[Win32utils-devel] Get current process owner (sid)
phasis at gmail.com
Wed Dec 3 21:28:21 EST 2008
2008/12/4 Daniel Berger <djberg96 at gmail.com>:
> I'm close, but what I've got doesn't quite match what
> Win32::Security::SID.new returns:
> require 'windows/file'
> require 'windows/handle'
> require 'windows/error'
> require 'windows/security'
> require 'windows/process'
> include Windows::File
> include Windows::Handle
> include Windows::Error
> include Windows::Security
> include Windows::Process
> token = 0.chr * 4
> unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token)
> raise error, get_last_error
> token = token.unpack('V')
> rlength = 0.chr * 4
> tu = 0.chr * 512 # TokenUser
> bool = GetTokenInformation(
> unless bool
> raise get_last_error
> p tu.strip
> Looks like the first 8 bytes are unwanted. Are these the attributes? If so,
> why are they the first 8 bytes instead of the last 8? I guess I'm confused
> about how to properly unroll a SID_AND_ATTRIBUTES struct.
According to the document, the first 4bytes is the pointer of SID and
the second 4bytes are attributes.
In my test with the above code,
[tu].pack('P').unpack('L').first is 50436232
tu[0,4].unpack('L').first is 50436240
rlength.unpack('L').first is 36
The SID is at 50436240 and equal to address of tu
Thus the actual SID is tu[8,(36-8)]
More information about the win32utils-devel