AuditQuerySystemPolicy() 函数针对“安全状态更改”抛出 AccessViolationException。
我正在开发一个程序,该程序将编译有关本地系统审核策略的信息。这是我的代码:
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool AuditQuerySystemPolicy(
Guid pSubCategoryGuids,
uint PolicyCount,
out IntPtr ppAuditPolicy
);
...
void getSubCategories(AuditPolicyCategory category, long guidSize) {
IntPtr ppAuditSubCategoriesArray = IntPtr.Zero;
uint pCountReturned = 0;
Guid catGuid = category.CategoryGuid;
bool result = AuditEnumerateSubCategories(ref catGuid, false, out ppAuditSubCategoriesArray, out pCountReturned);
if (!result) {
throw new Exception($"[AuditPolicyCategory::getSubCategories] {new Win32Exception(Marshal.GetLastWin32Error()).Message}");
}
long ptr = (long)ppAuditSubCategoriesArray;
for (int i = 0; i < pCountReturned; i++) {
var guid = (Guid)Marshal.PtrToStructure((IntPtr)ptr, typeof(Guid));
string name = getSubCategoryName(guid);
Console.WriteLine($"Current subcategory: {name}");
AuditType state = getPolicyStatus(guid);
//do something with the result
ptr += guidSize;
}
AuditFree(ppAuditSubCategoriesArray);
}
当以下方法调用 AuditQuerySystemPolicy() 函数时,会引发异常。无论 catGuid 的值如何,它都会抛出 AccessViolationException:
AuditType getPolicyStatus(Guid guid) {
IntPtr ppAuditPolicy = IntPtr.Zero;
bool result = AuditQuerySystemPolicy(guid, 1, out ppAuditPolicy);
if (!result) {
throw new Exception($"[AuditPolicyCategory::getPolicyStatus] {new Win32Exception(Marshal.GetLastWin32Error()).Message}");
}
if (IntPtr.Zero.Equals(ppAuditPolicy)) {
throw new Exception($"[AuditPolicyCategory::getPolicyStatus] invalid audit policy returned");
}
//do something with the result
}
我已尝试在管理上下文中运行该程序,并且还向我的帐户授予了 Manage审计和安全日志用户权限分配。不知道接下来该去哪里。
提前致谢!
I'm working on a program that will compile information about the audit policy of a local system. Here is my code:
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool AuditQuerySystemPolicy(
Guid pSubCategoryGuids,
uint PolicyCount,
out IntPtr ppAuditPolicy
);
...
void getSubCategories(AuditPolicyCategory category, long guidSize) {
IntPtr ppAuditSubCategoriesArray = IntPtr.Zero;
uint pCountReturned = 0;
Guid catGuid = category.CategoryGuid;
bool result = AuditEnumerateSubCategories(ref catGuid, false, out ppAuditSubCategoriesArray, out pCountReturned);
if (!result) {
throw new Exception($"[AuditPolicyCategory::getSubCategories] {new Win32Exception(Marshal.GetLastWin32Error()).Message}");
}
long ptr = (long)ppAuditSubCategoriesArray;
for (int i = 0; i < pCountReturned; i++) {
var guid = (Guid)Marshal.PtrToStructure((IntPtr)ptr, typeof(Guid));
string name = getSubCategoryName(guid);
Console.WriteLine($"Current subcategory: {name}");
AuditType state = getPolicyStatus(guid);
//do something with the result
ptr += guidSize;
}
AuditFree(ppAuditSubCategoriesArray);
}
The exception is thrown when the below method hits the AuditQuerySystemPolicy() function. It throws an AccessViolationException regardless of the value of catGuid:
AuditType getPolicyStatus(Guid guid) {
IntPtr ppAuditPolicy = IntPtr.Zero;
bool result = AuditQuerySystemPolicy(guid, 1, out ppAuditPolicy);
if (!result) {
throw new Exception($"[AuditPolicyCategory::getPolicyStatus] {new Win32Exception(Marshal.GetLastWin32Error()).Message}");
}
if (IntPtr.Zero.Equals(ppAuditPolicy)) {
throw new Exception($"[AuditPolicyCategory::getPolicyStatus] invalid audit policy returned");
}
//do something with the result
}
I've tried running the program in an administrative context, and I've also granted my account the Manage audit and security log User Right Assignment. Not sure where to go with this next.
Thanks in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我需要将目标平台从
Any CPU更改为x64以逃避 .NET 沙箱I needed to change the target platform from
Any CPUtox64to escape the .NET sandbox