BOOL bThreadToken = FALSE; HANDLE hThreadToken1, hThreadToken2;//Save the current thread token if( OpenThreadToken(GetCurrentThread(), TOKEN_IMPERSONATE, FALSE, &hThreadToken1) ) { RevertToSelf(); bThreadToken = TRUE; }//Impersonate a user account //Insure the Sid associated with the process holds SE_TCB_NAME Privilege LogonUser(...); ImpersonateLoggedOnUser(...); //do user specific work here//Restore the original thread token if( bThreadToken ) { hThreadToken2 = GetCurrentThread(); SetThreadToken( &hThreadToken2, hThreadToken1 ); CloseHandle( hThreadToken1 ); }
to : masterz() Logonuser 需要用户名和密码,也就是指定用户。 而我的要求是根据当前登录用户的改变而改变自己的身份。
Accepted Answer from DukeyToo 10/09/2002 09:00PM PST You could enumerate the processes that are running, and if a process does not belong to SYSTEM or other system-like accounts, then it represents a logged in user. Each user should have at least one process (explorer).See http://www.thescarms.com/vbasic/RunningProcs.asp and http://support.microsoft.com/default.aspx?scid=KB;EN-US;q175030& for some approaches to enumerating processes. Comment from TimW1 10/10/2002 07:09PM PST Well, I finally got it. I didn't enumerate the processes but you pointed me in the right direction. So I've given you the points.I connected to the only allowable interactive window station Winsta0. From there I got the desktop handle, then the processes handle then the access token from the process, then impersonated using the access token, then finallly querying the GetUserName api. And yay it worked. What a mission!
置于username到下面的健名如何对应的,我还没找到如何实现
HANDLE hThreadToken1, hThreadToken2;//Save the current thread token
if( OpenThreadToken(GetCurrentThread(), TOKEN_IMPERSONATE, FALSE, &hThreadToken1) )
{
RevertToSelf();
bThreadToken = TRUE;
}//Impersonate a user account
//Insure the Sid associated with the process holds SE_TCB_NAME Privilege
LogonUser(...);
ImpersonateLoggedOnUser(...);
//do user specific work here//Restore the original thread token
if( bThreadToken )
{
hThreadToken2 = GetCurrentThread();
SetThreadToken( &hThreadToken2, hThreadToken1 );
CloseHandle( hThreadToken1 );
}
Logonuser 需要用户名和密码,也就是指定用户。
而我的要求是根据当前登录用户的改变而改变自己的身份。
You could enumerate the processes that are running, and if a process does not belong to SYSTEM or other system-like accounts, then it represents a logged in user. Each user should have at least one process (explorer).See http://www.thescarms.com/vbasic/RunningProcs.asp and http://support.microsoft.com/default.aspx?scid=KB;EN-US;q175030& for some approaches to enumerating processes.
Comment from TimW1 10/10/2002 07:09PM PST
Well, I finally got it. I didn't enumerate the processes but you pointed me in the right direction. So I've given you the points.I connected to the only allowable interactive window station Winsta0. From there I got the desktop handle, then the processes handle then the access token from the process, then impersonated using the access token, then finallly querying the GetUserName api. And yay it worked. What a mission!
你的解释似乎不能解决我的问题
to masterz()
你的解释似乎不能解决我的问题
=========为什么不能???
但如何改变身份呢?
2、调用ImpersonateLoggedOnUser(...)模仿当前登陆用户。
3、调用注册表函数打开HKEY_CURRENT_USER下面的Software\\Microsoft,失败,提示“找不到指定的文件”。不过Kevin_qing的方法可行!!!我已经成功了!HKEY_USERS下面有一系列的键值,诸如S-1-5-21-????等。这些键值是用户的SID(Security Identifier)。
无论以哪个用户登陆,HKEY_CURRENT_USER下面的值和都和HKEY_USERS下面的某一个键值一一对应,更改HKEY_USERS下面
的键值相当于更改HKEY_CURRENT_USER下面的值。比如以Administrator登陆时,Administrator的SID为S-1-5-21-854245398-1343024091-842925246-500,
则HKEY_CURRENT_USER将和HKEY_USERS\\S-1-5-21-854245398-1343024091-842925246-500的值一一对应。幸运的是,在服务中可以直接更改
KHEY_USERS\\S-1-5-21-854245398-1343024091-842925246-500下面的值。
1. 首先得到Explorer.Exe进程的Token。
2. 调用ImpersonateLoggedOnUser(...)模仿当前登陆用户。
3. GetUserName 取得用户名
4. LoadUserProfile 取得HKEY_CURRENT_USER 的句柄。
然后就可以操作了。
BCB_FANS你可能漏掉了第四部吧。你提供的方法我再试一下.