我以为我正确阅读了 MSDN 上的文档,但显然我没有阅读?我不完全确定我到底做错了什么,我准备好拼命了。
EVENTLOGRECORD 结构的文档提供了 SID 的偏移量
https://msdn.microsoft.com/en-us/library/windows/desktop/aa363646(v=vs.85).aspx
UserSidOffset
The offset of the security identifier (SID) within this event log record. To obtain the user name for this SID, use the LookupAccountSid function.
然后要转换此 sid,我们使用 LookupAccountSid() API。
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379166(v=vs.85).aspx
lpSid [in]
A pointer to the SID to look up.
我无休止地搜索并找到了看起来与我的实现非常相似但得到相同结果的示例。我对 Windows API 生疏了,所以如果我忽略了这个问题,我不会感到惊讶。
最后,这是我的代码:
size_t BytesRemaining = 0;
while (BytesRemaining < BytesInBuffer)
{
EVENTLOGRECORD *Record = reinterpret_cast<EVENTLOGRECORD *>(buffer + BytesRemaining);
char UsernameBuffer[256], DomainBuffer[256];
DWORD UsernameBufferSize = 256, DomainBufferSize = 256;
SID_NAME_USE SidType;
PSID SID = (PSID)((LPBYTE)Record + Record->UserSidOffset);
if (!LookupAccountSid(NULL, SID, UsernameBuffer, &UsernameBufferSize, DomainBuffer, &DomainBufferSize, &SidType))
{
std::cout << "Failed reading SID (" << SID << "): " << GetLastErrorMessage().c_str();
}
else {
std::cout << "I didn't shit on the SID.\n";
}
BytesRemaining += Record->Length;
}
bytesInBuffer = 0;
编辑
经过一些调试,我发现StringsOffset 和UserSidOffset 包含相同的值。所以看起来偏移量指向不正确...这就是我无法将有效 SID 传递给 API 的原因。
有人吗?
最佳答案
cchName [in, out]
On input, specifies the size, in TCHARs, of the lpName buffer. If the function fails because the buffer is too small or if cchName is zero, cchName receives the required buffer size, including the terminating null character.
cchReferencedDomainName [输入,输出]
On input, specifies the size, in TCHARs, of the lpReferencedDomainName buffer. If the function fails because the buffer is too small or if cchReferencedDomainName is zero, cchReferencedDomainName receives the required buffer size, including the terminating null character.
在调用 LookupAccountSid() 之前,您需要将数组大小分配给 UsernameBufferSize 和 DomainBufferSize。或者将它们设置为零,然后动态分配 UsernameBuffer 和 DomainBuffer,然后再次调用 LookupAccountSid()。
关于c++ - 来自 LookupAccountSid() 的 "The parameter is incorrect"错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38886245/