stackoom
  简体   繁体   中英

Windows: how to intercept operations with users/groups?

 原文  2012-07-05 13:02:44       windows/ winapi

Question

Does Windows have a mechanism for intercepting operations with users/groups such as create/delete, membership change ?

Google and stackoverflow give no answers yet. Reversing into netapi32!NetUserAdd etc gives nothing too.

2 answers

solution1
 0  2012-07-05 13:35:02

Windows does not provide an interception mechanism that provides that feature, but you could hook the appropriate Win32 APIs using Detours or any other framework (or your own implementation). Once intercepted, you can filter and or forward the functions according to your needs.

solution2
 0  2012-07-10 14:39:13

Just some VBScript code for intercepting user creation. It's on you to rewrite it on C++/C#/whatever. 

sub set_intercept()
    set wmi = GetObject("winmgmts:\\.\root\cimv2")
    set sink = WScript.CreateObject("WbemScripting.SWbemSink", "SINK_")
    wmi.ExecNotificationQueryAsync sink, "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Account'"
end sub 

sub SINK_OnObjectReady(obj, context)
    WScript.Echo "User was created"
end sub

set_intercept()

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I list all users and groups in a windows domain? How to list Windows users and groups in ASP.NET? How to intercept DNS queries in Windows On Windows, who is in the Everyone and Authenticated Users groups? how to intercept that the update of window to the windows driver level? How to intercept C library calls in windows? How to intercept and modify mic audio stream Windows How to intercept Windows startup event in Swing Windows EventLog: How fast are operations with it? Intercept windows open file
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM