Search the Community

Overview _Security__GetTokenInformation() returns a struct containing raw bytes that represents the requested token information. Take for example, if _Security__GetTokenInformation() called with $iClass parameter is set to $TokenUser, the function returns raw bytes that represents a TOKEN_USER struct, which is defined as follows: typedef struct _TOKEN_USER { SID_AND_ATTRIBUTES User; } TOKEN_USER, *PTOKEN_USER; Subsequently, the SID_AND_ATTRIBUTES struct is defined as follows: typedef struct _SID_AND_ATTRIBUTES {   PSID  Sid;   DWORD Attributes; } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES; Problems Since SID has variable length, I suppose that interpreting the returned bytes as SID_AND_ATTRIBUTES struct won't be easy as usual. Questions Please inspect my GetTokenInfoUser function below. Have I got a correct value of Attributes member of SID_AND_ATTRIBUTES struct? If I have got the correct value, is my approach efficient? #include <Security.au3> #include <WinAPIHObj.au3> #include <Array.au3> Opt("MustDeclareVars", 1) Func GetTokenInfoUser($hToken) Do ; _Security__GetTokenInformation() returns a struct containing bytes that represents the ; requested token information. Local $tRawTokenInfo = _Security__GetTokenInformation($hToken, $TokenUser) If @error Then MsgBox($MB_SYSTEMMODAL, _WinAPI_GetLastError(), "_Security__GetTokenInformation() fails.") ExitLoop EndIf Local $pRawTokenInfo = DllStructGetPtr($tRawTokenInfo) ; Since SID has variable length, I do not know how to interpret the raw bytes as SID_AND_ATTRIBUTES ; struct unless the SID length is known. Local $tagPtrSid = "align 4; PTR Sid" Local $tPtrSid = DllStructCreate($tagPtrSid, $pRawTokenInfo) Local $pSid = DllStructGetData($tPtrSid, 1) If Not _Security__IsValidSid($pSid) Then ; Just to make sure $pSid is a pointer to a valid SID MsgBox($MB_SYSTEMMODAL, "", "The SID is invalid.") ExitLoop EndIf Local $iSidBytesLen = _Security__GetLengthSid($pSid) ; The length of the binary SID, in bytes ; After the SID length is known, the raw bytes are interpreted as SID_AND_ATTRIBUTES struct Local $tagSID_AND_ATTRIBUTES = "align 4; PTR Sid; BYTE[" & $iSidBytesLen & "]; ULONG Attributes" Local $tSID_AND_ATTRIBUTES = DllStructCreate($tagSID_AND_ATTRIBUTES, $pRawTokenInfo) ; Return the results Local $avResults[2] $avResults[0] = $pSid $avResults[1] = DllStructGetData($tSID_AND_ATTRIBUTES, "Attributes") Return $avResults Until False Return SetError(1, 0, 0) EndFunc ; GetTokenInfoUser Func Main() Do Local $hToken = _Security__OpenProcessToken(_WinAPI_GetCurrentProcess(), $TOKEN_QUERY) If Not $hToken Then MsgBox($MB_SYSTEMMODAL, _WinAPI_GetLastError(), "_Security__OpenProcessToken() fails.") ExitLoop EndIf Local $avResults = GetTokenInfoUser($hToken) If @error Then ExitLoop _ArrayDisplay($avResults) ; Display the results of GetTokenInfoUser() If $hToken Then _WinAPI_CloseHandle($hToken) Return Until False If $hToken Then _WinAPI_CloseHandle($hToken) EndFunc ; Main Main() Thanks in advance.