.List1.AddItem "Opened Process : " & hProcess
         End If

         ' Now turn the SE_DEBUG_PRIV back off,
         lResult = SetPrivilege(hToken, SE_DEBUG_NAME, False)

         ' Make sure you succeeded in reversing the privilege!
         If (lResult = False) Then
            frmTerm02.List1.AddItem _
              "Error : Unable To Disable SeDebug Privilege On Token Handle"
            CloseHandle (hProcess)
            CloseHandle (hToken)
            Exit Sub
         Else
            frmTerm02.List1.AddItem _
               "Disabled SeDebug Privilege On Token Handle"
         End If

         ' Now you want to kill the application, which you can do since
         ' your process handle to the application includes full access to
         ' romp and roam - you got the process handle when you had the
         ' SE_DEBUG_NAME privilege enabled!
         lResult = TerminateProcess(hProcess, 0)

         ' Let's see the result, and go from there.
         If (lResult = 0) Then
            frmTerm02.List1.AddItem _
            "Error : Unable To Terminate Application : " & Err.LastDllError
            CloseHandle (hProcess)
            CloseHandle (hToken)
            Exit Sub
         Else
            frmTerm02.List1.AddItem "Terminated Application"
         End If

         ' Close our handles and get out of here.
         CloseHandle (hProcess)
         CloseHandle (hToken)

         ' Finally, let the user know that you have completed the
         ' SeDebug Sample.
         frmTerm02.List1.AddItem "SeDebug Sample Completed"

      End Sub

      ' The SetPrivilege function will accept a handle to a token, a
      ' privilege, and a flag to either enable/disable that privilege. The
      ' function will attempt to perform the desired action upon the token
      ' returning TRUE if it succeeded, or FALSE if it failed.

      Private Function SetPrivilege(hToken As Long, Privilege As String, _
                                    bSetFlag As Boolean) As Boolean

         Dim TP As TOKEN_PRIVILEGES          ' Used in getting the current
                                             ' token privileges
         Dim TPPrevious As TOKEN_PRIVILEGES  ' Used in setting the new
                                             ' token privileges
         Dim Luid As Luid                    ' Stores the Local Unique
                                             ' Identifier - refer to MSDN
         Dim cbPrevious As Long              ' Previous size of the
                                             ' TOKEN_PRIVILEGES structure
         Dim lResult As Long                 ' Result of various API calls

         ' Grab the size of the TOKEN_PRIVILEGES structure,
         ' used in making the API calls.
         cbPrevious = Len(TP)

         ' Grab the LUID for the request privilege.
         lResult = LookupPrivilegeValue("", Privilege, Luid)

         ' If LoopupPrivilegeValue fails, the return result will be zero.
         ' Test to make sure that the call succeeded.
         If (lResult = 0) Then
            SetPrivilege = False
         End If

         ' Set up basic information for a call.
         ' You want to retrieve the current privileges
         ' of the token under concern before you can modify them.
         TP.PrivilegeCount = 1
         TP.Privileges(0).pLuid = Luid
         TP.Privileges(0).Attributes = 0
         SetPrivilege = lResult

         ' You need to acquire the current privileges first
         lResult = AdjustTokenPrivileges(hToken, -1, TP, Len(TP), _
                                        TPPrevious, cbPrevious)

         ' If AdjustTokenPrivileges fails, the return result is zero,
         ' test for success.
         If (lResult = 0) Then
            SetPrivilege = False
         End If

         ' Now you can set the token privilege information
         ' to what the user is requesting.
         TPPrevious.PrivilegeCount = 1
         TPPrevious.Privileges(0).pLuid = Luid

         ' either enable or disable the privilege,
         ' depending on what the user wants.
         Select Case bSetFlag
            Case True: TPPrevious.Privileges(0).Attributes = _
                       TPPrevious.Privileges(0).Attributes Or _
                       (SE_PRIVILEGE_ENABLED)
            Case False: TPPrevious.Privileges(0).Attributes = _
                        TPPrevious.Privileges(0).Attributes Xor _
                        (SE_PRIVILEGE_ENABLED And _
                        TPPrevious.Privileges(0).Attributes)
         End Select

         ' Call adjust the token privilege information.
         lResult = AdjustTokenPrivileges(hToken, -1, TPPrevious, _
                                        cbPrevious, TP, cbPrevious)

         ' Determine your final result of this function.
         If (lResult = 0) Then
            ' You were not able to set the privilege on this token.
            SetPrivilege = False
         Else
            ' You managed to modify the token privilege
            SetPrivilege = True
         End If

      End Function

Projeyi Term01 proje olarak ayn� dizine kaydedin ve .exe dosyas�n� (Term02.exe).

�ste

<a1>Uygulama</a1> (MainTest.exe) # 3

Yeni bir Standart EXE projesi, Visual Basic 5.0 ile olu�turun.
Proje i�in MainTest yeniden adland�r�n.
Form1 i�in frmTest yeniden adland�r�n.
�� komut d��meleri forma ekleyin.
Resim yaz�s� Command1 "Start Notepad" i�in ayarlamak
Resim yaz�s� Command2 "Ba�lat Term01" i�in ayarlamak
Resim yaz�s� Command3 "Ba�lat Term02" i�in ayarlamak

FrmTest i�in a�a��daki kodu ekleyin:

      Option Explicit

      ' You want to keep the process ID of the NotePad instance
      ' that you create
      Private iAppPID As Long

      Private Sub Command1_Click()

         ' Create an instance of the NotePad.exe application.
         iAppPID = Shell("Notepad.exe", vbNormalFocus)

      End Sub

      Private Sub Command2_Click()

         ' You will try to terminate the NotePad application by another
         ' application, which is running in its own process space.
         ' This will FAIL.

         Call Shell(App.Path & "\Term01.Exe " & iAppPID, vbNormalFocus)

      End Sub

      Private Sub Command3_Click()

         ' You will try to terminate the NotePad application by another
         ' application, which is running in its own process space.
         ' However, this application is going to use the SeDebugPrivilege,
         ' and will be able to terminate the application without a fuss.

         Call Shell(App.Path & "\Term02.Exe " & iAppPID, vbNormalFocus)

      End Sub

Projeyi Term01 proje olarak ayn� dizine kaydedin ve .exe dosyas�n� (MainTest.exe).

�ste

�rnek �al��an

Yerle�ik ve �� uygulama derlenmi� s�r�yor g�steri g�rebilirsiniz. Ikinci uygulamada (Term02.exe) kodunu Not Defteri'nde (Notepad.exe) uygulama yolu i�inde bulunan varsayar.

MainTest.exe program�n� �al��t�r�n. Bu bizim "denetim paneli" g�steri i�in olacakt�r.
Not Defteri'nde, Ba�lat d��mesini t�klat�n. Bu, Not Defteri'ni ba�latacak.
Term01 Ba�lat d��mesini t�klat�n. Bu, Term01 ba�latacak uygulama.
Sonland�r Not Defteri'ni d��mesini Term01 uygulama Ek Yard�m d��mesini t�klat�n. Not Defteri'ni kapatmaya ama�lanm��t�r, ancak ba�ar�l� olmaz.
Term01 uygulamay� kapat�n.
MainTest uygulamas�nda Term02 Ba�lat d��mesini t�klat�n. Bu i�lem, Term02 uygulamay� ba�latacak.
Term02 uygulamas�nda Not Defteri'ni Sonland�r d��mesini t�klat�n. Bu i�lem sonland�r�ld� Not Defteri'nde neden olur SeDebugPrivilege g�steri ba�layacakt�r. Liste kutusu, i�lemde giderek i�in g�rsel geri besleme sa�lar.

�ste

Bu makaledeki bilginin uyguland�� durum:

Microsoft Visual Basic Control Creation Edition
Microsoft Visual Basic 5.0 Professional Edition
Microsoft Visual Basic 5.0 Enterprise Edition

�ste

kbmt kbcode kbhowto KB185215 KbMttr

�ste

Otomatik Terc�me

�NEML�: Bu makale, bir ki�i taraf�ndan �evrilmek yerine, Microsoft makine-�evirisi yaz�l�m� ile �evrilmi�tir. Microsoft size hem ki�iler taraf�ndan �evrilmi�, hem de makine-�evrisi ile �evrilmi� makaleler sunar. B�ylelikle, bilgi bankam�zdaki t�m makalelere, kendi dilinizde ula�m�� olursunuz. Bununla birlikte, makine taraf�ndan �evrilmi� makaleler m�kemmel de�ildir. Bir yabanc�n�n sizin dilinizde konu�urken yapabilece�i hatalar gibi, makale; kelime da�arc��, s�z dizim kurallar� veya dil bilgisi a��s�ndan yanl��lar i�erebilir. Microsoft, i�eri�in yanl�� evrimi veya onun m��teri taraf�ndan kullan�m�ndan do�an; kusur, hata veya zarardan sorumlu de�ildir. Microsoft ayr�ca makine �evirisi yaz�l�m�n� s�k�a g�ncellemektedir.

Makalenin �ngilizcesi a�a��daki gibidir:185215� (http://support.microsoft.com/kb/185215/en-us/ )

�ste

Kullan�m D�� Bilgi Bankas� ��eri�i Yasal Uyar�

Bu makale, Microsoft'un art�k destek sa�lamad�� r�nler ile ilgili olarak yaz�lm��t�r. Bu nedenle, bu makale "oldu�u gibi" sa�lanm��t�r ve bundan sonra g�ncelle�tirilmeyecektir.

�ste

This site in other countries/regions:

Herhangi bir i�lem tan�t�c�s� Al i�in SeDebugPrivilege nas�l kullan�l�r

Bu Sayfada

�zet

Daha fazla bilgi

<a1>Uygulama</a1> (Term01.exe) # 1

<a1>Uygulama</a1> (Term02.exe) # 2

<a1>Uygulama</a1> (MainTest.exe) # 3

�rnek �al��an

Bu makaledeki bilginin uyguland�� durum:

Anahtar Kelimeler:�

Di�er Destek Siteleri

Topluluk

Hemen Yard�m Al

Makale �evirileri

This site in other countries/regions:

Herhangi bir i�lem tan�t�c�s� Al i�in SeDebugPrivilege nas�l kullan�l�r

Bu Sayfada

�zet

Daha fazla bilgi

<a1>Uygulama</a1> (Term01.exe) # 1

<a1>Uygulama</a1> (Term02.exe) # 2

<a1>Uygulama</a1> (MainTest.exe) # 3

�rnek �al��an

Bu makaledeki bilginin uyguland��� durum:

Anahtar Kelimeler:�

Di�er Destek Siteleri

Topluluk

Hemen Yard�m Al

Makale �evirileri

Bu makaledeki bilginin uyguland�� durum: