private static string ReadSecurityDescriptorFromAddress(SafeProcessHandle process, IntPtr address) { SecurityDescriptorHeader header = process.ReadStruct <SecurityDescriptorHeader>(address); if (header.Revision != 1) { return(String.Empty); } ISecurityDescriptor sd = null; if (header.HasFlag(SecurityDescriptorControl.SelfRelative)) { sd = process.ReadStruct <SecurityDescriptorRelative>(address); } else if (process.Is64Bit) { sd = process.ReadStruct <SecurityDescriptorAbsolute>(address); } else { sd = process.ReadStruct <SecurityDescriptorAbsolute32>(address); } SecurityDescriptorAbsolute new_sd = new SecurityDescriptorAbsolute(); new_sd.Header = header; new_sd.Header.Control = header.Control & ~SecurityDescriptorControl.SelfRelative; List <SafeBuffer> buffers = new List <SafeBuffer>(); try { if (!header.HasFlag(SecurityDescriptorControl.OwnerDefaulted)) { SafeBuffer buf = ReadSid(process, sd.GetOwner(address)); if (buf != null) { buffers.Add(buf); new_sd.Owner = buf.DangerousGetHandle(); } } if (!header.HasFlag(SecurityDescriptorControl.OwnerDefaulted)) { SafeBuffer buf = ReadSid(process, sd.GetGroup(address)); if (buf != null) { buffers.Add(buf); new_sd.Group = buf.DangerousGetHandle(); } } if (header.HasFlag(SecurityDescriptorControl.DaclPresent)) { SafeBuffer buf = ReadAcl(process, sd.GetDacl(address)); if (buf != null) { buffers.Add(buf); new_sd.Dacl = buf.DangerousGetHandle(); } } if (header.HasFlag(SecurityDescriptorControl.SaclPresent)) { SafeBuffer buf = ReadAcl(process, sd.GetSacl(address)); if (buf != null) { buffers.Add(buf); new_sd.Sacl = buf.DangerousGetHandle(); } } IntPtr str; int length; if (ConvertSecurityDescriptorToStringSecurityDescriptor(ref new_sd, SDDL_REVISION_1, SecurityInformation.All, out str, out length)) { string ret = Marshal.PtrToStringUni(str); LocalFree(str); return(ret); } } finally { foreach (SafeBuffer buf in buffers) { buf.Close(); } } return(String.Empty); }
private extern static bool ConvertSecurityDescriptorToStringSecurityDescriptor(ref SecurityDescriptorAbsolute sd, uint rev, SecurityInformation secinfo, out IntPtr str, out int length);