0
我有一段如下代码在我的系统级Windows服务中运行。如果我将CreateEnvironmentBlock()和CreateProcessAsUser()添加到代码中,那可行。但是我使用“LoadUserProfile()”,它会失败,错误5应该表示“访问被拒绝”。请帮助检查缺少的内容。我想要的是从该系统服务中检索用户级别的注册表值。代码中的注释是另一种方式,但也无法检索用户级别的注册表值。为什么LoadUserProfile()在系统服务中运行的代码中出现错误5“拒绝访问”失败?
void GetUserRegistry()
{
#ifdef Q_OS_WIN
DWORD lastError = 0;
DWORD sessionId = WTSGetActiveConsoleSessionId();
qInfo() << "Session ID = " << sessionId;
wchar_t* ppUserName[100];
DWORD sizeOfUserName;
WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE, sessionId, WTSUserName, ppUserName, &sizeOfUserName);
qInfo() << "Windows User Name = " << QString::fromWCharArray(*ppUserName);
std::wstring strValueOfBinDir = L"Unknown Value";
// LONG regOpenResult = ERROR_SUCCESS;
HANDLE hUserToken = NULL;
HANDLE hFakeToken = NULL;
if (WTSQueryUserToken(sessionId, &hUserToken))
{
if (DuplicateTokenEx(hUserToken, TOKEN_ASSIGN_PRIMARY | TOKEN_ALL_ACCESS, 0, SecurityImpersonation, TokenPrimary, &hFakeToken) == TRUE)
{
qInfo() << "Before ImpersonateLoggedOnUser()......";
if (ImpersonateLoggedOnUser(hFakeToken))
{
HKEY hKey;
// regOpenResult = RegOpenCurrentUser(KEY_READ, &hKey);
PROFILEINFO profileInfo;
ZeroMemory(&profileInfo, sizeof(PROFILEINFO));
profileInfo.dwSize = sizeof(PROFILEINFO);
profileInfo.lpUserName = *ppUserName;
// wchar_t roamingPath[] = L"C:\\Users\\Finix"; // L"C:\\Users\\Finix\\AppData\\Roaming";
// profileInfo.lpProfilePath = roamingPath;
if (LoadUserProfile(hFakeToken, &profileInfo))
{
HANDLE hProfile = profileInfo.hProfile;
RegOpenKeyEx(HKEY_CURRENT_USER,
TEXT("Software\\Baidu\\BaiduYunGuanjia"),
0,
KEY_READ,
&hKey);
GetStringRegKey(hKey, TEXT("installDir"), strValueOfBinDir, TEXT("Unknown"));
UnloadUserProfile(hFakeToken, hProfile);
}
else
{
lastError = GetLastError();
}
RevertToSelf();
}
else
{
qCritical() << "Failed to ImpersonateLoggedOnUser...";
}
CloseHandle(hFakeToken);
}
else
{
qCritical() << "Failed to call DuplicateTokenEx...";
}
CloseHandle(hUserToken);
}
else
{
qCritical() << "Failed to get the user token of session " << sessionId;
}
if (lastError)
{
qCritical() << "Failed to LoadUserProfile(), The ERROR is " << lastError;
}
// if (regOpenResult != ERROR_SUCCESS)
// {
// qCritical() << "Failed to call RegOpenCurrentUser(), Error is " << regOpenResult;
// }
qInfo() << "The value of Registry is " << QString::fromWCharArray(strValueOfBinDir.c_str());
#endif
}
简单,调用的是:WTSGetActiveConsoleSessionId()+ WTSQueryUserToken()+ DuplicateTokenEx()+ ImpersonateLoggedOnUser()+ LoadUserProfile()。为什么LoadUserProfile()失败并出现错误5?在调用LoadUserProfile()之前,应该做什么?我已经做了一些上面显示的代码。我错过了什么? – Finix
您正在声明一个指向字符数组“wchar_t * ppUserName [100]”的指针。您必须将其更改为'wchar_t ppUserName [100];'但可能存在其他错误。 –
@BarmakShemirani上面的代码是正确的。 WTSQuerySessionInformation()的第四个参数是“LPWSTR *”,所以它是一个指向者的指向者。而且,正如我所提到的,如果将LoadUserProfile()更改为“CreateEnvironmentBlock()+ CreateProcessAsUser()”,此程序将起作用。这意味着所有其余的部分都是好的,但对LoadUserProfile()的调用失败。 – Finix