15,471
社区成员
发帖
与我相关
我的任务
分享
DWORD get_user_process_id()
{
PROCESSENTRY32 proc_entry;
DWORD explorer_pid = 0;
DWORD agent_session_id;
if (!ProcessIdToSessionId(GetCurrentProcessId(), &agent_session_id)) {
printf("ProcessIdToSessionId for current process failed %lu", GetLastError());
return 0;
}
HANDLE snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (snap == INVALID_HANDLE_VALUE) {
printf("CreateToolhelp32Snapshot() failed %lu", GetLastError());
return 0;
}
ZeroMemory(&proc_entry, sizeof(proc_entry));
proc_entry.dwSize = sizeof(PROCESSENTRY32);
if (!Process32First(snap, &proc_entry)) {
printf("Process32First() failed %lu", GetLastError());
CloseHandle(snap);
return 0;
}
do {
if (_tcsicmp(proc_entry.szExeFile, TEXT("explorer.exe")) == 0) {
DWORD explorer_session_id;
if (!ProcessIdToSessionId(proc_entry.th32ProcessID, &explorer_session_id)) {
printf("ProcessIdToSessionId for explorer failed %lu", GetLastError());
break;
}
if (explorer_session_id == agent_session_id) {
explorer_pid = proc_entry.th32ProcessID;
break;
}
}
} while (Process32Next(snap, &proc_entry));
CloseHandle(snap);
if (explorer_pid == 0) {
printf("explorer.exe not found");
return 0;
}
return explorer_pid;
}
调用
DWORD user_pid;
HANDLE hprocess, htoken;
HKEY hkey_cur_user = NULL;
LONG status;
user_pid = get_user_process_id();
if (!user_pid) {
vd_printf("get_user_process_id failed");
return false;
}
hprocess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, user_pid);
if (!OpenProcessToken(hprocess, TOKEN_ALL_ACCESS, &htoken)) {
CloseHandle(hprocess);
return false;
}
ImpersonateLoggedOnUser(htoken);
status = RegOpenCurrentUser(KEY_READ, &hkey_cur_user);
if (status != ERROR_SUCCESS) {
CloseHandle(hprocess);
}