2,643
社区成员
发帖
与我相关
我的任务
分享MFC获取任务管理器SYSTEM用户名
如题。
我用API函数,获取到的进程用户名,都只是当前用户。SYSTEM用户,想到是权限的问题,于是我用 LookupPrivilegeValue AdjustTokenPrivileges这2个API函数,提升权限,可还是,得不到SYSTEM用户权限呢。
麻烦各位帮忙给些思路。
用途:判断是不是SYSTEM用户,如是:启动系统服务,否:用SHELL启动正常程序.
所以,必须要知道该进程是不是SYSTEM用户
我用API函数,获取到的进程用户名,都只是当前用户。SYSTEM用户,想到是权限的问题,于是我用 LookupPrivilegeValue AdjustTokenPrivileges这2个API函数,提升权限,可还是,得不到SYSTEM用户权限呢。
麻烦各位帮忙给些思路。
用途:判断是不是SYSTEM用户,如是:启动系统服务,否:用SHELL启动正常程序.
所以,必须要知道该进程是不是SYSTEM用户
...全文
请发表友善的回复…
发表回复
spring203 2009-07-07
- 打赏
- 举报
确实,比如VISTA就会有此需求, 楼主看看下面2个函数,查查msdn:
LPFNOPENPROCESSTOKEN lpfnOpenProcessToken;
LPFNGETTOKENINFORMATION lpfnGetTokenInformation;
LPFNOPENPROCESSTOKEN lpfnOpenProcessToken;
LPFNGETTOKENINFORMATION lpfnGetTokenInformation;
gyk120 2009-07-07
- 打赏
- 举报
OpenProcessToken
Yofoo 2009-07-07
- 打赏
- 举报
WinStationGetProcessSid , CachedGetUserFromSid
部分代码
部分代码
BOOL CProcessInfo::LoadWinstaDll()
{
_WinStationGetProcessSid = (Fun_WinStationGetProcessSid)
NSys::GetDllProcAdders("Winsta.dll", "WinStationGetProcessSid");
_CachedGetUserFromSid = (Fun_CachedGetUserFromSid)
NSys::GetDllProcAdders("utildll.dll", "CachedGetUserFromSid");
if(_WinStationGetProcessSid == NULL || _CachedGetUserFromSid == NULL)
return FALSE;
return TRUE;
}
BOOL CProcessInfo::SetInfoWitch(DWORD dwSwitch)
{
m_dwSwitch = dwSwitch;
return TRUE;
}
BOOL CProcessInfo::GetProcessUserByTime(DWORD dwProcId, FILETIME ftStartTime, CHAR *pUserName, int nSize)
{
BYTE bRetVal;
BYTE * pSid;
DWORD dwSize;
if(_WinStationGetProcessSid == NULL || _CachedGetUserFromSid == NULL)
return FALSE;
bRetVal = _WinStationGetProcessSid(NULL, dwProcId, ftStartTime, NULL, &dwSize);
if(bRetVal != 0)
{
return FALSE;
}
pSid = (BYTE *)malloc(dwSize);
bRetVal = _WinStationGetProcessSid(NULL, dwProcId, ftStartTime, pSid, &dwSize);
if(bRetVal == 0)
{
free(pSid);
return FALSE;
}
WCHAR szUserName[1024];
dwSize = 1024;
szUserName[0] = 0;
_CachedGetUserFromSid(pSid, szUserName, &dwSize);
if(dwSize == 0)
{
free(pSid);
return FALSE;
}
NStr::WChar2Char(szUserName, pUserName, nSize);
free(pSid);
return TRUE;
}
BOOL CProcessInfo::GetProcessUser(OneProcItem *pItem, HANDLE hProc)
{
BOOL bResult;
HANDLE hToken;
TOKEN_USER * pTokenUser;
BOOL bRetVal;
DWORD dwNeedLen;
CHAR szUserName[MAXPATH];
SID_NAME_USE sn;
CHAR szDomainName[MAX_PATH];
DWORD dwDmLen = MAX_PATH;
DWORD dwNameLen;
if((PROC_INF_SWITCH_ProcessUser & m_dwSwitch) == 0)
return FALSE;
bResult = FALSE;
pTokenUser = NULL;
hToken = NULL;
if(pItem->m_pNtSysProcInfo->ProcessId == 0)
{
pItem->m_sUserName = "SYSTEM";
return TRUE;
}
bRetVal = OpenProcessToken(hProc, TOKEN_QUERY, &hToken);
if(bRetVal == FALSE)
{
goto GetByTokenDone;
}
GetTokenInformation(hToken, TokenUser, NULL, 0, &dwNeedLen);
if(dwNeedLen <= 0)
{
goto GetByTokenDone;
}
pTokenUser = (TOKEN_USER*)malloc(dwNeedLen);
bRetVal = GetTokenInformation(hToken, TokenUser, pTokenUser, dwNeedLen, &dwNeedLen);
if (bRetVal == FALSE)
{
goto GetByTokenDone;
}
dwDmLen = sizeof(szDomainName);
dwNameLen = sizeof(szUserName);
bRetVal = LookupAccountSidA(NULL, pTokenUser->User.Sid, szUserName, &dwNameLen,
szDomainName, &dwDmLen, &sn);
if (bRetVal == FALSE)
{
goto GetByTokenDone;
}
pItem->m_sUserName = szUserName;
GetByTokenDone:
if(hToken)
CloseHandle(hToken);
if(pTokenUser)
free(pTokenUser);
if(bResult == FALSE)
{
bResult = GetProcessUserByTime(pItem->m_pNtSysProcInfo->ProcessId,
*(FILETIME *)&pItem->m_pNtSysProcInfo->CreateTime,
szUserName, sizeof(szUserName));
}
if(bResult)
{
pItem->m_sUserName = szUserName;
}
return bResult;
}
oyljerry 2009-07-07
- 打赏
- 举报
kernel32.dll, ProcessIdToSessionId,获取进程的session ID,然后来判断
mmxqq 2009-07-07
- 打赏
- 举报
mark
neohope 2009-07-07
- 打赏
- 举报
你用process explorer看一下就明白了
