[求助]关于COM对象来读写注册表的问题-编程技术-看雪-安全社区|安全招聘|kanxue.com

最新回复 (2)
lxsgbin 雪币： 1651 活跃值： (1425) 能力值： ( LV6，RANK：80 ) 在线值：发帖 39 回帖 147 粉丝 45 关注私信	lxsgbin 1 2 楼 GUID Guid; CLSID rclsid; IID riid; CoInitialize(0); HRESULT hr1=CLSIDFromProgID(L"WScript.Shell.1",&rclsid); HINSTANCE hdllInst =LoadLibrary("wshom.ocx"); typedef HRESULT (__stdcall * pfnGCO) (REFCLSID, REFIID, void*); pfnGCO fnGCO = NULL; fnGCO = (pfnGCO)GetProcAddress(hdllInst, "DllGetClassObject"); IClassFactory pcf = NULL; HRESULT hr=(fnGCO)(rclsid, IID_IClassFactory, (void)&pcf); //创建工厂 LPVOID pvObject; IIDFromString(L"{F935DC21-1CF0-11D0-ADB9-00C04FD58A0B}",&riid); // LPCTSR2GUID("F935DC21-1CF0-11D0-ADB9-00C04FD58A0B",riid); pcf->CreateInstance(0,riid,&pvObject); CoCreateInstanceAsAdmin(NULL,rclsid,riid,&pvObject); const wchar_t MONIKER_NAME[] = L"Elevation:Administrator!new:%s"; HRESULT CoCreateInstanceAsAdmin(HWND hwnd, REFCLSID rclsid, REFIID riid, void ppv) { BIND_OPTS3 bo; wchar_t wszCLSID[50]; wchar_t wszMonikerName[300]; StringFromGUID2(rclsid, wszCLSID, sizeof(wszCLSID)); HRESULT hr = wsprintfW(wszMonikerName, MONIKER_NAME, wszCLSID); if (FAILED(hr)) return hr; memset(&bo, 0, sizeof(bo)); bo.cbStruct = sizeof(bo); bo.hwnd = hwnd; bo.dwClassContext = CLSCTX_LOCAL_SERVER; if (IsRunningInWin64()) bo.dwClassContext \|= CLSCTX_ACTIVATE_32_BIT_SERVER; return CoGetObject(wszMonikerName, &bo, riid, ppv); ｝还是不能提权，CoGetObject 返回80080017 2014-11-17 18:11 0
誓言剑雪币： 218 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 15 回帖 249 粉丝 0 关注私信	誓言剑 3 楼 0x80080017 CO_E_ELEVATION_DISABLED The class is not configured to support elevated activation. 2014-11-19 01:42 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (2)
lxsgbin 雪币： 1651 活跃值： (1425) 能力值： ( LV6，RANK：80 ) 在线值：发帖 39 回帖 147 粉丝 45 关注私信	lxsgbin 1 2 楼 GUID Guid; CLSID rclsid; IID riid; CoInitialize(0); HRESULT hr1=CLSIDFromProgID(L"WScript.Shell.1",&rclsid); HINSTANCE hdllInst =LoadLibrary("wshom.ocx"); typedef HRESULT (__stdcall * pfnGCO) (REFCLSID, REFIID, void*); pfnGCO fnGCO = NULL; fnGCO = (pfnGCO)GetProcAddress(hdllInst, "DllGetClassObject"); IClassFactory pcf = NULL; HRESULT hr=(fnGCO)(rclsid, IID_IClassFactory, (void)&pcf); //创建工厂 LPVOID pvObject; IIDFromString(L"{F935DC21-1CF0-11D0-ADB9-00C04FD58A0B}",&riid); // LPCTSR2GUID("F935DC21-1CF0-11D0-ADB9-00C04FD58A0B",riid); pcf->CreateInstance(0,riid,&pvObject); CoCreateInstanceAsAdmin(NULL,rclsid,riid,&pvObject); const wchar_t MONIKER_NAME[] = L"Elevation:Administrator!new:%s"; HRESULT CoCreateInstanceAsAdmin(HWND hwnd, REFCLSID rclsid, REFIID riid, void ppv) { BIND_OPTS3 bo; wchar_t wszCLSID[50]; wchar_t wszMonikerName[300]; StringFromGUID2(rclsid, wszCLSID, sizeof(wszCLSID)); HRESULT hr = wsprintfW(wszMonikerName, MONIKER_NAME, wszCLSID); if (FAILED(hr)) return hr; memset(&bo, 0, sizeof(bo)); bo.cbStruct = sizeof(bo); bo.hwnd = hwnd; bo.dwClassContext = CLSCTX_LOCAL_SERVER; if (IsRunningInWin64()) bo.dwClassContext \|= CLSCTX_ACTIVATE_32_BIT_SERVER; return CoGetObject(wszMonikerName, &bo, riid, ppv); ｝还是不能提权，CoGetObject 返回80080017 2014-11-17 18:11 0
誓言剑雪币： 218 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 15 回帖 249 粉丝 0 关注私信	誓言剑 3 楼 0x80080017 CO_E_ELEVATION_DISABLED The class is not configured to support elevated activation. 2014-11-19 01:42 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复