kanishk619 Posted March 11, 2017 Posted March 11, 2017 The following code contains 2 functions to achieve the same results, although function2 works fine whereas function1 returns different results expandcollapse popup;#include <Array.au3> #include <security.au3> #include <WinAPI.au3> #include <ProcessConstants.au3> Global Const $TOKEN_MAXIMUM_ALLOWED = 0x02000000 Func _GetTokenPSid($hToken) Local $aCall = DllStructGetData(_Security__GetTokenInformation($hToken, $TOKENUSER), 1) $tempPtr = DllStructCreate("PTR") $ptrSize = DllStructGetSize($tempPtr) $rawSid = BinaryMid($aCall, $ptrSize * 2 + 1, BinaryLen($aCall)) $mem = DllStructCreate("byte Attributes[" & BinaryLen($rawSid) & "]") DllStructSetData($mem, "Attributes", $rawSid) $pSid = DllStructGetPtr($mem) Return $pSid EndFunc ;==>_GetTokenPSid Func _GetTokenUser1($hToken) $pSid = _GetTokenPSid($hToken) Local $aCall = DllCall("advapi32.dll", "bool", "LookupAccountSidW", "ptr", "", "ptr", $pSid, "wstr", "", "dword*", 65536, "wstr", "", "dword*", 65536, "int*", 0) If IsArray($aCall) Then Return $aCall[5] & "\" & $aCall[3] Else Return "" EndIf EndFunc ;==>_GetTokenUser Func _GetTokenUser2($hToken) Local $aCall = DllStructGetData(_Security__GetTokenInformation($hToken, $TOKENUSER), 1) $tempPtr = DllStructCreate("PTR") $ptrSize = DllStructGetSize($tempPtr) $rawSid = BinaryMid($aCall, $ptrSize * 2 + 1, BinaryLen($aCall)) $mem = DllStructCreate("byte Attributes[" & BinaryLen($rawSid) & "]") DllStructSetData($mem, "Attributes", $rawSid) $pSid = DllStructGetPtr($mem) Local $bCall = DllCall("advapi32.dll", "bool", "LookupAccountSidW", "ptr", "", "ptr", $pSID, "wstr", "", "dword*", 65536, "wstr", "", "dword*", 65536, "int*", 0) If IsArray($bCall) Then Return $bCall[5] & "\" & $bCall[3] Else Return "" EndIf EndFunc Func _ProcessTokenInfo($pid) $hToken = _Security__OpenProcessToken(_WinAPI_OpenProcess($TOKEN_MAXIMUM_ALLOWED, 0, $pid), $TOKEN_QUERY) If Not $hToken Then $hToken = _Security__OpenProcessToken(_WinAPI_OpenProcess($PROCESS_QUERY_LIMITED_INFORMATION, 0, $pid), $TOKEN_QUERY) EndIf ConsoleWrite("GetTokenUser1 : " & _GetTokenUser1($hToken) & @CRLF) ConsoleWrite("GetTokenUser2 : " & _GetTokenUser2($hToken) & @CRLF) ConsoleWrite(@CRLF) _WinAPI_CloseHandle($hToken) Return EndFunc ;==>_ProcessTokenInfo For $i = 1 To 10 _ProcessTokenInfo(856) Next Below are the results Quote GetTokenUser1 : \ GetTokenUser2 : Test-PC\Test GetTokenUser1 : \ GetTokenUser2 : Test-PC\Test GetTokenUser1 : \ GetTokenUser2 : Test-PC\Test GetTokenUser1 : \ GetTokenUser2 : Test-PC\Test GetTokenUser1 : Test-PC\Test GetTokenUser2 : Test-PC\Test GetTokenUser1 : \ GetTokenUser2 : Test-PC\Test GetTokenUser1 : \ GetTokenUser2 : Test-PC\Test GetTokenUser1 : \ GetTokenUser2 : Test-PC\Test GetTokenUser1 : \ GetTokenUser2 : Test-PC\Test GetTokenUser1 : Test-PC\Test GetTokenUser2 : Test-PC\Test Am I doing something wrong here ?
trancexx Posted March 12, 2017 Posted March 12, 2017 Yes you are. First one is wrong because the structure you create inside _GetTokenPSid gets destroyed before used. Then you use pointer to it in _GetTokenUser1. Pointer to lost space. You're lucky if it don't crash. kanishk619 and mLipok 2 ♡♡♡ . eMyvnE
kanishk619 Posted March 12, 2017 Author Posted March 12, 2017 (edited) Thanks for pointing out the mistake, I have made the below changes Func _GetTokenPSid($hToken) Local $aCall = DllStructGetData(_Security__GetTokenInformation($hToken, $TOKENUSER), 1) $tempPtr = DllStructCreate("PTR") $ptrSize = DllStructGetSize($tempPtr) $rawSid = BinaryMid($aCall, $ptrSize * 2 + 1, BinaryLen($aCall)) $tBuffer = DllStructCreate("byte Attributes[" & BinaryLen($rawSid) & "]") DllStructSetData($tBuffer, "Attributes", $rawSid) Return $tBuffer EndFunc ;==>_GetTokenPSid Func _GetTokenUser1($hToken) $aCall = _GetTokenPSid($hToken) $pSid = DllStructGetPtr($aCall) $aCall = _Security__LookupAccountSid($pSID) If IsArray($aCall) Then Return $aCall[1] & "\" & $aCall[0] Else Return "" EndIf EndFunc ;==>_GetTokenUser The above works, but I'm not sure why the below code doesn't (I mostly use python hence m trying to figure out why this shouldn't work). Func _GetTokenUser1($hToken) $aCall = _Security__LookupAccountSid(DllStructGetPtr(_GetTokenPSid($hToken)) ConsoleWrite(DllStructGetPtr(_GetTokenPSid($hToken)) & " , " & DllStructGetData(_GetTokenPSid($hToken),1) & @CRLF) If IsArray($aCall) Then Return $aCall[1] & "\" & $aCall[0] & @CRLF Else Return "" EndIf EndFunc ;==>_GetTokenUser Output Quote 0x0000006B85EB4340 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000 GetTokenUser1 : Test-PC\Test GetTokenUser2 : Test-PC\Test 0x0000006B85EB47F0 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000 GetTokenUser1 : GetTokenUser2 : Test-PC\Test 0x0000006B85EB4370 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000 GetTokenUser1 : GetTokenUser2 : Test-PC\Test 0x0000006B85EB4BB0 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000 GetTokenUser1 : GetTokenUser2 : Test-PC\Test 0x0000006B85EB4400 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000 GetTokenUser1 : GetTokenUser2 : Test-PC\Test 0x0000006B85EB4BB0 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000 GetTokenUser1 : GetTokenUser2 : Test-PC\Test 0x0000006B85EB45E0 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000 GetTokenUser1 : GetTokenUser2 : Test-PC\Test 0x0000006B85EB44C0 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000 GetTokenUser1 : GetTokenUser2 : Test-PC\Test 0x0000006B85EB4880 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000 GetTokenUser1 : GetTokenUser2 : Test-PC\Test 0x0000006B85EB4C40 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000 GetTokenUser1 : GetTokenUser2 : Test-PC\Test The buffer is always the same, is it always required to assign function calls to variables? Edited March 12, 2017 by kanishk619
trancexx Posted March 12, 2017 Posted March 12, 2017 1 hour ago, kanishk619 said: Thanks for pointing out the mistake, I have made the below changes Func _GetTokenPSid($hToken) Local $aCall = DllStructGetData(_Security__GetTokenInformation($hToken, $TOKENUSER), 1) $tempPtr = DllStructCreate("PTR") $ptrSize = DllStructGetSize($tempPtr) $rawSid = BinaryMid($aCall, $ptrSize * 2 + 1, BinaryLen($aCall)) $tBuffer = DllStructCreate("byte Attributes[" & BinaryLen($rawSid) & "]") DllStructSetData($tBuffer, "Attributes", $rawSid) Return $tBuffer EndFunc ;==>_GetTokenPSid Func _GetTokenUser1($hToken) $aCall = _GetTokenPSid($hToken) $pSid = DllStructGetPtr($aCall) $aCall = _Security__LookupAccountSid($pSID) If IsArray($aCall) Then Return $aCall[1] & "\" & $aCall[0] Else Return "" EndIf EndFunc ;==>_GetTokenUser The above works, but I'm not sure why the below code doesn't (I mostly use python hence m trying to figure out why this shouldn't work). Func _GetTokenUser1($hToken) $aCall = _Security__LookupAccountSid(DllStructGetPtr(_GetTokenPSid($hToken)) ConsoleWrite(DllStructGetPtr(_GetTokenPSid($hToken)) & " , " & DllStructGetData(_GetTokenPSid($hToken),1) & @CRLF) If IsArray($aCall) Then Return $aCall[1] & "\" & $aCall[0] & @CRLF Else Return "" EndIf EndFunc ;==>_GetTokenUser Output The buffer is always the same, is it always required to assign function calls to variables? No, of course not. Preferable way is to use function calls over assigning the result to variable. However, it really depends what the function returns. In your case the returned value is dllstruct. That struct (if not assigned to variable) exists only while that segment of code is executed. It's really not complicated, and very much logical. czardas and kanishk619 2 ♡♡♡ . eMyvnE
czardas Posted March 12, 2017 Posted March 12, 2017 (edited) 2 hours ago, trancexx said: Preferable way is to use function calls over assigning the result to variable. I believe I'm guilty of not following this logical advice. Having said that, I did some performance tests a while ago and as expected - you are right. Again. Edited March 12, 2017 by czardas operator64 ArrayWorkshop
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now