标题: 在PowerShell脚本中调用Win32 API

创建: 2019-07-01 17:42
链接: https://scz.617.cn/windows/201907011742.txt

这是张云海写的示例，在PowerShell脚本中调用Win32 API，用PowerShell脚本获取
指定用户所属组。

--------------------------------------------------------------------------
Add-Type -TypeDefinition @"
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;

[StructLayout(LayoutKind.Sequential)]
public struct GROUP_USERS_INFO_0
{
    public IntPtr grui1_name;
}

public static class Netapi32
{
    [DllImport("Netapi32.dll")]
    public static extern int NetUserGetLocalGroups
    (
        IntPtr      servername,
        [MarshalAs(UnmanagedType.LPWStr)]string username,
        int         level,
        int         flags,
        ref IntPtr  bufptr,
        int         prefmaxlen,
        ref int     entriesread,
        ref int     totalentries
    );
}
"@

$bufptr         = New-Object IntPtr
$entriesread    = New-Object Int
$totalentries   = New-Object Int
$status         = [Netapi32]::NetUserGetLocalGroups(
    0,
    "Guest",
    0,
    1,
    [ref]$bufptr,
    -1,
    [ref]$entriesread,
    [ref]$totalentries
)

$tmpobj     = New-Object GROUP_USERS_INFO_0
$type       = $tmpobj.GetType()
$typesize   = [System.Runtime.InteropServices.Marshal]::SizeOf( [System.Type]$type )

for ( $i=0; $i -lt $entriesread; $i++ )
{
    $bufptr = New-Object IntPtr( $bufptr.ToInt64() + $i * $typesize )
    $info   = [System.Runtime.InteropServices.Marshal]::PtrToStructure( $bufptr, [System.Type]$type )
    [System.Runtime.InteropServices.Marshal]::PtrToStringAuto( $info.grui1_name )
}
--------------------------------------------------------------------------

$ powershell -ExecutionPolicy ByPass -File NetUserGetLocalGroups.ps1
Guests

本例显示Guest帐号属于Guests组。