问题描述
无论我是否被提升,我都需要获取登录到工作站的用户的TokenStatistics类的GetTokenInformation返回的AuthenticationID.
I need to get the AuthenticationID as returned by GetTokenInformation with the TokenStatistics class for the user that logged in on the station whether I'm elevated or not.
Lemme给您更多信息.假设我做过:
Lemme give you some more info. Suppose I do :
var Result = GetTokenInformation(WindowsIdentity.GetCurrent().Token, TOKEN_INFORMATION_CLASS.TokenStatistics, TokenInformation, TokenInfLength, out TokenInfLength);
这将允许我从TokenInformation结构中获取AuthenticationID,而不会出现问题.假设所得的authenticationID为"00000000-00001234"
This will allow me to get the AuthenticationID from the TokenInformation structure without problem. Let's say the resulting authenticationID is "00000000-00001234"
现在,如果我右键单击Visual Studio并单击以管理员身份运行",再次启动我的代码,结果将是其他内容,例如"00000000-00001289".但我需要"00000000-00001234"
Now if I right click Visual Studio and click "Run as administrator", launch my code a second time, the result will be something else, for example "00000000-00001289". But I need "00000000-00001234"
无论当前进程是否提升,如何获取"00000000-00001234"?
How can I get "00000000-00001234" whether the current process is elevated or not ?
我想这只是找到要提供给GetTokenInformation的正确令牌的问题,但是我在这里绕圈跑...
I suppose it's just a matter of finding the right Token to give to GetTokenInformation, but I'm running in circles here ...
注意:我的代码基于如何获取在C#中登录SID 以实现GetTokenInformation,然后对其进行修改以能够获取TokenStatistics.
Note : I based my code on How to get the logon SID in C# to implement GetTokenInformation and then adapted it to be able to get TokenStatistics.
推荐答案
好的,我终于可以使用它了.这些是步骤(不发布完整的代码,这很长):
OK, I finally got it to work. These are the steps (not posting the full code, it's quite long) :
- 在win32_process类+托管Process类上使用WMI(ManagementObject)递归创建当前进程的祖先
- 在我的特定情况下,当我找到"explorer"进程或遇到异常时,我停止了算法,因为很有可能没有提升资源管理器.
- P/在步骤2返回的ProcessId上从advapi32.dll调用OpenProcessToken函数.这将为您提供一个userToken,该用户令牌可用于构建可在步骤4中使用的新WindowsIdentity.
- 然后您可以将该WindowsIdentity Token属性提供给GetTokenInformation来获取您的AuthenticationID.
这已经过测试并且可以正常工作.
This is tested and working.
参考:
- GetTokenInformation:如何在C#中获取登录SID (将函数更改为调用TokenStatistics)
- 获取流程的父项: http://bytes. com/topic/c-sharp/answers/255642-enumerataing-processes-c
- 获取进程的WindowsIdentity: http ://dotbay.blogspot.fr/2009/06/finding-owner-of-process-in-c.html
- GetTokenInformation : How to get the logon SID in C# (change the function to call TokenStatistics)
- Get parent of process : http://bytes.com/topic/c-sharp/answers/255642-enumerataing-processes-c
- Get WindowsIdentity of a process : http://dotbay.blogspot.fr/2009/06/finding-owner-of-process-in-c.html
如果您发现此过程有任何问题,请立即发表评论或发表自己的答案!
If you see any problem with this procedure don't hesitate to comment or post your own answer !
注意:如果父进程之一已被杀死,则存在问题:WMI将为您提供不再存在的进程的ID.我正在使用的产品的性质使我不时地重启资源管理器(仅在开发期间),这就是我看到问题的方式.对我来说这不是真正的问题,但很高兴知道.
Note : there is a problem if one of the parent process has been killed : WMI will give you the id of a process that does not exist anymore. The nature of the product I'm working has me rebooting explorer from time to time (only during dev), this is how I saw the problem. It's not really an issue for me, but good to know.
谢谢
这篇关于提升进程后,如何获取非提升会话的Windows身份验证ID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!