Jump to content
Sign in to follow this  

dll noob - advapi32 and winsafer

Recommended Posts


I looked all over for this, found a few samples regarding advapi32, but none for safer.

I don't do many dll calls. I have managed to stumble through a few, both in autoit as well as vb. I understand only basic c, but the syntax really throws me. Can anyone help explain a few things.

There is a function

BOOL WINAPI SaferCreateLevel(
  __in      DWORD dwScopeId,
  __in      DWORD dwLevelId,
  __in      DWORD OpenFlags,
  __out    SAFER_LEVEL_HANDLE *pLevelHandle,
  __reserved  LPVOID lpReserved

Where I have used this


$bool = DllCall('Advapi32.dll','int', 'SaferCreateLevel', _
    'dword',$SAFER_SCOPEID_USER, _
    'dword',0, _

Now I have 2 questions on this. Is the parameter _reserved omitted from the call?

The *pLevelHandle, I have seen is a type ptr*. An example value would be


So that for the 'ptr*' parameter in the call, would be &hAuthzLevel.

But looking up SAFER_LEVEL_HANDLE in winsafer.h shows this

// Opaque datatype for representing handles to Safer objects.


What is this exactly? Just a blank variable? An address in memory to put the output of the fucntion to? Is using ptr* correct?

Next is another similar function

BOOL WINAPI SaferComputeTokenFromLevel(
      __in       SAFER_LEVEL_HANDLE LevelHandle,
      __in_opt   HANDLE InAccessToken,
      __out     PHANDLE OutAccessToken,
      __in       DWORD dwFlags,
      __inout_opt  LPVOID lpReserved

Where it might be

$bool = DllCall('advapi32.dll','int','SaferComputeTokenFromLevel', _
    "ptr*",$SAFER_LEVEL_HANDLE, _
        "ptr",hAuthzLevel, _
        "ptr*"&hToken, _
        "dword",0, _
        "null","", _

Again, I don't understand. An example would be


But what is the output? The function return a boolean, no? Yet the _out parameter is PHANDLE OutAccessToken. Is this _out placing the PHANDLE somewhere, yet the boolean is still returned for the function to declare if this was achieved?

And in this call, the $SAFER_LEVEL_HANDLE is used again.

I know this might be basic, and I have read over many articles at MSDN and other places. It is confusing though when converting to autoit.

Can anyone explain this? I learn best by struggling through things. But, I need help to understand some of this.

Thank you.

Share this post

Link to post
Share on other sites

Best attempt-



Share this post

Link to post
Share on other sites

Thank you. I will build off of that. I am thinking now I might as well play with things a little more in c, then I can ask for more specific information.

Share this post

Link to post
Share on other sites

Like this for example:


;Open handle
$a_iCall = DllCall("advapi32.dll", "int", "SaferCreateLevel", _
        "dword", $SAFER_SCOPEID_USER, _
        "dword", $SAFER_LEVELID_NORMALUSER, _
        "dword", $SAFER_LEVEL_OPEN, _
        "hwnd*", 0, _
        "ptr", 0)

If @error Or Not $a_iCall[0] Then
    ConsoleWrite("Failure opening handle occured!" & @CRLF)

$hHandle = $a_iCall[4]

ConsoleWrite("SAFER_LEVEL_HANDLE = " & $hHandle & @CRLF)

;Close handle
$a_iCall = DllCall("advapi32.dll", "int", "SaferCloseLevel", _
        "hwnd", $hHandle)

If @error Or Not $a_iCall[0] Then
    ConsoleWrite("Failure closing handle occured!" & @CRLF)

ConsoleWrite("Handle succesfully closed" & @CRLF)




Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.