Windows API 之 OpenProcessToken、GetTokenInformation
The following example uses the OpenProcessToken and GetTokenInformation functions to get the group memberships in an access token.
The GetTokenInformation function retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information.
参考:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379554%28v=vs.85%29.aspx
The OpenProcessToken function opens the access token associated with a process.
参考:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379295%28v=vs.85%29.aspx
参数如下:
BOOL WINAPI GetTokenInformation(
_In_ HANDLE TokenHandle,
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_Out_opt_ LPVOID TokenInformation,
_In_ DWORD TokenInformationLength,
_Out_ PDWORD ReturnLength
);
The AllocateAndInitializeSid function allocates and initializes a security identifier (SID) with up to eight subauthorities.
参考:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa375213%28v=vs.85%29.aspx
参数如下:
pIdentifierAuthority [in] A pointer to a SID_IDENTIFIER_AUTHORITY structure. This structure provides the top-level identifier authority value to set in the SID. nSubAuthorityCount [in] Specifies the number of subauthorities to place in the SID. This parameter also identifies how many of the subauthority parameters have meaningful values. This parameter must contain a value from 1 to 8. For example, a value of 3 indicates that the subauthority values specified by the dwSubAuthority0, dwSubAuthority1, and dwSubAuthority2 parameters have meaningful values and to ignore the remainder. dwSubAuthority0 [in] Subauthority value to place in the SID. pSid [out] A pointer to a variable that receives the pointer to the allocated and initialized SID structure.
access token含义:
参考:
An access token contains the security information for a logon session. The system creates an access token when a user logs on, and every process executed on behalf of the user has a copy of the token. The token identifies the user, the user's groups, and the user's privileges. The system uses the token to control access to securable objects and to control the ability of the user to perform various system-related operations on the local computer. There are two kinds of access token, primary and impersonation.
SID含义:
The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security.
参考:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571%28v=vs.85%29.aspx
#include <windows.h> #include <stdio.h> #pragma comment(lib, "advapi32.lib") #define MAX_NAME 256 using namespace std; int main() { DWORD i, dwSize = 0, dwResult = 0; HANDLE hToken; PTOKEN_GROUPS pGroupInfo; PSID pSID = NULL; SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY; char lpName[MAX_NAME]; char lpDomain[MAX_NAME]; SID_NAME_USE SidType; // Open a handle to the access token for the calling process. //TOKEN_QUERY:Required to query an access token. //GetCurrentProcess()返回进程句柄 //[out]hToken是access token的句柄 if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) { printf("OpenProcessToken Error %u\n", GetLastError()); return FALSE; } //前后两次调用GetTokenInformation的目的不同 // Call GetTokenInformation to get the buffer size. //The TOKEN_GROUPS structure contains information about the group security identifiers (SIDs) in an access token. if (!GetTokenInformation(hToken, TokenGroups, NULL, dwSize, &dwSize)) { dwResult = GetLastError(); if (dwResult != ERROR_INSUFFICIENT_BUFFER) { printf("GetTokenInformation Error %u\n", dwResult); return FALSE; } } // Allocate the buffer. pGroupInfo = (PTOKEN_GROUPS)GlobalAlloc(GPTR, dwSize); // Call GetTokenInformation again to get the group information. if (!GetTokenInformation(hToken, TokenGroups, pGroupInfo, dwSize, &dwSize)) { printf("GetTokenInformation Error %u\n", GetLastError()); return FALSE; } // Create a SID for the BUILTIN\Administrators group. if (!AllocateAndInitializeSid(&SIDAuth, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &pSID)) { printf("AllocateAndInitializeSid Error %u\n", GetLastError()); return FALSE; } // Loop through the group SIDs looking for the administrator SID. // for (i = 0; i < pGroupInfo->GroupCount; i++) { if (EqualSid(pSID, pGroupInfo->Groups[i].Sid)) { // Lookup the account name and print it. dwSize = MAX_NAME; if (!LookupAccountSid(NULL, pGroupInfo->Groups[i].Sid, lpName, &dwSize, lpDomain, &dwSize, &SidType)) { dwResult = GetLastError(); if (dwResult == ERROR_NONE_MAPPED) strcpy_s(lpName, dwSize, "NONE_MAPPED"); else { printf("LookupAccountSid Error %u\n", GetLastError()); return FALSE; } } printf("Current user is a member of the %s\\%s group\n", lpDomain, lpName); // Find out whether the SID is enabled in the token. if (pGroupInfo->Groups[i].Attributes & SE_GROUP_ENABLED) printf("The group SID is enabled.\n"); else if (pGroupInfo->Groups[i].Attributes & SE_GROUP_USE_FOR_DENY_ONLY) printf("The group SID is a deny-only SID.\n"); else printf("The group SID is not enabled.\n"); } } if (pSID) FreeSid(pSID); if (pGroupInfo) GlobalFree(pGroupInfo); system("pause"); return 0; }
整体流程:
OpenProcessToken:获取token句柄
GetTokenInformation:获取group information
for循环:在group中查找