使用LsaEnumeratePrivileges(在ntlsa.h中定义,在WDK - inc / api中):
NTSTATUS NTAPI LsaEnumeratePrivileges( __in LSA_HANDLE PolicyHandle, __inout PLSA_ENUMERATION_HANDLE EnumerationContext, __out PVOID *Buffer, __in ULONG PreferedMaximumLength, __out PULONG CountReturned );
你得到的缓冲区是一个POLICY_PRIVILEGE_DEFINITION结构数组:
typedef struct _POLICY_PRIVILEGE_DEFINITION { LSA_UNICODE_STRING Name; LUID LocalValue; } POLICY_PRIVILEGE_DEFINITION, *PPOLICY_PRIVILEGE_DEFINITION;
例如:
#include <ntlsa.h> NTSTATUS status; LSA_HANDLE policyHandle; LSA_ENUMERATION_HANDLE enumerationContext = 0; PPOLICY_PRIVILEGE_DEFINITION buffer; ULONG countReturned; ULONG i; LsaOpenPolicy(..., &policyHandle); while (TRUE) { status = LsaEnumeratePrivileges(policyHandle, &enumerationContext, &buffer, 256, &countReturned); if (status == STATUS_NO_MORE_ENTRIES) break; // no more privileges if (!NT_SUCCESS(status)) break; // error for (i = 0; i < countReturned; i++) { // Privilege definition in buffer[i] } LsaFreeMemory(buffer); } LsaClose(policyHandle);