您第二次致电GetTokenInformation()
在第三个参数中传递了错误的内存地址。您正在传递的内存地址to
变量本身,所以你问GetTokenInformation()
写入周围的堆栈空间。您需要传递变量指向的内存地址(分配的内存地址)TOKEN_OWNER
结构),所以摆脱&
运算符(以及类型转换,这不是必需的):
GetTokenInformation(hToken, TokenOwner, to, len, &len);
你也没有做any根本不进行错误处理,因此您不知道内存是否已成功分配,或者是否有任何 API 函数失败。
试试这个:
#include <windows.h>
#include <psapi.h>
using namespace std;
int main()
{
DWORD dwError;
HANDLE hToken;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
{
dwError = GetLastError();
cerr << "OpenProcessToken failed, error " << dwError;
return 0;
}
DWORD len = 0;
if (!GetTokenInformation(hToken, TokenOwner, NULL, 0, &len))
{
dwError = GetLastError();
if (dwError != ERROR_INSUFFICIENT_BUFFER)
{
cerr << "GetTokenInformation failed, error " << dwError;
CloseHandle(hToken);
return 0;
}
}
PTOKEN_OWNER to = (PTOKEN_OWNER) LocalAlloc(LPTR, len);
if (!to)
{
dwError = GetLastError();
cerr << "LocalAlloc failed, error " << dwError;
CloseHandle(hToken);
return 0;
}
if (!GetTokenInformation(hToken, TokenOwner, to, len, &len))
{
dwError = GetLastError();
cerr << "GetTokenInformation failed, error " << dwError;
LocalFree(to);
CloseHandle(hToken);
return 0;
}
char nameUser[256] = {0};
char domainName[256] = {0};
DWORD nameUserLen = 256;
DWORD domainNameLen = 256;
SID_NAME_USE snu;
if (!LookupAccountSidA(NULL, to->Owner, nameUser, &nameUserLen, domainName, &domainNameLen, &snu))
{
dwError = GetLastError();
cerr << "LookupAccountSid failed, error " << dwError;
LocalFree(to);
CloseHandle(hToken);
return 0;
}
cout << domainName << '/' << nameUser << endl;
LocalFree(to);
CloseHandle(hToken);
return 0;
}