Skip to content

标题: 在PowerShell脚本中调用Win32 API

创建: 2019-07-01 17:42 链接: https://scz.617.cn/windows/201907011742.txt

这是张云海写的示例,在PowerShell脚本中调用Win32 API,用PowerShell脚本获取 指定用户所属组。


Add-Type -TypeDefinition @" using System; using System.Diagnostics; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text;

[StructLayout(LayoutKind.Sequential)] public struct GROUP_USERS_INFO_0 { public IntPtr grui1_name; }

public static class Netapi32 { [DllImport("Netapi32.dll")] public static extern int NetUserGetLocalGroups ( IntPtr servername, [MarshalAs(UnmanagedType.LPWStr)]string username, int level, int flags, ref IntPtr bufptr, int prefmaxlen, ref int entriesread, ref int totalentries ); } "@

$bufptr = New-Object IntPtr $entriesread = New-Object Int $totalentries = New-Object Int $status = [Netapi32]::NetUserGetLocalGroups( 0, "Guest", 0, 1, [ref]$bufptr, -1, [ref]$entriesread, [ref]$totalentries )

$tmpobj = New-Object GROUP_USERS_INFO_0 $type = $tmpobj.GetType() $typesize = [System.Runtime.InteropServices.Marshal]::SizeOf( [System.Type]$type )

for ( $i=0; $i -lt $entriesread; $i++ ) { $bufptr = New-Object IntPtr( $bufptr.ToInt64() + $i * $typesize ) $info = [System.Runtime.InteropServices.Marshal]::PtrToStructure( $bufptr, [System.Type]$type ) [System.Runtime.InteropServices.Marshal]::PtrToStringAuto( $info.grui1_name ) }


$ powershell -ExecutionPolicy ByPass -File NetUserGetLocalGroups.ps1 Guests

本例显示Guest帐号属于Guests组。