关于WTSAPI32

最新推荐文章于 2024-03-07 11:06:02 发布

weixin_30475039

最新推荐文章于 2024-03-07 11:06:02 发布

阅读量707

点赞数

文章标签： c#

原文链接：http://www.cnblogs.com/beawesome/p/6473668.html

版权

　　一般在windows编程都是用用从ntdll导出的Native API，现在看到一点COM编程或者其他的一些不常用的接口函数总觉得蛮有意思，准备以后多积累一下。

先简单总结WTSAPI32。以下实在Win7x64下的WTSAPI32中得到的导出函数。

WTSCloseServer    0x3fd03292    0x00003292    1 (0x1)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSConnectSessionA    0x3fd02f38    0x00002f38    2 (0x2)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSConnectSessionW    0x3fd02fc1    0x00002fc1    3 (0x3)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSCreateListenerA    0x3fd07c11    0x00007c11    4 (0x4)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSCreateListenerW    0x3fd07595    0x00007595    5 (0x5)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSDisconnectSession    0x3fd02992    0x00002992    6 (0x6)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSEnumerateListenersA    0x3fd071ea    0x000071ea    7 (0x7)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSEnumerateListenersW    0x3fd070d4    0x000070d4    8 (0x8)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSEnumerateProcessesA    0x3fd0542d    0x0000542d    9 (0x9)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSEnumerateProcessesExA    0x3fd057e2    0x000057e2    10 (0xa)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSEnumerateProcessesExW    0x3fd05138    0x00005138    11 (0xb)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSEnumerateProcessesW    0x3fd04e45    0x00004e45    12 (0xc)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSEnumerateServersA    0x3fd03577    0x00003577    13 (0xd)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSEnumerateServersW    0x3fd03461    0x00003461    14 (0xe)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSEnumerateSessionsA    0x3fd04023    0x00004023    15 (0xf)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSEnumerateSessionsExA    0x3fd04485    0x00004485    16 (0x10)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSEnumerateSessionsExW    0x3fd04359    0x00004359    17 (0x11)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSEnumerateSessionsW    0x3fd01d49    0x00001d49    18 (0x12)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSFreeMemory    0x3fd01b65    0x00001b65    19 (0x13)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSFreeMemoryExA    0x3fd03179    0x00003179    20 (0x14)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSFreeMemoryExW    0x3fd030cd    0x000030cd    21 (0x15)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSGetListenerSecurityA    0x3fd0706d    0x0000706d    22 (0x16)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSGetListenerSecurityW    0x3fd06ec1    0x00006ec1    23 (0x17)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSLogoffSession    0x3fd03d77    0x00003d77    24 (0x18)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSOpenServerA    0x3fd03262    0x00003262    25 (0x19)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSOpenServerExA    0x3fd03282    0x00003282    26 (0x1a)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSOpenServerExW    0x3fd03272    0x00003272    27 (0x1b)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSOpenServerW    0x3fd03252    0x00003252    28 (0x1c)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSQueryListenerConfigA    0x3fd074ec    0x000074ec    29 (0x1d)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSQueryListenerConfigW    0x3fd072cc    0x000072cc    30 (0x1e)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSQuerySessionInformationA    0x3fd04cdd    0x00004cdd    31 (0x1f)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSQuerySessionInformationW    0x3fd0253d    0x0000253d    32 (0x20)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSQueryUserConfigA    0x3fd0695c    0x0000695c    33 (0x21)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSQueryUserConfigW    0x3fd0662a    0x0000662a    34 (0x22)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSQueryUserToken    0x3fd01f81    0x00001f81    35 (0x23)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSRegisterSessionNotification    0x3fd01cbc    0x00001cbc    36 (0x24)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSRegisterSessionNotificationEx    0x3fd03e0a    0x00003e0a    37 (0x25)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSSendMessageA    0x3fd03d1f    0x00003d1f    38 (0x26)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSSendMessageW    0x3fd03cc7    0x00003cc7    39 (0x27)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSSetListenerSecurityA    0x3fd06e60    0x00006e60    40 (0x28)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSSetListenerSecurityW    0x3fd06d36    0x00006d36    41 (0x29)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSSetSessionInformationA    0x3fd03cbc    0x00003cbc    42 (0x2a)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSSetSessionInformationW    0x3fd03cbc    0x00003cbc    43 (0x2b)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSSetUserConfigA    0x3fd06383    0x00006383    44 (0x2c)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSSetUserConfigW    0x3fd06008    0x00006008    45 (0x2d)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSShutdownSystem    0x3fd031eb    0x000031eb    46 (0x2e)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSStartRemoteControlSessionA    0x3fd02ec2    0x00002ec2    47 (0x2f)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSStartRemoteControlSessionW    0x3fd02e9e    0x00002e9e    48 (0x30)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSStopRemoteControlSession    0x3fd02e81    0x00002e81    49 (0x31)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSTerminateProcess    0x3fd05119    0x00005119    50 (0x32)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSUnRegisterSessionNotification    0x3fd028c8    0x000028c8    51 (0x33)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSUnRegisterSessionNotificationEx    0x3fd03e6b    0x00003e6b    52 (0x34)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSVirtualChannelClose    0x3fd058cb    0x000058cb    53 (0x35)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSVirtualChannelOpen    0x3fd05c1b    0x00005c1b    54 (0x36)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSVirtualChannelOpenEx    0x3fd05c39    0x00005c39    55 (0x37)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSVirtualChannelPurgeInput    0x3fd05ad9    0x00005ad9    56 (0x38)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSVirtualChannelPurgeOutput    0x3fd05afb    0x00005afb    57 (0x39)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSVirtualChannelQuery    0x3fd05b1d    0x00005b1d    58 (0x3a)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSVirtualChannelRead    0x3fd05997    0x00005997    59 (0x3b)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSVirtualChannelWrite    0x3fd05920    0x00005920    60 (0x3c)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数    
WTSWaitSystemEvent    0x3fd02fe5    0x00002fe5    61 (0x3d)    wtsapi32.dll    C:\Windows\SysWOW64\wtsapi32.dll    导出函数

根据函数名称大概也可以看出函数的功能，常用函数的实现，都能查得到。

这里用WTSEnumerateProcessesA做个demo。

进程枚举

 1 #include "stdafx.h"
 2 #include "stdafx.h"
 3 #include "stdio.h"
 4 #include "windows.h"
 5 typedef struct _WTS_PROCESS_INFO {
 6     DWORD SessionId;
 7     DWORD ProcessId;
 8     LPTSTR pProcessName;
 9     PSID pUserSid;
10 } WTS_PROCESS_INFO, *PWTS_PROCESS_INFO;
11 
12 typedef HANDLE(WINAPI* WTSOPENSERVER)(LPTSTR pServerName);
13 typedef BOOL(WINAPI* WTSENUMERATEPROCESSES)(HANDLE hServer, DWORD Reserved, DWORD Version, \
14     PWTS_PROCESS_INFO* ppProcessInfo, DWORD* pCount);
15 
16 void main()
17 {
18     HMODULE hWtsApi32 = LoadLibrary(_T("WTSAPI32.DLL"));
19     WTSOPENSERVER pWtsOpenServer = (WTSOPENSERVER)GetProcAddress(hWtsApi32, "WTSOpenServerA");
20     WTSENUMERATEPROCESSES wtsEnumProc = (WTSENUMERATEPROCESSES)GetProcAddress(hWtsApi32, "WTSEnumerateProcessesA");
21     WCHAR *szServerName = _T("");
22     HANDLE hServer = pWtsOpenServer((LPTSTR)szServerName);
23     PWTS_PROCESS_INFO pProcInfo;
24     DWORD dwCount = 0;
25     if (!wtsEnumProc(hServer, 0, 1, &pProcInfo, &dwCount))
26         return;
27     for (DWORD i = 0; i < dwCount; i++)
28     {
29         wprintf(_T("ProcID=0x%XH ProName=%S\r\n"), pProcInfo[i].ProcessId, pProcInfo[i].pProcessName);
30     }
31 }


 WTSRegisterSessionNotification进行注册以接收WM_WTSSESSION_CHANGE 消息，这个函数只是看到了，自己暂时还没有用到的时候。先把资料放着吧。

https://support.microsoft.com/en-us/help/310153/how-to-write-an-application-that-supports-fast-user-switching-in-windows-xp

转载于:https://www.cnblogs.com/beawesome/p/6473668.html