Windows API 之 OpenProcessToken、GetTokenInformation

The following example uses the OpenProcessToken and GetTokenInformation functions to get the group memberships in an access token.

The GetTokenInformation function retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information.

参考:

https://msdn.microsoft.com/en-us/library/windows/desktop/aa379554%28v=vs.85%29.aspx

The OpenProcessToken function opens the access token associated with a process.

参考:

https://msdn.microsoft.com/en-us/library/windows/desktop/aa379295%28v=vs.85%29.aspx

参数如下:

BOOL WINAPI GetTokenInformation(
  _In_      HANDLE                  TokenHandle,
  _In_      TOKEN_INFORMATION_CLASS TokenInformationClass,
  _Out_opt_ LPVOID                  TokenInformation,
  _In_      DWORD                   TokenInformationLength,
  _Out_     PDWORD                  ReturnLength
);

The AllocateAndInitializeSid function allocates and initializes a security identifier (SID) with up to eight subauthorities.

参考:

https://msdn.microsoft.com/en-us/library/windows/desktop/aa375213%28v=vs.85%29.aspx

参数如下:

pIdentifierAuthority [in]

    A pointer to a SID_IDENTIFIER_AUTHORITY structure. This structure provides the top-level identifier authority value to set in the SID.
nSubAuthorityCount [in]

    Specifies the number of subauthorities to place in the SID. This parameter also identifies how many of the subauthority parameters have meaningful values. This parameter must contain a value from 1 to 8.

    For example, a value of 3 indicates that the subauthority values specified by the dwSubAuthority0, dwSubAuthority1, and dwSubAuthority2 parameters have meaningful values and to ignore the remainder.
dwSubAuthority0 [in]

    Subauthority value to place in the SID.
pSid [out]

    A pointer to a variable that receives the pointer to the allocated and initialized SID structure.

 

access token含义:

参考:

https://msdn.microsoft.com/en-us/library/windows/desktop/ms721532%28v=vs.85%29.aspx#_security_access_token_gly

An access token contains the security information for a logon session. The system creates an access token when a user logs on, and every process executed on behalf of the user has a copy of the token. The token identifies the user, the user's groups, and the user's privileges. The system uses the token to control access to securable objects and to control the ability of the user to perform various system-related operations on the local computer. There are two kinds of access token, primary and impersonation.

SID含义:

The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security.

参考:

https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571%28v=vs.85%29.aspx

 

#include <windows.h>
#include <stdio.h>
#pragma comment(lib, "advapi32.lib")

#define MAX_NAME 256

using namespace std;

int main()
{
    DWORD i, dwSize = 0, dwResult = 0;
    HANDLE hToken;
    PTOKEN_GROUPS pGroupInfo;
    PSID pSID = NULL;
    SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY;
    char lpName[MAX_NAME];
    char lpDomain[MAX_NAME];
    SID_NAME_USE SidType;

    // Open a handle to the access token for the calling process.
    //TOKEN_QUERY:Required to query an access token.
    //GetCurrentProcess()返回进程句柄
    //[out]hToken是access token的句柄
    if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
    {
        printf("OpenProcessToken Error %u\n", GetLastError());
        return FALSE;
    }

    //前后两次调用GetTokenInformation的目的不同
    // Call GetTokenInformation to get the buffer size.
    //The TOKEN_GROUPS structure contains information about the group security identifiers (SIDs) in an access token.
    if (!GetTokenInformation(hToken, TokenGroups, NULL, dwSize, &dwSize))
    {
        dwResult = GetLastError();
        if (dwResult != ERROR_INSUFFICIENT_BUFFER) {
            printf("GetTokenInformation Error %u\n", dwResult);
            return FALSE;
        }
    }

    // Allocate the buffer.
    pGroupInfo = (PTOKEN_GROUPS)GlobalAlloc(GPTR, dwSize);

    // Call GetTokenInformation again to get the group information.

    if (!GetTokenInformation(hToken, TokenGroups, pGroupInfo,
        dwSize, &dwSize))
    {
        printf("GetTokenInformation Error %u\n", GetLastError());
        return FALSE;
    }

    // Create a SID for the BUILTIN\Administrators group.
    
    if (!AllocateAndInitializeSid(&SIDAuth, 2,
        SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS,
        0, 0, 0, 0, 0, 0,
        &pSID))
    {
        printf("AllocateAndInitializeSid Error %u\n", GetLastError());
        return FALSE;
    }
    // Loop through the group SIDs looking for the administrator SID.
    //
    for (i = 0; i < pGroupInfo->GroupCount; i++)
    {
        if (EqualSid(pSID, pGroupInfo->Groups[i].Sid))
        {

            // Lookup the account name and print it.

            dwSize = MAX_NAME;
            if (!LookupAccountSid(NULL, pGroupInfo->Groups[i].Sid,
                lpName, &dwSize, lpDomain,
                &dwSize, &SidType))
            {
                dwResult = GetLastError();
                if (dwResult == ERROR_NONE_MAPPED)
                    strcpy_s(lpName, dwSize, "NONE_MAPPED");
                else
                {
                    printf("LookupAccountSid Error %u\n", GetLastError());
                    return FALSE;
                }
            }
            
            printf("Current user is a member of the %s\\%s group\n",
                lpDomain, lpName);

            // Find out whether the SID is enabled in the token.
            if (pGroupInfo->Groups[i].Attributes & SE_GROUP_ENABLED)
                printf("The group SID is enabled.\n");
            else if (pGroupInfo->Groups[i].Attributes &
                SE_GROUP_USE_FOR_DENY_ONLY)
                printf("The group SID is a deny-only SID.\n");
            else
                printf("The group SID is not enabled.\n");
        }
    }
    if (pSID)
        FreeSid(pSID);
    if (pGroupInfo)
        GlobalFree(pGroupInfo);

    system("pause");
    return 0;
}

整体流程:

OpenProcessToken:获取token句柄

GetTokenInformation:获取group information

for循环:在group中查找

posted @ 2015-09-06 18:06  _No.47  阅读(2608)  评论(0编辑  收藏  举报