📄 contman.c
字号:
// UINT x;
BOOL bSuccess;
BOOL fRet = FALSE;
*pfIsLocalSystem = FALSE;
if (TRUE == OpenThreadToken(
GetCurrentThread(),
MAXIMUM_ALLOWED,
TRUE,
&hThreadToken))
{
// impersonation is going on need to save handle
RevertToSelf();
}
if (FALSE == OpenProcessToken(
GetCurrentProcess(),
TOKEN_QUERY,
&hToken
))
goto Ret;
if (NULL != hThreadToken)
{
// put the impersonation token back
if (FALSE == SetThreadToken(
NULL,
hThreadToken))
{
goto Ret;
}
}
bSuccess = GetTokenInformation(
hToken,
TokenUser,
pTokenUser,
dwInfoBufferSize,
&dwInfoBufferSize
);
//
// if fast buffer wasn't big enough, allocate enough storage
// and try again.
//
if(!bSuccess && GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
SlowBuffer = (PTOKEN_USER)HeapAlloc(GetProcessHeap(), 0, dwInfoBufferSize);
if(SlowBuffer != NULL) {
pTokenUser = SlowBuffer;
bSuccess = GetTokenInformation(
hToken,
TokenUser,
pTokenUser,
dwInfoBufferSize,
&dwInfoBufferSize
);
if(!bSuccess) {
HeapFree(GetProcessHeap(), 0, SlowBuffer);
SlowBuffer = NULL;
}
}
}
if(!bSuccess)
goto Ret;
if (FALSE == AllocateAndInitializeSid(
&siaNtAuthority,
1,
SECURITY_LOCAL_SYSTEM_RID,
0, 0, 0, 0, 0, 0, 0,
&psidLocalSystem
))
goto Ret;
if (EqualSid(psidLocalSystem, pTokenUser->User.Sid))
{
*pfIsLocalSystem = TRUE;
}
fRet = TRUE;
Ret:
if(SlowBuffer)
HeapFree(GetProcessHeap(), 0, SlowBuffer);
if(psidLocalSystem)
FreeSid(psidLocalSystem);
if (hThreadToken)
CloseHandle(hThreadToken);
if (hToken)
CloseHandle(hToken);
return fRet;
}
BOOL
IsThreadLocalSystem(
BOOL *pfIsLocalSystem
)
/*++
This function determines if the user associated with the
specified token is the Local System account.
--*/
{
HANDLE hToken = 0;
UCHAR InfoBuffer[1024];
DWORD dwInfoBufferSize = sizeof(InfoBuffer);
PTOKEN_USER SlowBuffer = NULL;
PTOKEN_USER pTokenUser = (PTOKEN_USER)InfoBuffer;
PSID psidLocalSystem = NULL;
SID_IDENTIFIER_AUTHORITY siaNtAuthority = SECURITY_NT_AUTHORITY;
// UINT x;
BOOL bSuccess;
BOOL fRet = FALSE;
*pfIsLocalSystem = FALSE;
if (FALSE == OpenThreadToken(
GetCurrentThread(),
TOKEN_QUERY,
TRUE,
&hToken))
{
if (ERROR_NO_TOKEN != GetLastError())
goto Ret;
if (FALSE == OpenProcessToken(
GetCurrentProcess(),
TOKEN_QUERY,
&hToken
))
goto Ret;
}
bSuccess = GetTokenInformation(
hToken,
TokenUser,
pTokenUser,
dwInfoBufferSize,
&dwInfoBufferSize
);
//
// if fast buffer wasn't big enough, allocate enough storage
// and try again.
//
if(!bSuccess && GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
SlowBuffer = (PTOKEN_USER)HeapAlloc(GetProcessHeap(), 0, dwInfoBufferSize);
if(SlowBuffer != NULL) {
pTokenUser = SlowBuffer;
bSuccess = GetTokenInformation(
hToken,
TokenUser,
pTokenUser,
dwInfoBufferSize,
&dwInfoBufferSize
);
if(!bSuccess) {
HeapFree(GetProcessHeap(), 0, SlowBuffer);
SlowBuffer = NULL;
}
}
}
if(!bSuccess)
goto Ret;
if (FALSE == AllocateAndInitializeSid(
&siaNtAuthority,
1,
SECURITY_LOCAL_SYSTEM_RID,
0, 0, 0, 0, 0, 0, 0,
&psidLocalSystem
))
goto Ret;
if (EqualSid(psidLocalSystem, pTokenUser->User.Sid))
{
*pfIsLocalSystem = TRUE;
}
fRet = TRUE;
Ret:
if(SlowBuffer)
HeapFree(GetProcessHeap(), 0, SlowBuffer);
if(psidLocalSystem)
FreeSid(psidLocalSystem);
if (hToken)
CloseHandle(hToken);
return fRet;
}
BOOL
GetTextualSidA(
PSID pSid, // binary Sid
LPSTR TextualSid, // buffer for Textual representaion of Sid
LPDWORD dwBufferLen // required/provided TextualSid buffersize
)
{
PSID_IDENTIFIER_AUTHORITY psia;
DWORD dwSubAuthorities;
DWORD dwCounter;
DWORD dwSidSize;
if(!IsValidSid(pSid)) return FALSE;
// obtain SidIdentifierAuthority
psia = GetSidIdentifierAuthority(pSid);
// obtain sidsubauthority count
dwSubAuthorities = *GetSidSubAuthorityCount(pSid);
//
// compute buffer length (conservative guess)
// S-SID_REVISION- + identifierauthority- + subauthorities- + NULL
//
dwSidSize=(15 + 12 + (12 * dwSubAuthorities) + 1) * sizeof(WCHAR);
//
// check provided buffer length.
// If not large enough, indicate proper size and setlasterror
//
if(*dwBufferLen < dwSidSize) {
*dwBufferLen = dwSidSize;
SetLastError(ERROR_INSUFFICIENT_BUFFER);
return FALSE;
}
//
// prepare S-SID_REVISION-
//
dwSidSize = wsprintfA(TextualSid, "S-%lu-", SID_REVISION );
//
// prepare SidIdentifierAuthority
//
if ( (psia->Value[0] != 0) || (psia->Value[1] != 0) ) {
dwSidSize += wsprintfA(TextualSid + dwSidSize,
"0x%02hx%02hx%02hx%02hx%02hx%02hx",
(USHORT)psia->Value[0],
(USHORT)psia->Value[1],
(USHORT)psia->Value[2],
(USHORT)psia->Value[3],
(USHORT)psia->Value[4],
(USHORT)psia->Value[5]);
} else {
dwSidSize += wsprintfA(TextualSid + dwSidSize,
"%lu",
(ULONG)(psia->Value[5] ) +
(ULONG)(psia->Value[4] << 8) +
(ULONG)(psia->Value[3] << 16) +
(ULONG)(psia->Value[2] << 24) );
}
//
// loop through SidSubAuthorities
//
for (dwCounter = 0 ; dwCounter < dwSubAuthorities ; dwCounter++) {
dwSidSize += wsprintfA(TextualSid + dwSidSize,
"-%lu", *GetSidSubAuthority(pSid, dwCounter) );
}
*dwBufferLen = dwSidSize + 1; // tell caller how many chars (include NULL)
return TRUE;
}
#define FAST_BUF_SIZE 256
BOOL
GetTextualSidW(
PSID pSid, // binary Sid
LPWSTR wszTextualSid, // buffer for Textual representaion of Sid
LPDWORD dwBufferLen // required/provided TextualSid buffersize
)
{
PSID_IDENTIFIER_AUTHORITY psia;
DWORD dwSubAuthorities;
DWORD dwCounter;
DWORD dwSidSize;
if(!IsValidSid(pSid))
{
return FALSE;
}
// obtain SidIdentifierAuthority
psia = GetSidIdentifierAuthority(pSid);
// obtain sidsubauthority count
dwSubAuthorities = *GetSidSubAuthorityCount(pSid);
//
// compute buffer length (conservative guess)
// S-SID_REVISION- + identifierauthority- + subauthorities- + NULL
//
dwSidSize=(15 + 12 + (12 * dwSubAuthorities) + 1) * sizeof(WCHAR);
//
// check provided buffer length.
// If not large enough, indicate proper size and setlasterror
//
if(*dwBufferLen < dwSidSize) {
*dwBufferLen = dwSidSize;
SetLastError(ERROR_INSUFFICIENT_BUFFER);
return FALSE;
}
//
// prepare S-SID_REVISION-
//
dwSidSize = wsprintfW(wszTextualSid, L"S-%lu-", SID_REVISION );
//
// prepare SidIdentifierAuthority
//
if ( (psia->Value[0] != 0) || (psia->Value[1] != 0) ) {
dwSidSize += wsprintfW(wszTextualSid + dwSidSize,
L"0x%02hx%02hx%02hx%02hx%02hx%02hx",
(USHORT)psia->Value[0],
(USHORT)psia->Value[1],
(USHORT)psia->Value[2],
(USHORT)psia->Value[3],
(USHORT)psia->Value[4],
(USHORT)psia->Value[5]);
} else {
dwSidSize += wsprintfW(wszTextualSid + dwSidSize,
L"%lu",
(ULONG)(psia->Value[5] ) +
(ULONG)(psia->Value[4] << 8) +
(ULONG)(psia->Value[3] << 16) +
(ULONG)(psia->Value[2] << 24) );
}
//
// loop through SidSubAuthorities
//
for (dwCounter = 0 ; dwCounter < dwSubAuthorities ; dwCounter++) {
dwSidSize += wsprintfW(wszTextualSid + dwSidSize,
L"-%lu", *GetSidSubAuthority(pSid, dwCounter) );
}
*dwBufferLen = dwSidSize + 1; // tell caller how many chars (include NULL)
return TRUE;
}
#define FAST_BUF_SIZE 256
BOOL
GetUserSid(
PTOKEN_USER *pptgUser,
DWORD *pcbUser,
BOOL *pfAlloced
)
{
HANDLE hToken = 0;
BOOL bSuccess;
BOOL fRet = FALSE;
*pfAlloced = FALSE;
if(!OpenThreadToken(
GetCurrentThread(),
TOKEN_QUERY,
TRUE,
&hToken))
{
if(GetLastError() != ERROR_NO_TOKEN)
goto Ret;
//
// retry against the process since no thread token exists
//
if(!OpenProcessToken(
GetCurrentProcess(),
TOKEN_QUERY,
&hToken))
{
goto Ret;
}
}
bSuccess = GetTokenInformation(
hToken, // identifies access token
TokenUser, // TokenUser info type
*pptgUser, // retrieved info buffer
*pcbUser, // size of buffer passed-in
pcbUser // required buffer size
);
if(!bSuccess)
{
if(GetLastError() == ERROR_INSUFFICIENT_BUFFER)
{
//
// try again with the specified buffer size
//
*pptgUser = (PTOKEN_USER)ContInfoAlloc(*pcbUser);
if(*pptgUser != NULL)
{
*pfAlloced = TRUE;
bSuccess = GetTokenInformation(
hToken, // identifies access token
TokenUser, // TokenUser info type
*pptgUser, // retrieved info buffer
*pcbUser, // size of buffer passed-in
pcbUser // required buffer size
);
}
}
if(!bSuccess)
{ // still not successful ?
goto Ret;
}
}
fRet = TRUE;
Ret:
if (hToken)
CloseHandle(hToken);
return fRet;
}
BOOL
GetUserTextualSidA(
LPSTR lpBuffer,
LPDWORD nSize
)
{
BYTE FastBuffer[FAST_BUF_SIZE];
PTOKEN_USER ptgUser;
DWORD cbUser;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -