uses TlHelp32;type PTOKEN_USER = ^TOKEN_USER; _TOKEN_USER = record User: TSidAndAttributes; end; TOKEN_USER = _TOKEN_USER;function GetUserAndDomainFromPID(ProcessId: DWORD; var User, Domain: string): Boolean; var hToken: THandle; cbBuf: Cardinal; ptiUser: PTOKEN_USER; snu: SID_NAME_USE; ProcessHandle: THandle; UserSize, DomainSize: DWORD; bSuccess: Boolean; begin Result := False; ProcessHandle := OpenProcess(PROCESS_QUERY_INFORMATION, False, ProcessId); if ProcessHandle <> 0 then begin // EnableProcessPrivilege(ProcessHandle, 'SeSecurityPrivilege', True); if OpenProcessToken(ProcessHandle, TOKEN_QUERY, hToken) then begin bSuccess := GetTokenInformation(hToken, TokenUser, nil, 0, cbBuf); ptiUser := nil; while (not bSuccess) and (GetLastError = ERROR_INSUFFICIENT_BUFFER) do begin ReallocMem(ptiUser, cbBuf); bSuccess := GetTokenInformation(hToken, TokenUser, ptiUser, cbBuf, cbBuf); end; CloseHandle(hToken); if not bSuccess then begin Exit; end; UserSize := 0; DomainSize := 0; LookupAccountSid(nil, ptiUser.User.Sid, nil, UserSize, nil, DomainSize, snu); if (UserSize <> 0) and (DomainSize <> 0) then begin SetLength(User, UserSize); SetLength(Domain, DomainSize); if LookupAccountSid(nil, ptiUser.User.Sid, PChar(User), UserSize, PChar(Domain), DomainSize, snu) then begin Result := True; User := StrPas(PChar(User)); Domain := StrPas(PChar(Domain)); end; end; if bSuccess then begin FreeMem(ptiUser); end; end; CloseHandle(ProcessHandle); end; end;procedure TForm1.Button1Click(Sender: TObject); var hProcSnap: THandle; pe32: TProcessEntry32; Domain, User: string; s: string; begin hProcSnap := CreateToolHelp32SnapShot(TH32CS_SNAPALL, 0); if hProcSnap = INVALID_HANDLE_VALUE then Exit; pe32.dwSize := SizeOf(ProcessEntry32); if Process32First(hProcSnap, pe32) = True then while Process32Next(hProcSnap, pe32) = True do begin if GetUserAndDomainFromPID(pe32.th32ProcessID, User, Domain) then begin s := Format('%s User: %s ; Domain: %s',[StrPas(pe32.szExeFile), User, Domain]); Listbox1.Items.Add(s); end else Listbox1.Items.Add(StrPas(pe32.szExeFile)); end; CloseHandle(hProcSnap); end;http://lysoft.7u7.net
type PTokenUser = ^TTokenUser; _TOKEN_USER = record User: TSIDAndAttributes; end; TTokenUser = _TOKEN_USER; procedure getCurrentUserAndDomain(var User, Domain: String); var hProcess, hAccessToken: THandle; InfoBuffer: array[0..1000] of Char; szAccountName, szDomainName: array [0..200] of Char; dwInfoBufferSize, dwAccountSize, dwDomainSize: DWORD; pUser: PTokenUser; snu: SID_NAME_USE; begin dwAccountSize:=200; dwDomainSize:=200; hProcess:=GetCurrentProcess; OpenProcessToken(hProcess,TOKEN_READ,hAccessToken); GetTokenInformation(hAccessToken,TokenUser,@InfoBuffer[0],1000, dwInfoBufferSize); pUser:=PTokenUser(@InfoBuffer[0]); LookupAccountSid(nil, pUser.User.Sid, szAccountName, dwAccountSize, szDomainName, dwDomainSize, snu); User:=szAccountName; Domain:=szDomainName; CloseHandle(hAccessToken); end; ============================================================= 在form1中加入一個button及兩個edit,在button1之click事件中加入以下:procedure TForm1.Button1Click(Sender: TObject); var t1:string; t2:string; begin getCurrentUserAndDomain(t1,t2); edit1.text:=t1; edit2.text:=t2; end;http://delphi.ktop.com.tw/topic.asp?TOPIC_ID=357 這個似乎就可得到!
type PTokenUser = ^TTokenUser; _TOKEN_USER = record User: TSIDAndAttributes; end; TTokenUser = _TOKEN_USER; procedure getCurrentUserAndDomain(var User, Domain: String); var hProcess, hAccessToken: THandle; InfoBuffer: array[0..1000] of Char; szAccountName, szDomainName: array [0..200] of Char; dwInfoBufferSize, dwAccountSize, dwDomainSize: DWORD; pUser: PTokenUser; snu: SID_NAME_USE; begin dwAccountSize:=200; dwDomainSize:=200; hProcess:=GetCurrentProcess; OpenProcessToken(hProcess,TOKEN_READ,hAccessToken); GetTokenInformation(hAccessToken,TokenUser,@InfoBuffer[0],1000, dwInfoBufferSize); pUser:=PTokenUser(@InfoBuffer[0]); LookupAccountSid(nil, pUser.User.Sid, szAccountName, dwAccountSize, szDomainName, dwDomainSize, snu); User:=szAccountName; Domain:=szDomainName; CloseHandle(hAccessToken); end; ============================================================= 在form1中加入一個button及兩個edit,在button1之click事件中加入以下:procedure TForm1.Button1Click(Sender: TObject); var t1:string; t2:string; begin getCurrentUserAndDomain(t1,t2); edit1.text:=t1; edit2.text:=t2; end;http://delphi.ktop.com.tw/topic.asp?TOPIC_ID=357 這個似乎就可得到!
TO ALL 谢谢,找到了点头绪TO ly_liuyang(Liu Yang) : 我也查到了这段代码, http://www.swissdelphicenter.ch/de/showcode.php?id=2113 但能显示当前用户和system用户,不能显示本地服务和网络服务.....在任务管理器中分别为Local Service 和 Network Service PS我已经取得了debug权限....
这两个进程 System Idle Process System 是无法OpenProcess的,其它像Local Service/Network Service和其他用户的进程是OpenProcessToken出错... 是不是权限不够?
TlHelp32;type
PTOKEN_USER = ^TOKEN_USER;
_TOKEN_USER = record
User: TSidAndAttributes;
end;
TOKEN_USER = _TOKEN_USER;function GetUserAndDomainFromPID(ProcessId: DWORD;
var User, Domain: string): Boolean;
var
hToken: THandle;
cbBuf: Cardinal;
ptiUser: PTOKEN_USER;
snu: SID_NAME_USE;
ProcessHandle: THandle;
UserSize, DomainSize: DWORD;
bSuccess: Boolean;
begin
Result := False;
ProcessHandle := OpenProcess(PROCESS_QUERY_INFORMATION, False, ProcessId);
if ProcessHandle <> 0 then
begin
// EnableProcessPrivilege(ProcessHandle, 'SeSecurityPrivilege', True);
if OpenProcessToken(ProcessHandle, TOKEN_QUERY, hToken) then
begin
bSuccess := GetTokenInformation(hToken, TokenUser, nil, 0, cbBuf);
ptiUser := nil;
while (not bSuccess) and (GetLastError = ERROR_INSUFFICIENT_BUFFER) do
begin
ReallocMem(ptiUser, cbBuf);
bSuccess := GetTokenInformation(hToken, TokenUser, ptiUser, cbBuf, cbBuf);
end;
CloseHandle(hToken); if not bSuccess then
begin
Exit;
end; UserSize := 0;
DomainSize := 0;
LookupAccountSid(nil, ptiUser.User.Sid, nil, UserSize, nil, DomainSize, snu);
if (UserSize <> 0) and (DomainSize <> 0) then
begin
SetLength(User, UserSize);
SetLength(Domain, DomainSize);
if LookupAccountSid(nil, ptiUser.User.Sid, PChar(User), UserSize,
PChar(Domain), DomainSize, snu) then
begin
Result := True;
User := StrPas(PChar(User));
Domain := StrPas(PChar(Domain));
end;
end; if bSuccess then
begin
FreeMem(ptiUser);
end;
end;
CloseHandle(ProcessHandle);
end;
end;procedure TForm1.Button1Click(Sender: TObject);
var
hProcSnap: THandle;
pe32: TProcessEntry32;
Domain, User: string;
s: string;
begin hProcSnap := CreateToolHelp32SnapShot(TH32CS_SNAPALL, 0);
if hProcSnap = INVALID_HANDLE_VALUE then Exit; pe32.dwSize := SizeOf(ProcessEntry32); if Process32First(hProcSnap, pe32) = True then
while Process32Next(hProcSnap, pe32) = True do
begin if GetUserAndDomainFromPID(pe32.th32ProcessID, User, Domain) then
begin
s := Format('%s User: %s ; Domain: %s',[StrPas(pe32.szExeFile), User, Domain]);
Listbox1.Items.Add(s);
end else
Listbox1.Items.Add(StrPas(pe32.szExeFile));
end;
CloseHandle(hProcSnap);
end;http://lysoft.7u7.net
PTokenUser = ^TTokenUser;
_TOKEN_USER = record
User: TSIDAndAttributes;
end;
TTokenUser = _TOKEN_USER; procedure getCurrentUserAndDomain(var User, Domain: String);
var hProcess, hAccessToken: THandle;
InfoBuffer: array[0..1000] of Char;
szAccountName, szDomainName: array [0..200] of Char;
dwInfoBufferSize, dwAccountSize, dwDomainSize: DWORD;
pUser: PTokenUser;
snu: SID_NAME_USE;
begin
dwAccountSize:=200;
dwDomainSize:=200;
hProcess:=GetCurrentProcess;
OpenProcessToken(hProcess,TOKEN_READ,hAccessToken);
GetTokenInformation(hAccessToken,TokenUser,@InfoBuffer[0],1000,
dwInfoBufferSize);
pUser:=PTokenUser(@InfoBuffer[0]);
LookupAccountSid(nil, pUser.User.Sid, szAccountName, dwAccountSize, szDomainName, dwDomainSize, snu);
User:=szAccountName;
Domain:=szDomainName;
CloseHandle(hAccessToken);
end;
=============================================================
在form1中加入一個button及兩個edit,在button1之click事件中加入以下:procedure TForm1.Button1Click(Sender: TObject);
var
t1:string;
t2:string;
begin
getCurrentUserAndDomain(t1,t2);
edit1.text:=t1;
edit2.text:=t2;
end;http://delphi.ktop.com.tw/topic.asp?TOPIC_ID=357
這個似乎就可得到!
PTokenUser = ^TTokenUser;
_TOKEN_USER = record
User: TSIDAndAttributes;
end;
TTokenUser = _TOKEN_USER; procedure getCurrentUserAndDomain(var User, Domain: String);
var hProcess, hAccessToken: THandle;
InfoBuffer: array[0..1000] of Char;
szAccountName, szDomainName: array [0..200] of Char;
dwInfoBufferSize, dwAccountSize, dwDomainSize: DWORD;
pUser: PTokenUser;
snu: SID_NAME_USE;
begin
dwAccountSize:=200;
dwDomainSize:=200;
hProcess:=GetCurrentProcess;
OpenProcessToken(hProcess,TOKEN_READ,hAccessToken);
GetTokenInformation(hAccessToken,TokenUser,@InfoBuffer[0],1000,
dwInfoBufferSize);
pUser:=PTokenUser(@InfoBuffer[0]);
LookupAccountSid(nil, pUser.User.Sid, szAccountName, dwAccountSize, szDomainName, dwDomainSize, snu);
User:=szAccountName;
Domain:=szDomainName;
CloseHandle(hAccessToken);
end;
=============================================================
在form1中加入一個button及兩個edit,在button1之click事件中加入以下:procedure TForm1.Button1Click(Sender: TObject);
var
t1:string;
t2:string;
begin
getCurrentUserAndDomain(t1,t2);
edit1.text:=t1;
edit2.text:=t2;
end;http://delphi.ktop.com.tw/topic.asp?TOPIC_ID=357
這個似乎就可得到!
谢谢,找到了点头绪TO ly_liuyang(Liu Yang) :
我也查到了这段代码,
http://www.swissdelphicenter.ch/de/showcode.php?id=2113
但能显示当前用户和system用户,不能显示本地服务和网络服务.....在任务管理器中分别为Local Service 和 Network Service
PS我已经取得了debug权限....
System Idle Process
System
是无法OpenProcess的,其它像Local Service/Network Service和其他用户的进程是OpenProcessToken出错...
是不是权限不够?
我覺得是!
以前MSDN 有一篇 Jeffrey Richter 的文章, 就是提陞自己的管理權, 打開其它進程的
谁有收藏的参考资料吗?
看了,只是让进程有DEBUG权限.
而且有个问题,使用OpenProcessToken取得Debug权限时,如果仅用TOKEN_ADJUST_PRIVILEGES标志是无法成功的,用TOKEN_ALL_ACCESS标志才行,起码在我的机器可以.对于其它进程,取得Debug权限后,可以用OpenProcess打开所有进程(System Idle Process,System除外),但用OpenProcessToken打开非当前用户的进程和SYSTEM用户的进程(如网络服务,其他用户登录后创建的进程)失败.也许是没权限,但用OpenProcess时使用PROCESS_ALL_ACCESS标志却无法成功...应该还是权限问题@@
http://blog.csdn.net/newkey007/archive/2004/08/08/68292.aspx
关注ing
收藏
我没有XP,所以不知道是否有同样问题。
#include <windows.h>
#include <stdio.h>/* */
void GetProcessAuth(long pid)
{
//获得运行进程的用户身份,此处对于8以上的进程没问题,对于8,0进程无法列出(8是Win2000下的,WinXP下为4)
SID_NAME_USE peUse;
HANDLE hp;
HANDLE hToken;
int isok;
char buf[0x400];
char buf1[100];
char buf2[100];
DWORD dwNumBytesRet;
DWORD dwNumBytesRet1;hp=OpenProcess(0x400, 0, pid);//0x400 is PROCESS_QUERY_INFORMATION
isok=OpenProcessToken(hp, 0x20008, &hToken);//这个0x20008不知道什么,TOKEN_QUERY?
if(isok)
{
isok=GetTokenInformation(hToken, TokenUser, &buf, 0x400, &dwNumBytesRet);
if(isok)
{
dwNumBytesRet=100;
dwNumBytesRet1=100;
isok=LookupAccountSid(NULL, (DWORD *) (*(DWORD *)buf), buf1, &dwNumBytesRet, buf2, &dwNumBytesRet1, &peUse);
if(isok)
{
printf("Run Auth:%s\\%s \n", buf2, buf1);
}CloseHandle(hToken);
}
}CloseHandle(hp);
}/* */
int main(int argc, char **argv)
{
long pid;
if(argc != 2)
{
printf(" - %s ProcessId\n", argv[0]);
return 0;
}pid=strtol(argv[1], 0, 0);
GetProcessAuth(pid);
return 0;
}
{
//获得运行进程的用户身份,此处对于8以上的进程没问题,对于8,0进程无法列出(8是Win2000下的,WinXP下为4)
SID_NAME_USE peUse;
HANDLE hp;
HANDLE hToken;
int isok;
char buf[0x400];
char buf1[100];
char buf2[100];
DWORD dwNumBytesRet;
DWORD dwNumBytesRet1;hp=OpenProcess(0x400, 0, pid);//0x400 is PROCESS_QUERY_INFORMATION
isok=OpenProcessToken(hp, 0x20008, &hToken);//这个0x20008不知道什么,TOKEN_QUERY?
if(isok)
{
isok=GetTokenInformation(hToken, TokenUser, &buf, 0x400, &dwNumBytesRet);
if(isok)
{
dwNumBytesRet=100;
dwNumBytesRet1=100;
isok=LookupAccountSid(NULL, (DWORD *) (*(DWORD *)buf), buf1, &dwNumBytesRet, buf2, &dwNumBytesRet1, &peUse);
if(isok)
{
strPath.Format("Run Auth:%s\\%s", buf2, buf1);
strPathValid = strPath;
} CloseHandle(hToken);
}
}CloseHandle(hp);
}
还是不行,对于NETWORK SERVICE,OpenProcessToken会失败,可能要取得某些权限.TO blastzgd(边城浪子)
不能以服务运行
{
BOOL bResult = TRUE;
HANDLE hToken;
TOKEN_PRIVILEGES TokenPrivileges; if(OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,&hToken) == 0)
{
printf("OpenProcessToken Error: %d\n",GetLastError());
bResult = FALSE;
}
TokenPrivileges.PrivilegeCount = 1;
TokenPrivileges.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&TokenPrivileges.Privileges[0].Luid);
AdjustTokenPrivileges(hToken,FALSE,&TokenPrivileges,sizeof(TOKEN_PRIVILEGES),NULL,NULL);
if(GetLastError() != ERROR_SUCCESS)
{
bResult = FALSE;
}
CloseHandle(hToken);
return bResult;
}在你调用GetProcessAuth(CString strPath,long pid)之前加上DebugPrivilege(TRUE);
用完之后DebugPrivilege(FALSE);
要是实在不行,给我发短信,我给你写个例程吧