internal static SecurityIdentifier GetUserSidForPid(int pid) { SafeCloseHandle process = OpenProcessForQuery(pid); try { SafeCloseHandle token = GetProcessToken(process, ListenerUnsafeNativeMethods.TOKEN_QUERY); try { int length = GetTokenInformationLength(token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenUser); byte[] tokenInformation = new byte[length]; fixed(byte *pTokenInformation = tokenInformation) { GetTokenInformation(token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenUser, tokenInformation); ListenerUnsafeNativeMethods.TOKEN_USER * ptg = (ListenerUnsafeNativeMethods.TOKEN_USER *)pTokenInformation; ListenerUnsafeNativeMethods.SID_AND_ATTRIBUTES *sids = (ListenerUnsafeNativeMethods.SID_AND_ATTRIBUTES *)(&(ptg->User)); return(new SecurityIdentifier(sids->Sid)); } } finally { token.Close(); } } finally { process.Close(); } }
internal static unsafe SecurityIdentifier GetLogonSidForPid(int pid) { SecurityIdentifier identifier; SafeCloseHandle process = OpenProcessForQuery(pid); try { SafeCloseHandle processToken = GetProcessToken(process, 8); try { byte[] tokenInformation = new byte[GetTokenInformationLength(processToken, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenGroups)]; try { fixed(byte *numRef = tokenInformation) { GetTokenInformation(processToken, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenGroups, tokenInformation); ListenerUnsafeNativeMethods.TOKEN_GROUPS * token_groupsPtr = (ListenerUnsafeNativeMethods.TOKEN_GROUPS *)numRef; ListenerUnsafeNativeMethods.SID_AND_ATTRIBUTES *sid_and_attributesPtr = (ListenerUnsafeNativeMethods.SID_AND_ATTRIBUTES *) & token_groupsPtr->Groups; for (int i = 0; i < token_groupsPtr->GroupCount; i++) { if ((sid_and_attributesPtr[i].Attributes & ((ListenerUnsafeNativeMethods.SidAttribute)(-1073741824))) == ((ListenerUnsafeNativeMethods.SidAttribute)(-1073741824))) { return(new SecurityIdentifier(sid_and_attributesPtr[i].Sid)); } } } } finally { numRef = null; } identifier = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null); } finally { processToken.Close(); } } finally { process.Close(); } return(identifier); }
internal static unsafe SecurityIdentifier GetUserSidForPid(int pid) { SecurityIdentifier identifier; SafeCloseHandle process = OpenProcessForQuery(pid); try { SafeCloseHandle processToken = GetProcessToken(process, 8); try { byte[] tokenInformation = new byte[GetTokenInformationLength(processToken, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenUser)]; try { fixed(byte *numRef = tokenInformation) { GetTokenInformation(processToken, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenUser, tokenInformation); ListenerUnsafeNativeMethods.TOKEN_USER * token_userPtr = (ListenerUnsafeNativeMethods.TOKEN_USER *)numRef; ListenerUnsafeNativeMethods.SID_AND_ATTRIBUTES *sid_and_attributesPtr = (ListenerUnsafeNativeMethods.SID_AND_ATTRIBUTES *) & token_userPtr->User; identifier = new SecurityIdentifier(sid_and_attributesPtr->Sid); } } finally { numRef = null; } } finally { processToken.Close(); } } finally { process.Close(); } return(identifier); }
internal static SecurityIdentifier GetLogonSidForPid(int pid) { SafeCloseHandle process = OpenProcessForQuery(pid); try { SafeCloseHandle token = GetProcessToken(process, ListenerUnsafeNativeMethods.TOKEN_QUERY); try { int length = GetTokenInformationLength(token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenGroups); byte[] tokenInformation = new byte[length]; fixed(byte *pTokenInformation = tokenInformation) { GetTokenInformation(token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenGroups, tokenInformation); ListenerUnsafeNativeMethods.TOKEN_GROUPS * ptg = (ListenerUnsafeNativeMethods.TOKEN_GROUPS *)pTokenInformation; ListenerUnsafeNativeMethods.SID_AND_ATTRIBUTES *sids = (ListenerUnsafeNativeMethods.SID_AND_ATTRIBUTES *)(&(ptg->Groups)); for (int i = 0; i < ptg->GroupCount; i++) { if ((sids[i].Attributes & ListenerUnsafeNativeMethods.SidAttribute.SE_GROUP_LOGON_ID) == ListenerUnsafeNativeMethods.SidAttribute.SE_GROUP_LOGON_ID) { return(new SecurityIdentifier(sids[i].Sid)); } } } return(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null)); } finally { token.Close(); } } finally { process.Close(); } }