TokenInfor 1.1 使用说明

                    ----



    用过whoami吧,这个TokenInfor比它的功能查强一些,它是查看指定进程的用户信息和访问令牌信息。本版的TokenInfor管理员可以查看普通用户进程的信息,而pulist则不能。


使用方法:

D:\>E:\projects\tinfor\lcc\tinfor.exe /?
TokenInfor 1.1 Tell Token Infor and Owner Infor of Specify Process
By bingle@email.com.cn of Red&black
Welcome to http://www.red8black.com

Usage : E:\projects\tinfor\lcc\tinfor.exe [pid]
pid -- ID of target process, if not provide, use current process
-?|/? -- show this.

如果没有指定进程ID就查询当前进程,也就是tinfor自己了,就和whoami /all一样了。

 

示例:

D:\>E:\projects\tinfor\lcc\tinfor.exe 1156

TokenInfor 1.1, By Bingle
http://www.red8black.com

Impersonate As System OK. Run As SYSTEM
Token Information of Process ID = 1156.

User Name : lihsh\lihsh S-1-5-21-1292428093-746137067-1060284298-1026

Belong to 5 groups
[group 0] "lihsh\None" S-1-5-21-1292428093-746137067-1060284298-513
[group 1] "\Everyone" S-1-1-0
[group 2] "BUILTIN\Users" S-1-5-32-545
[group 3] "NT AUTHORITY\INTERACTIVE" S-1-5-4
[group 4] "NT AUTHORITY\Authenticated Users" S-1-5-11

Have 3 Privileges
[Privilege 0] SeChangeNotifyPrivilege - 跳过遍历检查
[Privilege 1] SeShutdownPrivilege - 关闭系统
[Privilege 2] SeUndockPrivilege - 从插接工作站中取出计算机

Token Type : Primary Token
Token source : seclogon



如果在使用中遇到问题,请与作者联系: