The following example uses the OpenProcessToken and GetTokenInformation functions to get the group memberships in an access token.

The GetTokenInformation function retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information.

参考:

https://msdn.microsoft.com/en-us/library/windows/desktop/aa379554%28v=vs.85%29.aspx

The OpenProcessToken function opens the access token associated with a process.

参考:

https://msdn.microsoft.com/en-us/library/windows/desktop/aa379295%28v=vs.85%29.aspx

参数如下:

BOOL WINAPI GetTokenInformation(

  _In_      HANDLE                  TokenHandle,

  _In_      TOKEN_INFORMATION_CLASS TokenInformationClass,

  _Out_opt_ LPVOID                  TokenInformation,

  _In_      DWORD                   TokenInformationLength,

  _Out_     PDWORD                  ReturnLength

);

The AllocateAndInitializeSid function allocates and initializes a security identifier (SID) with up to eight subauthorities.

参考:

https://msdn.microsoft.com/en-us/library/windows/desktop/aa375213%28v=vs.85%29.aspx

参数如下:

pIdentifierAuthority [in]

    A pointer to a SID_IDENTIFIER_AUTHORITY structure. This structure provides the top-level identifier authority value to set in the SID.

nSubAuthorityCount [in]

    Specifies the number of subauthorities to place in the SID. This parameter also identifies how many of the subauthority parameters have meaningful values. This parameter must contain a value from  to .

    For example, a value of  indicates that the subauthority values specified by the dwSubAuthority0, dwSubAuthority1, and dwSubAuthority2 parameters have meaningful values and to ignore the remainder.

dwSubAuthority0 [in]

    Subauthority value to place in the SID.

pSid [out]

    A pointer to a variable that receives the pointer to the allocated and initialized SID structure.

access token含义:

参考:

https://msdn.microsoft.com/en-us/library/windows/desktop/ms721532%28v=vs.85%29.aspx#_security_access_token_gly

An access token contains the security information for a logon session. The system creates an access token when a user logs on, and every process executed on behalf of the user has a copy of the token. The token identifies the user, the user's groups, and the user's privileges. The system uses the token to control access to securable objects and to control the ability of the user to perform various system-related operations on the local computer. There are two kinds of access token, primary and impersonation.

SID含义:

The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security.

参考:

https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571%28v=vs.85%29.aspx

#include <windows.h>

#include <stdio.h>

#pragma comment(lib, "advapi32.lib")

#define MAX_NAME 256

using namespace std;

int main()

{

    DWORD i, dwSize = , dwResult = ;

    HANDLE hToken;

    PTOKEN_GROUPS pGroupInfo;

    PSID pSID = NULL;

    SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY;

    char lpName[MAX_NAME];

    char lpDomain[MAX_NAME];

    SID_NAME_USE SidType;

    // Open a handle to the access token for the calling process.

    //TOKEN_QUERY:Required to query an access token.

    //GetCurrentProcess()返回进程句柄

    //[out]hToken是access token的句柄

    if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))

    {

        printf("OpenProcessToken Error %u\n", GetLastError());

        return FALSE;

    }

    //前后两次调用GetTokenInformation的目的不同

    // Call GetTokenInformation to get the buffer size.

    //The TOKEN_GROUPS structure contains information about the group security identifiers (SIDs) in an access token.

    if (!GetTokenInformation(hToken, TokenGroups, NULL, dwSize, &dwSize))

    {

        dwResult = GetLastError();

        if (dwResult != ERROR_INSUFFICIENT_BUFFER) {

            printf("GetTokenInformation Error %u\n", dwResult);

            return FALSE;

        }

    }

    // Allocate the buffer.

    pGroupInfo = (PTOKEN_GROUPS)GlobalAlloc(GPTR, dwSize);

    // Call GetTokenInformation again to get the group information.

    if (!GetTokenInformation(hToken, TokenGroups, pGroupInfo,

        dwSize, &dwSize))

    {

        printf("GetTokenInformation Error %u\n", GetLastError());

        return FALSE;

    }

    // Create a SID for the BUILTIN\Administrators group.

    if (!AllocateAndInitializeSid(&SIDAuth, ,

        SECURITY_BUILTIN_DOMAIN_RID,

        DOMAIN_ALIAS_RID_ADMINS,

        , , , , , ,

        &pSID))

    {

        printf("AllocateAndInitializeSid Error %u\n", GetLastError());

        return FALSE;

    }

    // Loop through the group SIDs looking for the administrator SID.

    //

    for (i = ; i < pGroupInfo->GroupCount; i++)

    {

        if (EqualSid(pSID, pGroupInfo->Groups[i].Sid))

        {

            // Lookup the account name and print it.

            dwSize = MAX_NAME;

            if (!LookupAccountSid(NULL, pGroupInfo->Groups[i].Sid,

                lpName, &dwSize, lpDomain,

                &dwSize, &SidType))

            {

                dwResult = GetLastError();

                if (dwResult == ERROR_NONE_MAPPED)

                    strcpy_s(lpName, dwSize, "NONE_MAPPED");

                else

                {

                    printf("LookupAccountSid Error %u\n", GetLastError());

                    return FALSE;

                }

            }

            printf("Current user is a member of the %s\\%s group\n",

                lpDomain, lpName);

            // Find out whether the SID is enabled in the token.

            if (pGroupInfo->Groups[i].Attributes & SE_GROUP_ENABLED)

                printf("The group SID is enabled.\n");

            else if (pGroupInfo->Groups[i].Attributes &

                SE_GROUP_USE_FOR_DENY_ONLY)

                printf("The group SID is a deny-only SID.\n");

            else

                printf("The group SID is not enabled.\n");

        }

    }

    if (pSID)

        FreeSid(pSID);

    if (pGroupInfo)

        GlobalFree(pGroupInfo);

    system("pause");

    return ;

}

整体流程:

OpenProcessToken:获取token句柄

GetTokenInformation:获取group information

for循环:在group中查找

Windows API 之 OpenProcessToken、GetTokenInformation的更多相关文章

  1. Windows API 进程相关笔记

    0. 前言 最近做了一个进程信息相关的项目,整理了一下自己做项目时的笔记,分享给大家 1. 相关概念 1.1 HANDLE 概念 HANDLE(句柄)是Windows操作系统中的一个概念. 在Wind ...

  2. Windows API 学习

    Windows API学习 以下都是我个人一些理解,笔者不太了解windows开发,如有错误请告知,非常感谢,一切以microsoft官方文档为准. https://docs.microsoft.co ...

  3. C# Windows API

    API:应用程序接口(API:Application Program Interface)应用程序接口(API:application programming interface)是一组定义.程序及协 ...

  4. Windows API 函数列表 附帮助手册

    所有Windows API函数列表,为了方便查询,也为了大家查找,所以整理一下贡献出来了. 帮助手册:700多个Windows API的函数手册 免费下载 API之网络函数 API之消息函数 API之 ...

  5. Windows API Hooking in Python

    catalogue . 相关基础知识 . Deviare API Hook Overview . 使用ctypes调用Windows API . pydbg . winappdbg . dll inj ...

  6. 初识【Windows API】--文本去重

    最近学习操作系统中,老师布置了一个作业,运用系统调用函数删除文件夹下两个重复文本类文件,Linux玩不动,于是就只能在Windows下进行了. 看了一下介绍Windows API的博客: 点击打开 基 ...

  7. C#调用windows API的一些方法

    使用C#调用windows API(从其它地方总结来的,以备查询) C#调用windows API也可以叫做C#如何直接调用非托管代码,通常有2种方法: 1.  直接调用从 DLL 导出的函数. 2. ...

  8. Qt中使用Windows API

    在Windows平台上进行开发,不可避免与Windows API打交道,Qt中使用的时候要添加对应API的头文件和链接lib文件,另外使用的Windows API的代码部分要使用#ifdef  Q_O ...

  9. 在VBA中使用Windows API

    VBA是一种强大的编程语言,可用于自定义Microsoft Office解决方案.通过使用VBA处理一个或多个Office应用程序对象模型,可以容易地修改Office应用程序的功能或者能够使两个或多个 ...

随机推荐

  1. RPM安装gcc gcc-c++扩展

    rpm -ivh cpp--.el5.i386.rpm 回车 rpm -ivh kernel-headers--.el5.i386.rpm 回车 rpm -ivh glibc-headers-.i38 ...

  2. 关于oracle数据库(4)数据类型

    数据类型 字符数据类型char:固定长度字符串,最大可以存放2000字节 字符串varchar2:可变长度字符串,最大可以存放2GB数值类型数据 数字number:可以存放整数.浮点数.实数 numb ...

  3. stm32时钟配置总结

    stm32时钟配置时钟源: 1,HSE(高速外部时钟)即常见的外接8M晶振方案: 2,HSI(高速内部时钟) 即8M内部振荡时钟方案: 3,LSE(低速外部时钟)即常见的32.768Khz晶振方案: ...

  4. ajaxpro——js调用后台的方法

    前提:添加并引用类库ajaxpro.dll 1.把引用的类库改为自己(如果是自己的话,就不用修改): <%@ Page Language="C#" AutoEventWire ...

  5. 常用JS调试工具使用方法,帮你快速定位问题(Firebug+ IE“开发人员工具”)

    来源: 这里花了点时间小结了下目前项目中比较合适易于上手的JS调试工具.方法.优点与不足以及一些调试相关功能要点或策略,分享给同学们,只当抛砖引玉了,欢迎大家讨论补充. 一.Firebug:如果项目可 ...

  6. 基于Flash与window平台本地程序通信实现媒体流发布

    0 Web场景下的媒体流发布可以采用Flash原生API实现,但是Flash H264视频压缩参数不可控.音频无法AAC编码,所以一般采用浏览器插件方式,但是浏览器插件有版本兼容问题.不稳定,所以可以 ...

  7. 查询mysql中经纬度判断坐标范围

    先上代码,稍后附上说明: 1. 从mysql中取出记录,打印有效经纬度: import json import MySQLdb # lines = c.fetchall() #所有的记录,一个tupl ...

  8. win 8.1_64 安装usb 转串口驱动

    前几天交换机出问题了,想着通过配置口进去看看,用笔记本连接一看. 我去,系统居然自动安装的驱动居然无法使用. 没办法新买的笔记本没几天,也没去装usb转com口的驱动.反正系统可以自己去装嘛.(其实是 ...

  9. Javascript:scrollWidth,clientWidth,offsetWidth的区别(转)

    网页可见区域宽:document.body.clientWidth; 网页可见区域高:document.body.clientHeight; 网页可见区域高:document.body.offsetW ...

  10. hdu_4521_小明系列问题——小明序列(LIS)

    题目连接:http://acm.hdu.edu.cn/showproblem.php?pid=4521 题意:中文题,不解释 题解:这题就是LIS的加强版,可以用二分的nlogn来做,也可以用线段树的 ...