我正在尝试使用c ++应用程序实时检测登录到窗口的任何新事件。我读到它可以通过使用wmi.But的ExecNotificationQuery方法来完成,当它尝试它时我得到访问冲突异常。它有人说应用程序必须有SeSecurityPrivilege.Now如何在创建wmi连接时设置此权限。只是忽略jni部分,我正在调用声明并将此函数用作java的本机函数
更新的代码:
HANDLE hToken = NULL ;
LPCTSTR lpszPrivilege = "SeSecurityPrivilege";
BOOL bEnablePrivilege = true ;
TOKEN_PRIVILEGES tp ;
LUID luid ;
if ( !LookupPrivilegeValue(
NULL,
SE_SECURITY_NAME,
&luid ))
{
cout << "LookupPrivilegeValue error : %u \n" << GetLastError() ;
return ;
}
tp.PrivilegeCount = 1 ;
tp.Privileges[0].Luid = luid ;
if( bEnablePrivilege )
{
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED ;
}
else
{
tp.Privileges[0].Attributes = 0 ;
}
if(!OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY , & hToken ))
{
cout << "erroe in open process %u\n" << GetLastError();
return ;
}
if( !AdjustTokenPrivileges(
hToken,
FALSE ,
&tp,
sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES) NULL,
(PDWORD) NULL ))
{
cout << "AdjustTokenPrivileges error : %u\n" << GetLastError();
return;
}
if(GetLastError() == ERROR_NOT_ALL_ASSIGNED)
{
cout << "The token does not have the specified privilege \n" ;
return ;
}
// Initializing the COM
HRESULT hr ;
hr = CoInitializeEx( 0 , COINIT_MULTITHREADED );
if(FAILED(hr))
{
cout << "first failed to initialize COM Library " << hex << hr << endl ;
return ;
}
//Initialize COM security
hr = CoInitializeSecurity (
NULL,
-1,
NULL,
NULL,
RPC_C_AUTHN_LEVEL_DEFAULT,
RPC_C_IMP_LEVEL_IDENTIFY,
NULL,
EOAC_NONE,
NULL
);
if(FAILED(hr))
{
cout << "second failed to initilize security."<< hex << hr << endl ;
CoUninitialize();
return ;
}
cout << "Initilized the COM"<< endl ;
//Initializing the IWbemLocator throught a call to CoCreateInstance.
IWbemLocator *pLoc = 0 ;
hr = CoCreateInstance(CLSID_WbemLocator,0,CLSCTX_INPROC_SERVER,IID_IWbemLocator,(LPVOID*) & pLoc);
if(FAILED(hr))
{
cout << "failed to create IWbemLocator object"<< hex << hr << endl ;
CoUninitialize();
return ;
}
//Connect to WMI through a call to ConnectServer method of IWbemLocator
IWbemServices *pSvc = 0 ;
hr = pLoc->ConnectServer(
_bstr_t(L"ROOT\\CIMV2"),
NULL,
NULL,
0,
NULL,
0,
0,
&pSvc);
if(FAILED(hr))
{
cout << "could not connect to WMI from ConnectServer method"<<hex<<hr<<endl;
pLoc->Release();
CoUninitialize();
return ;
}
cout << "Connected to WMI" << endl ;
//Setting security level on a Wmi connection
hr = CoSetProxyBlanket(pSvc,
RPC_C_AUTHN_WINNT,
RPC_C_AUTHZ_NONE,
NULL,
RPC_C_AUTHN_LEVEL_CALL,
RPC_C_IMP_LEVEL_IMPERSONATE,
NULL,
EOAC_NONE
);
if(FAILED(hr))
{
cout << "could not set security level on wmi connection" << hex << hr << endl;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return ;
}
cout << "Security level set on wmi connection" << endl;
// Querying for data using executeQuery Method of IWbemServies pointer
IEnumWbemClassObject* pEnumerator = NULL ;
hr = pSvc->ExecNotificationQuery (
bstr_t("WQL"),
//bstr_t(Cquery),
bstr_t("select * from __InstanceCreationEvent where TargetInstance ISA 'Win32_NTLogEvent'"),
WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
NULL,
&pEnumerator);
if(FAILED(hr))
{
cout << "Query for operating system failed for Win32_NTLogEvent" << hex << endl ;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return ;
}
cout << "data is obtained from the operating system" << endl ;
//Getting the data from the query for Win32_NTLogEvent
IWbemClassObject *pclsobj = NULL ;
ULONG uReturn = 0 ;
string logname ; int lognum = 0 ;
while (pEnumerator && lognum < 2 )
{
lognum++ ;
HRESULT hr = pEnumerator->Next(WBEM_INFINITE,1,&pclsobj,&uReturn);
if( 0 == uReturn )
{
cout << "loop broke" << endl ;
cout << "uReturn value :" << uReturn << endl ;
break;
}
cout << "uReturn value :" << uReturn << endl ;
VARIANT vtProp;
string Properties[11] = {"ComputerName" , "Message" , "Logfile" , "SourceName" , "Type" , "EventCode" , "EventIdentifer" , "EventType" , "RecordNumber" , "TimeGenerated" , "TimeWritten"};
int index = 0 ;
for( index = 0 ; index < 11 ; index++ )
{
LPWSTR prop ;
std::wstring property(Properties[index].begin() , Properties[index].end()) ;
prop = (LPWSTR) property.c_str();
hr = pclsobj->Get(prop, 0 , &vtProp , 0 , 0 );
if(index < 5 )
{
cout << "getting property" << endl ;
BSTR bpropertyvalue = vtProp.bstrVal ;
cout << Properties[index] << "reached here" << endl ;
std::wstring wpropertyvalue(bpropertyvalue,SysStringLen(bpropertyvalue));**the crash occurs in this point** //CONVERTING BSTR TO WSTRING
cout << Properties[index] << "reached here again" << endl ;
string propertyvalue(wpropertyvalue.begin(),wpropertyvalue.end());
propertyvalue.assign(wpropertyvalue.begin(),wpropertyvalue.end()); //CONVERTING WSTRING TO C++ STRING
cout << Properties[index] << ":" << propertyvalue << endl ;
VariantClear(&vtProp);
}
else if( index < 9 )
{
int propertyvalue ; //CONVERTING UINT TO INT
if( index == 5 )
{ propertyvalue = vtProp.uiVal ;}
else if(index == 6 )
{ propertyvalue = vtProp.ulVal ;}
else if(index == 7)
{ propertyvalue = vtProp.intVal ;}
else
{ propertyvalue = vtProp.ulVal ; }
cout << Properties[index] << ":" << propertyvalue << endl ;
VariantClear(&vtProp);
}
else
{
CString gendate(vtProp);
cout << " gendate : " << gendate << endl ;
string s(gendate);
string year(s,0,4);
string month(s,4,2);
string day(s,6,2);
string hour(s,8,2);
string minute(s,10,2);
string sec(s,12,2);
string millisec(s,15,6);
struct tm t = {0} ;
stringstream yearstrm(year) ;
int yr = 0 ; yearstrm >> yr ;
stringstream monthstrm(month) ;
int mn = 0 ; monthstrm >> mn ;
stringstream daystrm(day) ;
int dy = 0 ; daystrm >> dy ;
stringstream hourstrm(hour) ;
int hr = 0 ; hourstrm >> hr ;
stringstream minstrm(minute) ;
int min = 0 ;minstrm >> min ;
stringstream secstrm(sec) ;
int sc = 0 ;secstrm >> sc ;
stringstream millisecstrm(millisec) ;
int msec = 0 ; millisecstrm >> msec ;
t.tm_year = yr-1900 ;
t.tm_mon = mn-1 ;
t.tm_mday = dy ;
t.tm_hour = hr ;
t.tm_min = min ;
t.tm_sec = sc ;
time_t time = mktime(&t) * 1000 + msec ;
cout << yr <<"-" << mn <<"-" << dy << "-" << hr << ":" << min << ":" << sc << endl ;
stringstream timegen ;
timegen << time ;
std::string timestr = timegen.str() ;
cout << timestr << endl ;
VariantClear(&vtProp);
}
}
//cout << "---------------------------------------------" << endl ;
答案 0 :(得分:1)
获取权限通常涉及3个步骤:查询权限LUID,获取具有访问权限的条目句柄,允许调整权限,调整权限。
// Fill struct.
::TOKEN_PRIVILEGES tkp;
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(FALSE == ::LookupPrivilegeValueW(nullptr, SE_SECURITY_NAME, ::std::addressof(tkp.Privileges[0].Luid)))
{
// Handle error...
}
// Obtain current process (pseudo) handle.
auto const this_process_handle{::GetCurrentProcess()};
assert(reinterpret_cast<::HANDLE>(-1) == this_process_handle); // No need to call CloseHandle.
// Obtain privilege token for this process.
::HANDLE naked_token_handle{};
constexpr ::DWORD const access_flags{TOKEN_ADJUST_PRIVILEGES bitor TOKEN_QUERY};
if(FALSE == ::OpenProcessToken(this_process_handle, access_flags, ::std::addressof(naked_token_handle)))
{
// Handle error...
}
assert(NULL != naked_token_handle); // Must call CloseHandle to cleanup.
// Enable privilege.
if(FALSE == ::AdjustTokenPrivileges(naked_token_handle, FALSE, ::std::addressof(tkp), 0, nullptr, nullptr))
{
// Handle error and close handle...
}
if(FALSE = ::CloseHandle(naked_token_handle))
{
// Handle error...
}