static extern bool LookupAccountSid( string lpSystemName, [MarshalAs(UnmanagedType.LPArray)] byte[] Sid, StringBuilder lpName, ref uint cchName, StringBuilder referencedDomainName, ref uint cchReferencedDomainName, out SID_NAME_USE peUse);
static extern bool LookupAccountName( string lpSystemName, string lpAccountName, [MarshalAs(UnmanagedType.LPArray)] byte[] Sid, ref uint cbSid, StringBuilder ReferencedDomainName, ref uint cchReferencedDomainName, out SID_NAME_USE peUse);
internal static extern bool LookupAccountName(string systemName, string accountName, [MarshalAs(UnmanagedType.LPArray)] byte[] sid, ref uint sidLength, StringBuilder domainName, ref uint domainNameLength, out SID_NAME_USE peUse);
private static extern bool LookupAccountSid( string systemName, IntPtr sid, StringBuilder name, ref int cbName, StringBuilder domainName, ref int cbDomainName, out SID_NAME_USE use);
public static extern BOOL LookupAccountSid( string lpSystemName, PSID Sid, [Out] char[] Name, ref DWORD cchName, [Out] char[] ReferencedDomainName, ref DWORD cchReferencedDomainName, out SID_NAME_USE peUse);
static extern bool LookupAccountName( string systemName, string accountName, [MarshalAs(UnmanagedType.LPArray)] byte[] Sid, ref uint cbSid, StringBuilder referencedDomainName, ref uint cchReferencedDomainName, out SID_NAME_USE nameUse);
public static extern bool LookupAccountName( string SystemName, string AccountName, IntPtr SID, out int SIDSize, int ReferencedDomainName, int ReferencedDomainNameSize, out SID_NAME_USE Use );
internal static extern bool LookupAccountName( string lpSystemName, string lpAccountName, byte[] Sid, ref uint cbSid, StringBuilder ReferencedDomainName, ref uint cchReferencedDomainName, out SID_NAME_USE peUse );
public ATGroup(string sidName, IntPtr sidPtr, int attributes, string name, string domain, SID_NAME_USE tpe) { this.SIDPtr = sidPtr; this.SIDString = sidName; this.Attributes = attributes; this.Name = name; this.Domain = domain; this.Type = tpe; }
public static extern BOOL LookupAccountName( string lpSystemName, string lpAccountName, PSID Sid, ref DWORD cbSid, [Out] char[] DomainName, ref DWORD cbDomainName, out SID_NAME_USE peUse );
private static extern bool _LookupAccountName( String lpSystemName, String lpAccountName, byte[] Sid, ref uint cbSid, StringBuilder lpReferencedDomainName, ref uint cchReferencedDomainName, out SID_NAME_USE peUse );
public static extern bool LookupAccountName([MarshalAs(UnmanagedType.LPWStr)] string lpSystemName, [MarshalAs(UnmanagedType.LPWStr)] string lpAccountName, IntPtr Sid, ref uint cbSid, StringBuilder ReferencedDomainName, ref uint cchReferencedDomainName, out SID_NAME_USE peUse);
internal unsafe static extern bool LookupAccountSidW( [MarshalAs(UnmanagedType.LPWStr), In] string lpSystemName, // name of local or remote computer [In] System.IntPtr Sid, // security identifier [In, Out] byte [] Name, // account name buffer [In, Out] ref System.UInt32 cbName, // size of account name buffer [In, Out] byte [] DomainName, // domain name [In, Out] ref System.UInt32 cbDomainName, // size of domain name buffer [Out] out SID_NAME_USE peUse // SID type );
public static bool LookupAccountSid( string lpSystemName, byte[] sid, out string name, out string refDomain, out SID_NAME_USE peUse ) { // Initialize returns. name = null; refDomain = null; peUse = SID_NAME_USE.SidTypeUnknown; // Validate input. if (sid == null) { return(false); } // Allocate buffers. StringBuilder nameBldr = new StringBuilder(NameLength); if (nameBldr == null) { return(false); } StringBuilder refDomBldr = new StringBuilder(NameLength); if (refDomBldr == null) { return(false); } uint nameBldrSize = (uint)nameBldr.Capacity; uint refDomBldrSize = (uint)refDomBldr.Capacity; // Lookup account by SID. uint rc = Win32Errors.ERROR_SUCCESS; if (!_LookupAccountSid(lpSystemName, sid, nameBldr, ref nameBldrSize, refDomBldr, ref refDomBldrSize, out peUse)) { rc = checked ((uint)Marshal.GetLastWin32Error()); } else { name = nameBldr.ToString(); refDomain = refDomBldr.ToString(); } return(rc == Win32Errors.ERROR_SUCCESS); }
public static bool LookupAccountName( String lpSystemName, String lpAccountName, out byte[] sid, out string refDomain, out SID_NAME_USE peUse ) { // Init returns. sid = null; refDomain = null; peUse = SID_NAME_USE.SidTypeUnknown; // Validate inputs. if (lpAccountName == null || lpAccountName.Length == 0) { return(false); } // Allocate buffers. byte[] bSid = new byte[SidLength]; if (bSid == null) { return(false); } StringBuilder refDomBldr = new StringBuilder(NameLength); if (refDomBldr == null) { return(false); } uint bSidSize = (uint)bSid.Length; uint refDomBldrSize = (uint)refDomBldr.Capacity; // Lookup account by name. uint rc = Win32Errors.ERROR_SUCCESS; if (!_LookupAccountName(lpSystemName, lpAccountName, bSid, ref bSidSize, refDomBldr, ref refDomBldrSize, out peUse)) { rc = checked ((uint)Marshal.GetLastWin32Error()); } else { sid = bSid; refDomain = refDomBldr.ToString(); } return(rc == Win32Errors.ERROR_SUCCESS); }
private PSID GetSid(string accountName) { int sidSize = 0, nameSize = 0; SID_NAME_USE accountType = 0; LookupAccountName(svr, accountName, new PSID(), ref sidSize, null, ref nameSize, ref accountType); var domainName = new System.Text.StringBuilder(nameSize); var sid = new PSID(sidSize); if (!LookupAccountName(string.Empty, accountName, sid, ref sidSize, domainName, ref nameSize, ref accountType)) { throw new System.ComponentModel.Win32Exception(); } return(sid); }
public SidInfo(string sddlSid, string name, SID_NAME_USE usage = SID_NAME_USE.SidTypeGroup) { this.Position = -10; this.Attributes = ((usage & SID_NAME_USE.SidTypeGroup) == SID_NAME_USE.SidTypeGroup) ? SID_ATTRIBUTE_INFORMATION.SE_GROUP_FROM_ENUM : SID_ATTRIBUTE_INFORMATION.SE_GROUP_FROM_ENUM | SID_ATTRIBUTE_INFORMATION.SE_GROUP_USER_FROM_ENUM; this.Sid = sddlSid; this.NTName = name; if (this.IsGroup) { CheckSidType(sddlSid); } }
//获取进程的用户是否是SYSTEM public static Boolean GetTokenInformationToUsername(TOKEN_STATISTICS tokenStatistics, ref String userName) { IntPtr lpLuid = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(_LUID))); Marshal.StructureToPtr(tokenStatistics.AuthenticationId, lpLuid, false); if (IntPtr.Zero == lpLuid) { return(false); } IntPtr ppLogonSessionData = new IntPtr(); if (0 != LsaGetLogonSessionData(lpLuid, out ppLogonSessionData)) { return(false); } if (IntPtr.Zero == ppLogonSessionData) { return(false); } SECURITY_LOGON_SESSION_DATA securityLogonSessionData = (SECURITY_LOGON_SESSION_DATA)Marshal.PtrToStructure(ppLogonSessionData, typeof(SECURITY_LOGON_SESSION_DATA)); if (IntPtr.Zero == securityLogonSessionData.Sid || IntPtr.Zero == securityLogonSessionData.UserName.Buffer || IntPtr.Zero == securityLogonSessionData.LogonDomain.Buffer) { return(false); } StringBuilder lpName = new StringBuilder(); UInt32 cchName = (UInt32)lpName.Capacity; StringBuilder lpReferencedDomainName = new StringBuilder(); UInt32 cchReferencedDomainName = (UInt32)lpReferencedDomainName.Capacity; SID_NAME_USE sidNameUse = new SID_NAME_USE(); LookupAccountSid(String.Empty, securityLogonSessionData.Sid, lpName, ref cchName, lpReferencedDomainName, ref cchReferencedDomainName, out sidNameUse); userName = lpName.ToString(); if (!userName.ToUpper().Equals("System".ToUpper())) { return(false); } return(true); }
internal static unsafe bool LookupAccountSid(string lpSystemName, IntPtr sid, Span <char> userName, ref int cchName, Span <char> domainName, ref int cchDomainName, out SID_NAME_USE peUse) { fixed(char *userNamePtr = &MemoryMarshal.GetReference(userName)) fixed(char *domainNamePtr = &MemoryMarshal.GetReference(domainName)) { return(LookupAccountSid(lpSystemName, sid, userNamePtr, ref cchName, domainNamePtr, ref cchDomainName, out peUse)); } }
/// <summary> /// Obtains the localized name for the "BUILTIN\Users" group in this machine /// </summary> /// <returns></returns> public static string GetNormalUsersGroupName() { StringBuilder name = new StringBuilder(); uint cchName = (uint)name.Capacity; StringBuilder referencedDomainName = new StringBuilder(); uint cchReferencedDomainName = (uint)referencedDomainName.Capacity; SID_NAME_USE sidUse = default(SID_NAME_USE); // Sid for BUILTIN\Users byte[] Sid = new byte[] { 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 33, 2 }; int err = NO_ERROR; if (!LookupAccountSid(null, Sid, name, ref cchName, referencedDomainName, ref cchReferencedDomainName, out sidUse)) { err = System.Runtime.InteropServices.Marshal.GetLastWin32Error(); if (err == ERROR_INSUFFICIENT_BUFFER) { name.EnsureCapacity((int)cchName); referencedDomainName.EnsureCapacity((int)cchReferencedDomainName); err = NO_ERROR; if (!LookupAccountSid(null, Sid, name, ref cchName, referencedDomainName, ref cchReferencedDomainName, out sidUse)) { err = System.Runtime.InteropServices.Marshal.GetLastWin32Error(); } } } if (err == 0) { return(name.ToString()); } else { throw new InvalidOperationException(string.Format("Error when obtaining BUILTIN\\Users localized name: {0}", err)); } }
public static extern bool LookupAccountNameA([In][MarshalAs(UnmanagedType.LPStr)] string lpSystemName, [In][MarshalAs(UnmanagedType.LPStr)] string lpAccountName, IntPtr Sid, ref uint cbSid, [Out][MarshalAs(UnmanagedType.LPStr)] System.Text.StringBuilder ReferencedDomainName, ref uint cchReferencedDomainName, [Out] out SID_NAME_USE peUse);
static extern bool LookupAccountSid(string lpSystemName, IntPtr Sid, System.Text.StringBuilder lpName, ref uint cchName, System.Text.StringBuilder ReferencedDomainName, ref uint cchReferencedDomainName, out SID_NAME_USE peUse);
private bool GetEffectiveSecurityAccessRights() { try { bool daclPresent = false; bool defaulted = false; int sidSize = 0; SID_NAME_USE usage = SID_NAME_USE.SidTypeGroup; StringBuilder domain = new StringBuilder(80); int domainSize = 80; // lookup the account name, first call gets the size LookupAccountName(IntPtr.Zero, _accountName, IntPtr.Zero, ref sidSize, domain, ref domainSize, ref usage); // allocate the memory for the SID _pSid = Marshal.AllocHGlobal(sidSize); // and calling again we get the sid domainSize = 80; LookupAccountName(IntPtr.Zero, _accountName, _pSid, ref sidSize, domain, ref domainSize, ref usage); // Create a the Trustee data structure. TRUSTEE2 trustee = new TRUSTEE2(); trustee.MultipleTrusteeOperation = MULTIPLE_TRUSTEE_OPERATION.NO_MULTIPLE_TRUSTEE; trustee.pMultipleTrustee = IntPtr.Zero; trustee.ptstrName = _pSid; trustee.TrusteeForm = TRUSTEE_FORM.TRUSTEE_IS_SID; trustee.TrusteeType = TRUSTEE_TYPE.TRUSTEE_IS_UNKNOWN; this.GetFileSecurityDescriptor(_path, SecurityInformation.DACL, out _pSecurityDescriptor); if (_pSecurityDescriptor == IntPtr.Zero) { System.Diagnostics.Debug.WriteLine("File security descriptor is null"); return(false);; } // get the dacl from the descriptor GetSecurityDescriptorDacl(_pSecurityDescriptor, ref daclPresent, out _pDacl, ref defaulted); // if the dacl is null or one is not found then all access is allowed if (!daclPresent || _pDacl == IntPtr.Zero) { return(true); } // get the rights for the dacl int result = GetEffectiveRightsFromAcl(_pDacl, ref trustee, ref _accessGranted); // int result = GetAuditedPermissionsFromAcl(_pDacl, ref trustee, ref _accessGranted, ref _accessDenied); if (result != ERROR_SUCCESS) { throw new System.ComponentModel.Win32Exception(result); } return(true); } catch (Exception ex) { Debug.WriteLine(ex); } // by default fail on the side of good return(true); }
public static extern bool LookupAccountSid(string lpSystemName, PSID lpSid, StringBuilder lpName, ref int cchName, StringBuilder lpReferencedDomainName, ref int cchReferencedDomainName, out SID_NAME_USE peUse);
public static extern bool LookupAccountName(string lpSystemName, string lpAccountName, SafePSID Sid, ref int cbSid, StringBuilder ReferencedDomainName, ref int cchReferencedDomainName, out SID_NAME_USE peUse);
private static extern Boolean LookupAccountName(IntPtr NoSystemName, String lpAccountName, IntPtr Sid, ref int cbSid, StringBuilder DomainName, ref int cbDomainName, ref SID_NAME_USE peUse);
internal static extern bool LookupAccountSid(string lpSystemName, IntPtr Sid, IntPtr lpName, ref int cchName, IntPtr ReferencedDomainName, ref int cchReferencedDomainName, out SID_NAME_USE peUse);
/// <summary> /// The LookupAccountName hook function. This will be called instead of the original LookupAccountName once hooked. /// </summary> /// <returns></returns> bool lookupAccountName_Hook(string lpSystemName, string lpAccountName, [MarshalAs(UnmanagedType.LPArray)] byte[] Sid, ref uint cbSid, StringBuilder ReferencedDomainName, ref uint cchReferencedDomainName, out SID_NAME_USE peUse) { bool result; // Filter for the correct calling type if (lpSystemName == null) { // Hook if SystemName is null peUse = SID_NAME_USE.SidTypeUser; ReferencedDomainName.Clear().Append(_ReplaceDomainName); result = true; } else { // now call the original API... result = LookupAccountName(lpSystemName, lpAccountName, Sid, ref cbSid, ReferencedDomainName, ref cchReferencedDomainName, out peUse); } try { lock (this._messageQueue) { if (this._messageQueue.Count < 1000) { // Add message to send to FileMonitor this._messageQueue.Enqueue( string.Format("[{0}:{1}]: Access LookupAccountName for account {2} -> {3}", EasyHook.RemoteHooking.GetCurrentProcessId(), EasyHook.RemoteHooking.GetCurrentThreadId(), lpAccountName, ReferencedDomainName.ToString())); } } } catch { // swallow exceptions so that any issues caused by this code do not crash target process } return(result); }
public static extern bool LookupAccountSid(string SystemName, int SID, StringBuilder Name, out int NameSize, StringBuilder ReferencedDomainName, out int ReferencedDomainNameSize, out SID_NAME_USE Use);
public static extern bool LookupAccountSid( string lpSystemName, [MarshalAs(UnmanagedType.LPArray)] byte[] lpSid, StringBuilder lpName, ref uint cchName, StringBuilder lpReferencedDomainName, ref uint cchReferencedDomainName, out SID_NAME_USE peUse);
public static bool LookupAccountName(string systemName, string accountName, out SafePSID sid, out string domainName, out SID_NAME_USE snu) { var sb = new StringBuilder(1024); sid = new SafePSID(256); var sidSz = sid.Size; var sbSz = sb.Capacity; var ret = LookupAccountName(systemName, accountName, sid, ref sidSz, sb, ref sbSz, out snu); domainName = sb.ToString(); return(ret); }
internal static extern bool LookupAccountSid(string lpSystemName, IntPtr Sid, StringBuilder lpName, ref uint cchName, StringBuilder ReferencedDomainName, ref uint cchReferencedDomainName, out SID_NAME_USE peUse);
private static extern bool LookupAccountSid([MarshalAs(UnmanagedType.LPTStr)]string lpSystemName, IntPtr lpSid, IntPtr lpName, ref uint cchName, IntPtr lpReferencedDomainName, ref uint cchReferencedDomainName, out SID_NAME_USE peUse);
public static extern BOOL LookupAccountSid( string lpSystemName, PSID Sid, [Out] char[] Name, ref DWORD cchName, [Out] char [] ReferencedDomainName, ref DWORD cchReferencedDomainName, out SID_NAME_USE peUse);
public static extern bool LookupAccountSid(string SystemName, byte[] bSid, StringBuilder Name, ref int cbName, StringBuilder DomainName, ref int cbDomainName, ref SID_NAME_USE peUse);
private AccessTokenUser(string user, string domain, SID_NAME_USE t) { this.Username = user; this.Domain = domain; this.Type = t; }
private static bool IsValidSid(SID_NAME_USE use) => Array.IndexOf(new[] { 1, 2, 4, 5, 9 }, (int)use) != -1;
public static extern bool LookupAccountSid( string lpSystemName, IntPtr Sid, [Out] StringBuilder lpName, out uint cchName, [Out] StringBuilder lpReferencedDomainName, out uint cchReferencedDomainName, ref SID_NAME_USE peUse );