[英]AuditQuerySystemPolicy() function throws AccessViolationException for "Security State Change"
I'm working on a program that will compile information about the audit policy of a local system.我正在开发一个程序,该程序将编译有关本地系统审计策略的信息。 Here is my code:
这是我的代码:
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool AuditQuerySystemPolicy(
Guid pSubCategoryGuids,
uint PolicyCount,
out IntPtr ppAuditPolicy
);
...
void getSubCategories(AuditPolicyCategory category, long guidSize) {
IntPtr ppAuditSubCategoriesArray = IntPtr.Zero;
uint pCountReturned = 0;
Guid catGuid = category.CategoryGuid;
bool result = AuditEnumerateSubCategories(ref catGuid, false, out ppAuditSubCategoriesArray, out pCountReturned);
if (!result) {
throw new Exception($"[AuditPolicyCategory::getSubCategories] {new Win32Exception(Marshal.GetLastWin32Error()).Message}");
}
long ptr = (long)ppAuditSubCategoriesArray;
for (int i = 0; i < pCountReturned; i++) {
var guid = (Guid)Marshal.PtrToStructure((IntPtr)ptr, typeof(Guid));
string name = getSubCategoryName(guid);
Console.WriteLine($"Current subcategory: {name}");
AuditType state = getPolicyStatus(guid);
//do something with the result
ptr += guidSize;
}
AuditFree(ppAuditSubCategoriesArray);
}
The exception is thrown when the below method hits the AuditQuerySystemPolicy()
function. It throws an AccessViolationException
regardless of the value of catGuid
:当以下方法命中
AuditQuerySystemPolicy()
function 时抛出异常。无论catGuid
的值如何,它都会抛出AccessViolationException
:
AuditType getPolicyStatus(Guid guid) {
IntPtr ppAuditPolicy = IntPtr.Zero;
bool result = AuditQuerySystemPolicy(guid, 1, out ppAuditPolicy);
if (!result) {
throw new Exception($"[AuditPolicyCategory::getPolicyStatus] {new Win32Exception(Marshal.GetLastWin32Error()).Message}");
}
if (IntPtr.Zero.Equals(ppAuditPolicy)) {
throw new Exception($"[AuditPolicyCategory::getPolicyStatus] invalid audit policy returned");
}
//do something with the result
}
I've tried running the program in an administrative context, and I've also granted my account the Manage audit and security log User Right Assignment.我试过在管理上下文中运行该程序,并且还授予我的帐户管理审计和安全日志用户权限分配。 Not sure where to go with this next.
不知道下一个 go 在哪里。
Thanks in advance!提前致谢!
I needed to change the target platform from Any CPU
to x64
to escape the .NET sandbox我需要将目标平台从
Any CPU
更改为x64
以逃避 .NET 沙箱
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.