////////////////////////////////////////////////////////////////////////////////
// Displays the users associated with a token
////////////////////////////////////////////////////////////////////////////////
public void GetTokenDefaultDacl()
{
uint returnLength;
advapi32.GetTokenInformation(hWorkingToken, Winnt._TOKEN_INFORMATION_CLASS.TokenDefaultDacl, IntPtr.Zero, 0, out returnLength);
hTokenDefaultDacl = Marshal.AllocHGlobal((int)returnLength);
try
{
if (!advapi32.GetTokenInformation(hWorkingToken, Winnt._TOKEN_INFORMATION_CLASS.TokenDefaultDacl, hTokenDefaultDacl, returnLength, out returnLength))
{
Misc.GetWin32Error("GetTokenInformation (TokenDefaultDacl) - Pass 2");
return;
}
tokenDefaultDacl = (Winnt._TOKEN_DEFAULT_DACL)Marshal.PtrToStructure(hTokenDefaultDacl, typeof(Winnt._TOKEN_DEFAULT_DACL));
if (IntPtr.Zero == tokenDefaultDacl.DefaultDacl)
{
Misc.GetWin32Error("PtrToStructure");
}
tokenDefaultDaclAcl = (Winnt._TOKEN_DEFAULT_DACL_ACL)Marshal.PtrToStructure(hTokenDefaultDacl, typeof(Winnt._TOKEN_DEFAULT_DACL_ACL));
}
catch (Exception ex)
{
Misc.GetWin32Error("GetTokenInformation (TokenDefaultDacl - Pass 2");
Console.WriteLine(ex.Message);
return;
}
string primaryGroup = Marshal.PtrToStringUni(tokenPrimaryGroup.PrimaryGroup);
Console.WriteLine("[+] ACL Count: {0}", tokenDefaultDaclAcl.DefaultDacl.AceCount);
return;
}
public static extern bool GetTokenInformation(IntPtr TokenHandle, Winnt._TOKEN_INFORMATION_CLASS TokenInformationClass, ref Winnt._TOKEN_DEFAULT_DACL_ACL TokenInformation, uint TokenInformationLength, out uint ReturnLength);