In Windows, a program can get a user access token by calling LogonUser , OpenProcessToken , SSPI functions, and a couple others. Once you have the token, there are quite a few functions that you can pass this token into in order to do things as this user. Do these sort of actions typically have side effects for the "parent" process?
For example, you can load the user's profile (registry settings, etc) via LoadUserProfile . Amongst other things, LoadUserProfile will load the user's registry hive into HKEY_USERS and map HKEY_CURRENT_USER to it. From the parent process' perspective, does this alter HKEY_CURRENT_USER? Or is it only "visible" after starting a new process as that user via CreateProcessAsUser , impersonating in the current process via ImpersonateLoggedOnUser , etc?
Aucun commentaire:
Enregistrer un commentaire