Windows用户模拟对用户有何影响? [英] What side affects are there from Windows user impersonation?
问题描述
In Windows, a program can get a user access token by calling LogonUser, OpenProcessToken, SSPI functions, and a couple others. Once you have the token, there are quite a few functions that you can pass this token into in order to do things as this user. Do these sort of actions typically have side effects for the "parent" process?
例如,您可以通过 ImpersonateLoggedOnUser 等?
For example, you can load the user's profile (registry settings, etc) via LoadUserProfile. Amongst other things, LoadUserProfile will load the user's registry hive into HKEY_USERS and map HKEY_CURRENT_USER to it. From the parent process' perspective, does this alter HKEY_CURRENT_USER? Or is it only "visible" after starting a new process as that user via CreateProcessAsUser, impersonating in the current process via ImpersonateLoggedOnUser, etc?
推荐答案
根据其文档,LoadUserProfile()返回已加载的HKEY_CURRENT_USER键的句柄.然后,您可以将该句柄传递给Registry函数,它们将访问该用户的数据. LoadUserProfile()不会影响与正在运行呼叫进程的用户相关的HKEY_CURRENT_USER键.
Per its documentation, LoadUserProfile() returns a handle to the HKEY_CURRENT_USER key that was loaded. You can then pass that handle to Registry functions, and they will access that user's data. LoadUserProfile() does not affect the HKEY_CURRENT_USER key associated with the user that is running the calling process.
冒名顶替会影响呼叫过程的HKEY_CURRENT_USER键,但通常不会:
Impersonation CAN affect the calling process's HKEY_CURRENT_USER key, but typically WILL NOT:
HKEY_CURRENT_USER
...
HKEY_CURRENT_USER和HKEY_USERS之间的映射是每个进程,并且在该进程第一次引用HKEY_CURRENT_USER 时建立.映射基于第一个引用HKEY_CURRENT_USER的线程的安全上下文.如果此安全上下文没有在HKEY_USERS中加载注册表配置单元,则使用HKEY_USERS.Default建立映射. 在建立此映射之后,即使线程的安全上下文发生了变化,它也会保留.
HKEY_CURRENT_USER
...
The mapping between HKEY_CURRENT_USER and HKEY_USERS is per process and is established the first time the process references HKEY_CURRENT_USER. The mapping is based on the security context of the first thread to reference HKEY_CURRENT_USER. If this security context does not have a registry hive loaded in HKEY_USERS, the mapping is established with HKEY_USERS.Default. After this mapping is established it persists, even if the security context of the thread changes.
因此,如果您是在第一次使用HKEY_CURRENT_USER时冒充用户,则它将在此过程中映射到该用户的密钥. Raymond Chen甚至在他的博客上说了很多话:
So, if you are impersonating a user when you use HKEY_CURRENT_USER for the first time, then it will map to that user's key for the duration of the process. Raymond Chen even said as much on his blog:
在首次由进程访问该注册表项时,注册表项HKEY_CURRENT_USER已绑定到当前用户:
...
这意味着,如果您模拟用户,然后访问HKEY_CURRENT_USER,则将HKEY_CURRENT_USER绑定到模拟用户.即使您停止模拟,将来对HKEY_CURRENT_USER的引用仍将引用该用户.
The registry key HKEY_CURRENT_USER is bound to the current user at the time the key is first accessed by a process:
...
This means that if you impersonate a user, and then access HKEY_CURRENT_USER, then that binds HKEY_CURRENT_USER to the impersonated user. Even if you stop impersonating, future references to HKEY_CURRENT_USER will still refer to that user.
但是,在大多数情况下,您可能会在模拟任何人之前访问注册表,或者在模拟时不会访问注册表,因此HKEY_CURRENT_USER通常将映射到应用程序运行所依据的用户.如果某个线程在冒充用户,并且需要访问该用户的HKEY_CURRENT_USER键,请使用OpenThreadToken()(如果您还没有令牌)和LoadUserProfile()获取该用户的HKEY_CURRENT_USER句柄.
However, for the majority of cases, you will likely access the Registry before you impersonate anyone, or you will not access the Registry while impersonating, so HKEY_CURRENT_USER will typically map to the user that the app is running as. If a thread is impersonating a user and needs to access that user's HKEY_CURRENT_USER key, use OpenThreadToken() (if you don't already have the token) and LoadUserProfile() to get that user's HKEY_CURRENT_USER handle.
这篇关于Windows用户模拟对用户有何影响?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
