您的代码没有为 LookupAccountName() 返回的 SID 提供适当大小的缓冲区.这会导致堆栈损坏和未定义的行为，这可能可以解释为什么您没有获得预期的 SID.(虽然我更怀疑您实际上传递了错误的用户名，或者格式不正确的用户名.)

Your code doesn't provide a properly-sized buffer for the SID returned by LookupAccountName(). This results in stack corruption and undefined behaviour, which might conceivably explain why you're not getting the SID you were expecting. (Although I rather suspect that you're actually passing in the wrong username, or an improperly formatted username.)

无论如何，为了解决最明显的问题，代码应该看起来更像这样:

Anyway, to fix the most obvious problem, the code should look more like this:

#include <Windows.h>
#include <Sddl.h>

#include <stdio.h>

int main(int argc, char ** argv)
{
    LPCTSTR wszAccName = TEXT("domainname\\username");
    LPTSTR wszDomainName = (LPTSTR)GlobalAlloc(GPTR, sizeof(TCHAR) * 1024);
    DWORD cchDomainName = 1024;
    SID_NAME_USE eSidType;
    LPTSTR sidstring;
    char sid_buffer[1024];
    DWORD cbSid = 1024;
    SID * sid = (SID *)sid_buffer;

    if (!LookupAccountName(NULL, wszAccName, sid_buffer, &cbSid, wszDomainName, &cchDomainName, &eSidType)) {
        return GetLastError();
    }

    if (!ConvertSidToStringSid(sid, &sidstring)) {
        return GetLastError();
    }

    printf("%ws\n", sidstring);
    return 0;

}

当然，这仍然不是正确的做法；您应该调用 LookupAccountName() 两次，一次确定缓冲区长度，然后第二次检索实际信息.但它表明您做错了什么，并且足以用于测试目的.

That's still not the correct way to do it, of course; you are supposed to call LookupAccountName() twice, once to determine the buffer length and then a second time to retrieve the actual information. But it demonstrates what you've done wrong, and is good enough for testing purposes.