通过枚举进程获取用户的TOKEN
2012-12-25 13:00
603 查看
PROFILEINFO lpProfileinfo;
HANDLE hSnapshot = INVALID_HANDLE_VALUE;
PROCESSENTRY32 pe;
HANDLE hProc = NULL;
DWORD dwProcessID = 0;
TOKEN_USER *pTokenUser = NULL;
DWORD dwNeedLen = 0;
SID_NAME_USE sn;
TCHAR szDomainName[MAX_PATH];
DWORD dwDmLen = MAX_PATH;
TCHAR szUserName[256] = { 0 };
DWORD nNameLen = 256;
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot == INVALID_HANDLE_VALUE)
{
return FALSE;
}
pe.dwSize = sizeof(pe);
if (Process32First(hSnapshot, &pe))
{
do{
if(lstrcmpi(L"explorer.exe", pe.szExeFile) == 0)
{
dwProcessID = pe.th32ProcessID;
break;
}
} while(Process32Next(hSnapshot, &pe));
}
CloseHandle(hSnapshot);
hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessID);
if (hProc == NULL)
{
OutputDebugStringA("OpenProcess Failed!\n");
return -1;
}
if(!OpenProcessToken(hProc, TOKEN_ALL_ACCESS, &phToken))
{
OutputDebugStringA("OpenProcessToken Failed!\n");
CloseHandle(hProc);
return -1;
}
if(GetTokenInformation(phToken,TokenUser, NULL, 0, &dwNeedLen))
{
if (dwNeedLen > 0)
{
pTokenUser = (TOKEN_USER*)malloc(sizeof(BYTE)*dwNeedLen);
if(!GetTokenInformation(phToken,
TokenUser,
pTokenUser,
dwNeedLen,
&dwNeedLen))
{
OutputDebugStringA("GetTokenInformation Failed!\n");
}
}
if(!LookupAccountSid(NULL,
pTokenUser->User.Sid,
szUserName,
&nNameLen,
szDomainName,
&dwDmLen,
&sn))
{
OutputDebugStringA("LookupAccountSid Failed!\n");
}
}
else
{
OutputDebugStringA("GetTokenInformation Failed!\n");
}
HANDLE hSnapshot = INVALID_HANDLE_VALUE;
PROCESSENTRY32 pe;
HANDLE hProc = NULL;
DWORD dwProcessID = 0;
TOKEN_USER *pTokenUser = NULL;
DWORD dwNeedLen = 0;
SID_NAME_USE sn;
TCHAR szDomainName[MAX_PATH];
DWORD dwDmLen = MAX_PATH;
TCHAR szUserName[256] = { 0 };
DWORD nNameLen = 256;
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot == INVALID_HANDLE_VALUE)
{
return FALSE;
}
pe.dwSize = sizeof(pe);
if (Process32First(hSnapshot, &pe))
{
do{
if(lstrcmpi(L"explorer.exe", pe.szExeFile) == 0)
{
dwProcessID = pe.th32ProcessID;
break;
}
} while(Process32Next(hSnapshot, &pe));
}
CloseHandle(hSnapshot);
hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessID);
if (hProc == NULL)
{
OutputDebugStringA("OpenProcess Failed!\n");
return -1;
}
if(!OpenProcessToken(hProc, TOKEN_ALL_ACCESS, &phToken))
{
OutputDebugStringA("OpenProcessToken Failed!\n");
CloseHandle(hProc);
return -1;
}
if(GetTokenInformation(phToken,TokenUser, NULL, 0, &dwNeedLen))
{
if (dwNeedLen > 0)
{
pTokenUser = (TOKEN_USER*)malloc(sizeof(BYTE)*dwNeedLen);
if(!GetTokenInformation(phToken,
TokenUser,
pTokenUser,
dwNeedLen,
&dwNeedLen))
{
OutputDebugStringA("GetTokenInformation Failed!\n");
}
}
if(!LookupAccountSid(NULL,
pTokenUser->User.Sid,
szUserName,
&nNameLen,
szDomainName,
&dwDmLen,
&sn))
{
OutputDebugStringA("LookupAccountSid Failed!\n");
}
}
else
{
OutputDebugStringA("GetTokenInformation Failed!\n");
}
相关文章推荐
- 通过令牌(Token)获取登录用户信息
- 通过TEB/PEB枚举当前进程空间中用户模块列表
- 淘淘商城系列——单点登录之通过token获取用户信息
- 学习淘淘商城第八十九课(单点登录之通过token获取用户信息)
- 通过TEB/PEB枚举当前进程空间中用户模块列表
- 通过TEB/PEB枚举当前进程空间中用户模块列表
- 通过TEB/PEB枚举当前进程空间中用户模块列表
- 通过TEB/PEB枚举当前进程空间中用户模块列表
- 通过进程名获取进程ID
- 通过httprequest获取用户ip
- 微信——获取用户基本信息及openid 、access_token、code
- 通过新浪IP库实现获取用户所在省份跳转相应页面
- Android通过共享用户ID实现多个Activity进程共享(SharedUserID)
- Gson通过借助TypeToken获取泛型参数的类型的方法
- 网络安全-通过ARP中间人欺诈获取用户注册密码
- 通过Python 获取Linux系统用户的登录信息
- 获取进程token(令牌)和sd(安全描述符)
- 通过php获取用户微信openid
- 通过WINNT.H定义的结构体,获取进程IAT表
- 通过给事件处理程序传递this参数,获取事件源对象的引用。单机提交按钮时在信息框中显示用户输入的字符。