查找所有文件,无论权限如何(Windows XP,C#)
[英]Finding ALL files regardless of permissions (Windows XP, C#)
问题描述
I have a 
need to find ALL files on my hard drive (in the C: partition), regardless of permissions. 无论权限如何,我都需要在硬盘驱动器 (在C:分区中)中找到所有文件 。 (Windows XP Pro, using C#) (Windows XP Pro,使用C#)
In an earlier question, I was told: 在先前的问题中,有人告诉我:
The "C:\\System Volume Inforamtion" folder cannot be viewed because it is assigned only to the SYSTEM user.
I've worked with Windows for years, and this is the first time that I have heard about a SYSTEM user (which explains many frustrations I have had in the past). 我已经使用Windows多年了,这是我第一次听说SYSTEM用户(这解释了我过去的许多挫败感)。 I had assumed that the "Administrator" was similar to the "root" user in UNIX, that has access to everything. 我以为“管理员”类似于UNIX中的“ root”用户,它可以访问所有内容。
In Windows, is there an ultimate user that owns EVERYTHING? 在Windows中,最终用户拥有一切吗?
If so, who is that user? 如果是这样,那个用户是谁?
If so, how do I run my C# program as that user so I can see all the files? 如果是这样,我如何以该用户身份运行C#程序,以便可以看到所有文件?
If not, is there some other method? 如果没有,还有其他方法吗? (Other programs do it.) (其他程序可以这样做。)
4 个解决方案
解决方案1
0 2011-07-28 01:13:13
I'm pretty sure that the only way to get access to those folders* is to run as Ring-0 which is the CPU's own partition for a kernel level user; 我非常确定,访问这些文件夹*的唯一方法是以Ring-0的身份运行,Ring-0是内核级别用户的CPU自己的分区。 it's also the way that some Malware/Rootkits can get their hooks into your system. 这也是某些恶意软件/ Rootkit将其钩住您的系统的方式。
I'm pretty confident that this is not something you can achieve in .Net, and I'm not sure you can actually achieve it at all without writing a system level driver (a .sys file). 我非常有信心,这不是您可以在.Net中实现的功能,而且我不确定如果不编写系统级驱动程序(.sys文件)就可以真正实现它。
Regardless, the Filesystem works for the OS, If you're on an NTFS formatted drive and the contents are encrypted, have a super read-all driver won't decrypt the file for you. 无论如何,文件系统都适用于OS,如果您使用的是NTFS格式的驱动器,并且内容已加密,那么超级读取驱动程序将不会为您解密文件。
Edit: Those folders being the system folders, If you can PInvoke the BackupRead/Write functions, you might get access to the other data. 编辑:那些文件夹是系统文件夹,如果可以P调用BackupRead / Write函数,则可以访问其他数据。
解决方案2
0 2011-07-28 01:15:20
解决方案3
0 2011-07-28 01:29:59
You can run the application (or a command prompt) interactively (as SYSTEM). 您可以交互方式(作为SYSTEM)运行应用程序(或命令提示符)。 See, for instance, the accepted answer to this question . 例如,参见对此问题的公认答案。 Once the application runs the interactive context, it can open System Volume Information directly. 应用程序运行交互式上下文后,便可以直接打开“系统卷信息”。
[Edited to add clarification:] [编辑添加说明:]
In Windows, is there an ultimate user that owns EVERYTHING? 在Windows中,最终用户拥有一切吗?
No. There is a privilege, SeTakeOwnershipPrivilege, that is by default granted to administrators (and implicitly System) that allows ownership of objects to be taken. 否。有一个特权SeTakeOwnershipPrivilege,默认情况下,该特权授予管理员(隐式为System),以允许获取对象的所有权。 The object owner can always change the ACL to give himself access. 对象所有者可以随时更改ACL来授予自己访问权限。
There is another privilege, SeBackupPrivilege, granted to administrators and backup operators (and, again, System). 还有另一个特权SeBackupPrivilege授予管理员和备份操作员(以及系统)。 It is intended to allow files to be read to conduct backups, and bypasses normal read operations. 旨在允许读取文件进行备份,并绕过正常的读取操作。 This effectively allows read access to any file, bypassing normal access control restrictions. 这有效地允许对任何文件的读取访问,而绕过正常的访问控制限制。
If so, who is that user? 如果是这样,那个用户是谁?
There is not such a user. 没有这样的用户。 By default, Windows grants only SYSTEM access to C:\\System Volume Information by an ACL on that directory. 默认情况下,Windows仅通过该目录上的ACL授予SYSTEM对C:\\ System Volume Information的访问权限。
If so, how do I run my C# program as that user so I can see all the files? 如果是这样,我如何以该用户身份运行C#程序,以便可以看到所有文件?
You can run the program as SYSTEM specifically to view System Volume Information (per above), although this won't let you view all the files necessarily. 您可以将程序作为SYSTEM专门运行以查看“系统卷信息”(按上述方法),尽管这并不一定会让您查看所有文件。 I think having Backup Operator privileges and conducting read operations with the backup flag is the only mechanism for seeing all files regardless of permissions. 我认为具有备份操作员特权和使用备份标志执行读取操作是查看所有文件的唯一机制,而不管权限如何。
解决方案4
0 2011-07-28 01:32:53
No, there is no root user who has access to everything. 不,没有root用户可以访问所有内容。 Running as SYSTEM or Administrator or any other user will not solve your problem. 以SYSTEM或Administrator或任何其他用户身份运行不会解决您的问题。 You've taken on a very complex problem, and accomplishing it in C# is going to be an added challenge. 您已经解决了一个非常复杂的问题,而在C#中完成它将是一个额外的挑战。 I recommend rethinking the use of C#. 我建议重新考虑使用C#。
Start here and read the description of the FILE_FLAG_BACKUP_SEMANTICS flag and the link there on how to change privileges on a token. 从这里开始,阅读FILE_FLAG_BACKUP_SEMANTICS标志的描述以及那里的有关如何更改令牌特权的链接。 Basically, you're going to have to temporarily change the access privileges on each file/directory you don't have read access to. 基本上,您将不得不临时更改对您没有读取访问权限的每个文件/目录的访问权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.