如何在 cmd.exe 中获取文件的组 SID(不能使用 powershell)?
我不确定您是否可以使用 cmd 执行此操作,但是因为直到您将其标记为 winapi,我都会使用它来显示解决方案。
NTSTATUS PrintFileGroup(POBJECT_ATTRIBUTES poa)
{
HANDLE hFile;
IO_STATUS_BLOCK iosb;
NTSTATUS status;
if (0 <= (status = NtOpenFile(&hFile, READ_CONTROL, poa, &iosb, 0, 0)))
{
union {
PVOID buf;
PSECURITY_DESCRIPTOR pSD;
};
ULONG cb = 0, rcb = 0x100;
PVOID stack = (PVOID)alloca(guz);
do
{
if (cb < rcb)
{
// /RTCs must not be set
cb = RtlPointerToOffset(buf = alloca(rcb - cb), stack);
}
status = NtQuerySecurityObject(hFile, GROUP_SECURITY_INFORMATION, pSD, cb, &rcb);
} while (STATUS_BUFFER_TOO_SMALL == status);
NtClose(hFile);
if (0 <= status)
{
PSID Group;
BOOLEAN b;
if (0 <= (status = RtlGetGroupSecurityDescriptor (pSD, &Group, &b)))
{
UNICODE_STRING str;
if (0 <= RtlConvertSidToUnicodeString(&str, Group, TRUE))
{
DbgPrint("G=%wZ\n", str);
RtlFreeUnicodeString(&str);
}
LSA_OBJECT_ATTRIBUTES oa = { sizeof(oa) };
HANDLE hPolicy;
if (0 <= (status = LsaOpenPolicy(0, &oa, POLICY_LOOKUP_NAMES, &hPolicy)))
{
PLSA_REFERENCED_DOMAIN_LIST ReferencedDomains = 0;
PLSA_TRANSLATED_NAME Names = 0;
if (0 <= (status = LsaLookupSids2(hPolicy, 0, 1, &Group, &ReferencedDomains, &Names)))
{
ULONG DomainIndex = Names->DomainIndex;
PCUNICODE_STRING DomainName = 0;
if (DomainIndex < ReferencedDomains->Entries)
{
DomainName = &ReferencedDomains->Domains[DomainIndex].Name;
}
DbgPrint("%x %wZ\\%wZ\n", Names->Use, DomainName, &Names->Name);
}
LsaFreeMemory(ReferencedDomains);
LsaFreeMemory(Names);
LsaClose(hPolicy);
}
}
}
}
return status;
}
说
\??\c:
我得到了
G=S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464
5 NT SERVICE\TrustedInstaller