问题描述
在Windows中,程序可以通过调用 LogonUser , OpenProcessToken ,SSPI函数以及其他几个函数.获得令牌后,您可以将很多令牌传递给这些函数,以便以该用户身份执行操作.这些动作通常会对父"流程产生副作用吗?
In Windows, a program can get a user access token by calling LogonUser, OpenProcessToken, SSPI functions, and a couple others. Once you have the token, there are quite a few functions that you can pass this token into in order to do things as this user. Do these sort of actions typically have side effects for the "parent" process?
例如,您可以通过 LoadUserProfile .其中,LoadUserProfile会将用户的注册表配置单元加载到HKEY_USERS中,并将HKEY_CURRENT_USER映射到它.从父进程的角度来看,这会改变HKEY_CURRENT_USER吗?还是在通过 CreateProcessAsUser ,通过 ImpersonateLoggedOnUser 等?
For example, you can load the user's profile (registry settings, etc) via LoadUserProfile. Amongst other things, LoadUserProfile will load the user's registry hive into HKEY_USERS and map HKEY_CURRENT_USER to it. From the parent process' perspective, does this alter HKEY_CURRENT_USER? Or is it only "visible" after starting a new process as that user via CreateProcessAsUser, impersonating in the current process via ImpersonateLoggedOnUser, etc?
推荐答案
根据其文档,LoadUserProfile()返回已加载的HKEY_CURRENT_USER键的句柄.然后,您可以将该句柄传递给Registry函数,它们将访问该用户的数据. LoadUserProfile()不会影响与正在运行呼叫进程的用户相关的HKEY_CURRENT_USER键.
Per its documentation, LoadUserProfile() returns a handle to the HKEY_CURRENT_USER key that was loaded. You can then pass that handle to Registry functions, and they will access that user's data. LoadUserProfile() does not affect the HKEY_CURRENT_USER key associated with the user that is running the calling process.
冒名顶替会影响呼叫过程的HKEY_CURRENT_USER键,但通常不会:
Impersonation CAN affect the calling process's HKEY_CURRENT_USER key, but typically WILL NOT:
因此,如果您是在第一次使用HKEY_CURRENT_USER时冒充用户,则它将在此过程中映射到该用户的密钥. Raymond Chen甚至在他的博客上说了很多话:
So, if you are impersonating a user when you use HKEY_CURRENT_USER for the first time, then it will map to that user's key for the duration of the process. Raymond Chen even said as much on his blog:
但是,在大多数情况下,您可能会在模拟任何人之前访问注册表,或者在模拟时不会访问注册表,因此HKEY_CURRENT_USER通常将映射到应用程序运行所依据的用户.如果某个线程在冒充用户,并且需要访问该用户的HKEY_CURRENT_USER键,请使用OpenThreadToken()(如果您还没有令牌)和LoadUserProfile()获取该用户的HKEY_CURRENT_USER句柄.
However, for the majority of cases, you will likely access the Registry before you impersonate anyone, or you will not access the Registry while impersonating, so HKEY_CURRENT_USER will typically map to the user that the app is running as. If a thread is impersonating a user and needs to access that user's HKEY_CURRENT_USER key, use OpenThreadToken() (if you don't already have the token) and LoadUserProfile() to get that user's HKEY_CURRENT_USER handle.
这篇关于Windows用户模拟对用户有何影响?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!