Jump to content

Autoit doesnt always return same results

kanishk619
 Share

Recommended Posts

kanishk619 Seeker

kanishk619

Posted
Posted

The following code contains 2 functions to achieve the same results, although function2 works fine whereas function1 returns different results 

;#include <Array.au3>
#include <security.au3>
#include <WinAPI.au3>
#include <ProcessConstants.au3>

Global Const $TOKEN_MAXIMUM_ALLOWED = 0x02000000

Func _GetTokenPSid($hToken)
    Local $aCall = DllStructGetData(_Security__GetTokenInformation($hToken, $TOKENUSER), 1)
    $tempPtr = DllStructCreate("PTR")
    $ptrSize = DllStructGetSize($tempPtr)
    $rawSid = BinaryMid($aCall, $ptrSize * 2 + 1, BinaryLen($aCall))
    $mem = DllStructCreate("byte Attributes[" & BinaryLen($rawSid) & "]")
    DllStructSetData($mem, "Attributes", $rawSid)
    $pSid = DllStructGetPtr($mem)
    Return $pSid
EndFunc   ;==>_GetTokenPSid



Func _GetTokenUser1($hToken)
    $pSid = _GetTokenPSid($hToken)
    Local $aCall = DllCall("advapi32.dll", "bool", "LookupAccountSidW", "ptr", "", "ptr", $pSid, "wstr", "", "dword*", 65536, "wstr", "", "dword*", 65536, "int*", 0)
    If IsArray($aCall) Then
        Return $aCall[5] & "\" & $aCall[3]
    Else
        Return ""
    EndIf
EndFunc   ;==>_GetTokenUser


Func _GetTokenUser2($hToken)
    Local $aCall = DllStructGetData(_Security__GetTokenInformation($hToken, $TOKENUSER), 1)
    $tempPtr = DllStructCreate("PTR")
    $ptrSize = DllStructGetSize($tempPtr)
    $rawSid = BinaryMid($aCall, $ptrSize * 2 + 1, BinaryLen($aCall))
    $mem = DllStructCreate("byte Attributes[" & BinaryLen($rawSid) & "]")
    DllStructSetData($mem, "Attributes", $rawSid)
    $pSid = DllStructGetPtr($mem)
    Local $bCall = DllCall("advapi32.dll", "bool", "LookupAccountSidW", "ptr", "", "ptr", $pSID, "wstr", "", "dword*", 65536, "wstr", "", "dword*", 65536, "int*", 0)
    If IsArray($bCall) Then
        Return $bCall[5] & "\" & $bCall[3]
    Else
        Return ""
    EndIf
EndFunc


Func _ProcessTokenInfo($pid)
    $hToken = _Security__OpenProcessToken(_WinAPI_OpenProcess($TOKEN_MAXIMUM_ALLOWED, 0, $pid), $TOKEN_QUERY)
    If Not $hToken Then
        $hToken = _Security__OpenProcessToken(_WinAPI_OpenProcess($PROCESS_QUERY_LIMITED_INFORMATION, 0, $pid), $TOKEN_QUERY)
    EndIf
    ConsoleWrite("GetTokenUser1 : " & _GetTokenUser1($hToken) & @CRLF)
    ConsoleWrite("GetTokenUser2 : " & _GetTokenUser2($hToken) & @CRLF)
    ConsoleWrite(@CRLF)
    _WinAPI_CloseHandle($hToken)
    Return
EndFunc   ;==>_ProcessTokenInfo


For $i = 1 To 10
    _ProcessTokenInfo(856)
Next

Below are the results

Quote

GetTokenUser1 : \
GetTokenUser2 : Test-PC\Test

GetTokenUser1 : \
GetTokenUser2 : Test-PC\Test

GetTokenUser1 : \
GetTokenUser2 : Test-PC\Test

GetTokenUser1 : \
GetTokenUser2 : Test-PC\Test

GetTokenUser1 : Test-PC\Test
GetTokenUser2 : Test-PC\Test

GetTokenUser1 : \
GetTokenUser2 : Test-PC\Test

GetTokenUser1 : \
GetTokenUser2 : Test-PC\Test

GetTokenUser1 : \
GetTokenUser2 : Test-PC\Test

GetTokenUser1 : \
GetTokenUser2 : Test-PC\Test

GetTokenUser1 : Test-PC\Test
GetTokenUser2 : Test-PC\Test

Am I doing something wrong here ?

Link to comment
Share on other sites
kanishk619 Seeker

kanishk619

Posted
  • Author
Posted (edited)

Thanks for pointing out the mistake, I have made the below changes 

Func _GetTokenPSid($hToken)
    Local $aCall = DllStructGetData(_Security__GetTokenInformation($hToken, $TOKENUSER), 1)
    $tempPtr = DllStructCreate("PTR")
    $ptrSize = DllStructGetSize($tempPtr)
    $rawSid = BinaryMid($aCall, $ptrSize * 2 + 1, BinaryLen($aCall))
    $tBuffer = DllStructCreate("byte Attributes[" & BinaryLen($rawSid) & "]")
    DllStructSetData($tBuffer, "Attributes", $rawSid)
    Return $tBuffer
EndFunc   ;==>_GetTokenPSid

Func _GetTokenUser1($hToken)
    $aCall = _GetTokenPSid($hToken)
    $pSid =  DllStructGetPtr($aCall)
    $aCall = _Security__LookupAccountSid($pSID)
    If IsArray($aCall) Then
        Return $aCall[1] & "\" & $aCall[0]
    Else
        Return ""
    EndIf
EndFunc   ;==>_GetTokenUser

The above works,  but I'm not sure why the below code doesn't (I mostly use python hence m trying to figure out why this shouldn't work). 

Func _GetTokenUser1($hToken)
    $aCall = _Security__LookupAccountSid(DllStructGetPtr(_GetTokenPSid($hToken))
    ConsoleWrite(DllStructGetPtr(_GetTokenPSid($hToken)) & " , " &  DllStructGetData(_GetTokenPSid($hToken),1) & @CRLF)
    If IsArray($aCall) Then
        Return $aCall[1] & "\" & $aCall[0] & @CRLF
    Else
        Return ""
    EndIf
EndFunc   ;==>_GetTokenUser

Output 
 

Quote

0x0000006B85EB4340 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000
GetTokenUser1 : Test-PC\Test
GetTokenUser2 : Test-PC\Test

0x0000006B85EB47F0 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000
GetTokenUser1 : 
GetTokenUser2 : Test-PC\Test

0x0000006B85EB4370 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000
GetTokenUser1 : 
GetTokenUser2 : Test-PC\Test

0x0000006B85EB4BB0 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000
GetTokenUser1 : 
GetTokenUser2 : Test-PC\Test

0x0000006B85EB4400 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000
GetTokenUser1 : 
GetTokenUser2 : Test-PC\Test

0x0000006B85EB4BB0 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000
GetTokenUser1 : 
GetTokenUser2 : Test-PC\Test

0x0000006B85EB45E0 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000
GetTokenUser1 : 
GetTokenUser2 : Test-PC\Test

0x0000006B85EB44C0 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000
GetTokenUser1 : 
GetTokenUser2 : Test-PC\Test

0x0000006B85EB4880 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000
GetTokenUser1 : 
GetTokenUser2 : Test-PC\Test

0x0000006B85EB4C40 , 0x010500000000000515000000AE9CF4E5A3A1353347837BC4E9030000
GetTokenUser1 : 
GetTokenUser2 : Test-PC\Test


The buffer is always the same, is it always required to assign function calls to variables?

Edited by kanishk619
Link to comment
Share on other sites
trancexx Universalist

trancexx

Posted
Posted
1 hour ago, kanishk619 said:

Thanks for pointing out the mistake, I have made the below changes 

Func _GetTokenPSid($hToken)
    Local $aCall = DllStructGetData(_Security__GetTokenInformation($hToken, $TOKENUSER), 1)
    $tempPtr = DllStructCreate("PTR")
    $ptrSize = DllStructGetSize($tempPtr)
    $rawSid = BinaryMid($aCall, $ptrSize * 2 + 1, BinaryLen($aCall))
    $tBuffer = DllStructCreate("byte Attributes[" & BinaryLen($rawSid) & "]")
    DllStructSetData($tBuffer, "Attributes", $rawSid)
    Return $tBuffer
EndFunc   ;==>_GetTokenPSid

Func _GetTokenUser1($hToken)
    $aCall = _GetTokenPSid($hToken)
    $pSid =  DllStructGetPtr($aCall)
    $aCall = _Security__LookupAccountSid($pSID)
    If IsArray($aCall) Then
        Return $aCall[1] & "\" & $aCall[0]
    Else
        Return ""
    EndIf
EndFunc   ;==>_GetTokenUser

The above works,  but I'm not sure why the below code doesn't (I mostly use python hence m trying to figure out why this shouldn't work). 

Func _GetTokenUser1($hToken)
    $aCall = _Security__LookupAccountSid(DllStructGetPtr(_GetTokenPSid($hToken))
    ConsoleWrite(DllStructGetPtr(_GetTokenPSid($hToken)) & " , " &  DllStructGetData(_GetTokenPSid($hToken),1) & @CRLF)
    If IsArray($aCall) Then
        Return $aCall[1] & "\" & $aCall[0] & @CRLF
    Else
        Return ""
    EndIf
EndFunc   ;==>_GetTokenUser

Output 
 


The buffer is always the same, is it always required to assign function calls to variables?

No, of course not. Preferable way is to use function calls over assigning the result to variable.
However, it really depends what the function returns. In your case the returned value is dllstruct. That struct (if not assigned to variable) exists only while that segment of code is executed.

It's really not complicated, and very much logical.

♡♡♡

.

eMyvnE

Link to comment
Share on other sites
czardas Universalist

czardas

Posted
Posted (edited)
2 hours ago, trancexx said:

Preferable way is to use function calls over assigning the result to variable.

I believe I'm guilty of not following this logical advice. Having said that, I did some performance tests a while ago and as expected - you are right. :) Again.

Edited by czardas

operator64  ArrayWorkshop

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...