PHP DM Gate v0.9 » Перечисление групп процесса <span class="vd">[D7, WinXP]</span>

Игорь © (24.07.09 14:25) [0]

Правильно ли такое перечисление групп процесса?

const
SE_GROUP_MANDATORY = $00000001;
SE_GROUP_ENABLED_BY_DEFAULT = $00000002;
SE_GROUP_ENABLED = $00000004;
SE_GROUP_OWNER = $00000008;
SE_GROUP_USE_FOR_DENY_ONLY = $00000010;
SE_GROUP_INTEGRITY = $00000020;
SE_GROUP_INTEGRITY_ENABLED = $00000040;
SE_GROUP_RESOURCE = $20000000;
SE_GROUP_LOGON_ID = $C0000000;

procedure TForm1.EnumProcessGroups(PID: DWORD);
const
TokenSize = $1000;
var
hProcess, hToken: THandle;
pTokenInfo: PTokenGroups;
i, j: Integer;
pName, pDomain: array[0..255] of Char;
LastError, ReturnLength, SIDType: Cardinal;
Group: PSIDAndAttributes;
begin
hProcess:= OpenProcess(MAXIMUM_ALLOWED, False, PID);
if hProcess <> 0 then
begin
try
if OpenProcessToken(hProcess, MAXIMUM_ALLOWED, hToken) then
begin
try
GetMem(pTokenInfo, TokenSize);
try
if GetTokenInformation(hToken, TokenGroups, pTokenInfo, TokenSize, ReturnLength) then
begin
Group:= PSIDAndAttributes(PAnsiChar(pTokenInfo) + SizeOf(Cardinal));
for i:= 0 to pTokenInfo.GroupCount - 1 do
begin
FillChar(pName, SizeOf(pName), 0);
FillChar(pDomain, SizeOf(pDomain), 0);
j:= 0;
repeat
LookupAccountSID(nil, Group.Sid, PChar(@pName), ReturnLength, PChar(@pDomain), ReturnLength, SIDType);
LastError:= GetLastError;
Inc(j);
until
(string(pName) <> '') or (LastError = ERROR_NONE_MAPPED);
with Form1.ListView1.Items.Add do
begin
Caption:= String(pDomain) + '\' + String(pName);
SubItems.Add('');
if Group.Attributes and SE_GROUP_OWNER = SE_GROUP_OWNER then
ListView1.Items[i].SubItems[0]:= 'Owner';
if Group.Attributes and SE_GROUP_MANDATORY = SE_GROUP_MANDATORY then
ListView1.Items[i].SubItems[0]:= ListView1.Items[i].SubItems[0] + '\ Mandatory';
if Group.Attributes and SE_GROUP_USE_FOR_DENY_ONLY = SE_GROUP_USE_FOR_DENY_ONLY then
ListView1.Items[i].SubItems[0]:= ListView1.Items[i].SubItems[0] + '\ Deny';
if Group.Attributes and SE_GROUP_LOGON_ID = SE_GROUP_LOGON_ID then
ListView1.Items[i].SubItems[0]:= ListView1.Items[i].SubItems[0] + '\ LogonID';
if Group.Attributes and SE_GROUP_INTEGRITY = SE_GROUP_INTEGRITY then
ListView1.Items[i].SubItems[0]:= ListView1.Items[i].SubItems[0] + '\ Integrity';
if Group.Attributes and SE_GROUP_INTEGRITY_ENABLED = SE_GROUP_INTEGRITY_ENABLED then
ListView1.Items[i].SubItems[0]:= ListView1.Items[i].SubItems[0] + '/ IntegrityEnabled';
if Group.Attributes and SE_GROUP_INTEGRITY = SE_GROUP_ENABLED then
ListView1.Items[i].SubItems[0]:= ListView1.Items[i].SubItems[0] + '\ Enabled';
if Group.Attributes and SE_GROUP_INTEGRITY_ENABLED = SE_GROUP_ENABLED_BY_DEFAULT then
ListView1.Items[i].SubItems[0]:= ListView1.Items[i].SubItems[0] + '\ EnabledByDefault';
if Group.Attributes and SE_GROUP_RESOURCE = SE_GROUP_RESOURCE then
ListView1.Items[i].SubItems[0]:= ListView1.Items[i].SubItems[0] + '\ Resource';
end;
Group:= PSIDAndAttributes(PAnsiChar(Group) + SizeOf(TSIDAndAttributes));
end;
end;
finally
FreeMem(pTokenInfo);
end;
finally
CloseHandle(hToken);
end;
end;
finally
CloseHandle(hProcess);
end;
end;
end;

procedure TForm1.FormCreate(Sender: TObject);
begin
EnumProcessGroups(GetCurrentProcessId);
end;

<Цитата>
Eraser © (24.07.09 18:40) [1]

сравни полученный результат с показаниями Process Explorer'а - вот и ответ.

<Цитата>