[Win32utils-devel] Get current process owner (sid)

Daniel Berger djberg96 at gmail.com
Wed Dec 3 20:56:24 EST 2008


Hi,

I'm close, but what I've got doesn't quite match what Win32::Security::SID.new 
returns:

require 'windows/file'
require 'windows/handle'
require 'windows/error'
require 'windows/security'
require 'windows/process'

include Windows::File
include Windows::Handle
include Windows::Error
include Windows::Security
include Windows::Process

token = 0.chr * 4

unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token)
    raise error, get_last_error
end

token = token.unpack('V')[0]
rlength = 0.chr * 4
tu = 0.chr * 512 # TokenUser

bool = GetTokenInformation(
    token,
    TokenUser,
    tu,
    tu.size,
    rlength
)

unless bool
    raise get_last_error
end

p tu.strip

Looks like the first 8 bytes are unwanted. Are these the attributes? If so, why 
are they the first 8 bytes instead of the last 8? I guess I'm confused about how 
to properly unroll a SID_AND_ATTRIBUTES struct.

Regards,

Dan


More information about the win32utils-devel mailing list