如評論所示,NetUserGetLocalGroups
很可能是「本地用戶和組」管理單元中使用的功能。
您還可以過濾通過任何標準列表中選擇:
static bool ShouldHideGroup(PSID Sid, DWORD Attributes, bool HideDeny = false)
{
if (SE_GROUP_INTEGRITY & Attributes) return true;
if (SE_GROUP_LOGON_ID & Attributes) return true;
if (HideDeny && (SE_GROUP_USE_FOR_DENY_ONLY & Attributes)) return true;
for (UINT i = 0; i <= 0xff; ++i) // Hack to check if it is well known
{
if (IsWellKnownSid(Sid, (WELL_KNOWN_SID_TYPE)i))
{
static const SID_IDENTIFIER_AUTHORITY ntauth = SECURITY_NT_AUTHORITY;
PSID_IDENTIFIER_AUTHORITY pSIA = GetSidIdentifierAuthority(Sid);
DWORD*pSub1 = GetSidSubAuthority(Sid, 0);
if (memcmp(pSIA, &ntauth, 6) || *pSub1 != SECURITY_BUILTIN_DOMAIN_RID) // Hide everything except the BUILTIN\* groups
{
return true;
}
}
}
return false;
}
...
if (GetTokenInformation(hToken, TokenGroups, pTG, cbTG, &cbTG))
{
for (DWORD i = 0; i < pTG->GroupCount; ++i)
{
if (ShouldHideGroup(pTG->Groups[i].Sid, pTG->Groups[i].Attributes)) continue;
DisplayGroupDetails(pTG->Groups[i]);
}
}
淨*函數的域和/或當地SAM數據庫操作,其餘各組由Windows,但我添加到您的令牌不相信有一個公共的API來過濾你從SAM返回的確切列表。
您首先需要從令牌獲取用戶* Sid *,然後調用* LookupAccountSid *獲取用戶名,最後* NetUserGetGroups * – RbMm
更確切地說* NetUserGetLocalGroups * – RbMm