WTS 最后输入时间
WTS LastInputTime
我正在尝试检索 CurrentTime 和 LastInputTime 之间的差异并将其与另一个值进行比较。 CurrentTime 正在正确更新,但 LastInputTime 始终是一个常数值,我不知道为什么有时是 0 ,有时是其他常数值。有帮助吗?
void localSessions()
{
while (TRUE)
{
cout << "Risky local logon sessions :" << endl;
DWORD pCount;
PWTS_SESSION_INFO pSessionsInfo=new WTS_SESSION_INFO[MAX_SESSIONS];
WTSEnumerateSessionsA(WTS_CURRENT_SERVER_HANDLE, 0, 1, &pSessionsInfo, &pCount);
DWORD bytes;
for (auto it = 0; it < pCount; it++)
{
WTSINFOEX* ptr;
if (pSessionsInfo[it].State == WTSActive)
{
INT ret = WTSQuerySessionInformationA(WTS_CURRENT_SERVER_HANDLE, pSessionsInfo[it].SessionId, WTSSessionInfoEx, (LPSTR*)&ptr, &bytes);
if (ret != 0)
{
INT ret = Gambit::OS::Environment::GetOSVersion();
INT unlocked = 0, unknown = 0;
LONGLONG last_input = ptr->Data.WTSInfoExLevel1.CurrentTime.QuadPart - ptr->Data.WTSInfoExLevel1.LastInputTime.QuadPart;
cout << last_input << endl;
HANDLE token;
WTSQueryUserToken(pSessionsInfo[it].SessionId, &token);
ImpersonateLoggedOnUser(token);
BOOL active;
SystemParametersInfo(SPI_GETSCREENSAVERRUNNING, 0, &active, 0);
RevertToSelf();
if (!(ret >= 16 && ret <= 19))
{
if ((ptr->Data.WTSInfoExLevel1.SessionFlags & WTS_SESSIONSTATE_UNLOCK) != 0)
{
unlocked = 1;
}
}
else if (ret >= 16 && ret <= 19)
{
if ((ptr->Data.WTSInfoExLevel1.SessionFlags & WTS_SESSIONSTATE_LOCK) != 0)
{
unlocked = 1;
}
}
if (unlocked == 1 && active == FALSE && last_input > 500000000000)
{
cout << "Winstation name : " << ptr->Data.WTSInfoExLevel1.WinStationName << endl;
cout << "UserName name : " << ptr->Data.WTSInfoExLevel1.UserName << endl;
cout << "Domain name : " << ptr->Data.WTSInfoExLevel1.DomainName << endl;
}
cout << endl;
}
}
}
cout << endl << endl;
Sleep(1000);
}
}
LastInputTime 对于 本地会话 为零。
对于远程会话,当最后一次查询LastInputTime后没有用户输入时,它将保持不变。如果有用户输入(如鼠标移动等),LastInputTime 将更新为新时间。
如果您想监控本地会话用户输入时间,您可以使用 GetLastInputInfo。
我正在尝试检索 CurrentTime 和 LastInputTime 之间的差异并将其与另一个值进行比较。 CurrentTime 正在正确更新,但 LastInputTime 始终是一个常数值,我不知道为什么有时是 0 ,有时是其他常数值。有帮助吗?
void localSessions()
{
while (TRUE)
{
cout << "Risky local logon sessions :" << endl;
DWORD pCount;
PWTS_SESSION_INFO pSessionsInfo=new WTS_SESSION_INFO[MAX_SESSIONS];
WTSEnumerateSessionsA(WTS_CURRENT_SERVER_HANDLE, 0, 1, &pSessionsInfo, &pCount);
DWORD bytes;
for (auto it = 0; it < pCount; it++)
{
WTSINFOEX* ptr;
if (pSessionsInfo[it].State == WTSActive)
{
INT ret = WTSQuerySessionInformationA(WTS_CURRENT_SERVER_HANDLE, pSessionsInfo[it].SessionId, WTSSessionInfoEx, (LPSTR*)&ptr, &bytes);
if (ret != 0)
{
INT ret = Gambit::OS::Environment::GetOSVersion();
INT unlocked = 0, unknown = 0;
LONGLONG last_input = ptr->Data.WTSInfoExLevel1.CurrentTime.QuadPart - ptr->Data.WTSInfoExLevel1.LastInputTime.QuadPart;
cout << last_input << endl;
HANDLE token;
WTSQueryUserToken(pSessionsInfo[it].SessionId, &token);
ImpersonateLoggedOnUser(token);
BOOL active;
SystemParametersInfo(SPI_GETSCREENSAVERRUNNING, 0, &active, 0);
RevertToSelf();
if (!(ret >= 16 && ret <= 19))
{
if ((ptr->Data.WTSInfoExLevel1.SessionFlags & WTS_SESSIONSTATE_UNLOCK) != 0)
{
unlocked = 1;
}
}
else if (ret >= 16 && ret <= 19)
{
if ((ptr->Data.WTSInfoExLevel1.SessionFlags & WTS_SESSIONSTATE_LOCK) != 0)
{
unlocked = 1;
}
}
if (unlocked == 1 && active == FALSE && last_input > 500000000000)
{
cout << "Winstation name : " << ptr->Data.WTSInfoExLevel1.WinStationName << endl;
cout << "UserName name : " << ptr->Data.WTSInfoExLevel1.UserName << endl;
cout << "Domain name : " << ptr->Data.WTSInfoExLevel1.DomainName << endl;
}
cout << endl;
}
}
}
cout << endl << endl;
Sleep(1000);
}
}
LastInputTime 对于 本地会话 为零。
对于远程会话,当最后一次查询LastInputTime后没有用户输入时,它将保持不变。如果有用户输入(如鼠标移动等),LastInputTime 将更新为新时间。
如果您想监控本地会话用户输入时间,您可以使用 GetLastInputInfo。