spudw2k Posted December 25, 2017 Share Posted December 25, 2017 (edited) Recently I was using csvde to execute some LDAP queries on a domain controller to create some reports. I noticed that when I queried the objectSID, it was returned (output) in binary format instead of the S-#-#-##-### (string) format I needed to compare with. I found there was a function I could use in the Security.au3 UDF to convert the SID Binary value to the SID String format; however, the example in the help file collected the SID binary value by using another function to lookup an AD object by name. Since I already had the SID, this "step" was erroneous to me, but I was still required to do some work to make the _Security__SidToStringSid function accept my binary values--namely creating and populating a DLLStruct before using as a parameter for the SidToSTringSid function. Below is a small illustration of what I did. It wasn't particularly complicated or difficult, but may provide some insight to folks who don't mess/work with DLLStructs much. Also, my "real" script utilized a lengthy CSV report and parsed it to replace the binary values with the SID strings. I just wanted to share this snippet. #include <security.au3> msgbox(0,"Builtin\Users",_SIDBinaryToStr("01020000000000052000000021020000")) msgbox(0,"Builtin\Guests",_SIDBinaryToStr("01020000000000052000000022020000")) msgbox(0,"Domain Users",_SIDBinaryToStr("010500000000000515000000e2ef6c5193efdefff2b6dd4401020000")) Func _SIDBinaryToStr($hSID) Local $tSID = DllStructCreate("byte SID") DllStructSetData($tSID, "SID", Binary("0x" & $hSID)) Local $sStringSID = _Security__SidToStringSid($tSID) Return $sStringSID EndFunc Edited December 25, 2017 by spudw2k Earthshine 1 Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now