+++ /dev/null
-
- Re: alternative to SeCaptureSubjectContext for Win2000 sought
-
- From: "dave porter" <porter@zultranet.com>
- Reply to: "dave porter"
- Date: Mon, 26 Jun 2000 10:57:18 -0400
- Newsgroups:
- comp.os.ms-windows.programmer.nt.kernel-mode
- Followup to: newsgroup
- References:
- <39520e7f$0$15896@wodc7nh1.news.uu.net>
- <sl5ulbjfe7f47@corp.supernews.com>
- <39575985$0$24336@wodc7nh0.news.uu.net>
-
-
-> Under advise, I have tried ZwOpenProcessToken(), but to little avail.
-> ZwQueryInformationToken( ..TokenUser ...) doesn't seem to want to do its
-job
-> either under NT4.
-
-I could be jumping in the middle here, but in what way doesn't it work?
-This code works for me:
-
- int bufLen = 256; // we suppose this is enough
- void* sidBuf = new char[bufLen];
- int sidLen = 0;
-
- void* pToken = PsReferencePrimaryToken(PsGetCurrentProcess());
- if (!pToken) ... error ...
-
- NTSTATUS ntstatus = ObOpenObjectByPointer(pToken, 0, 0, TOKEN_QUERY,
-0, KernelMode, &handle);
- if (!NT_SUCCESS(ntstatus)) ... error ...
-
- TOKEN_USER* user = static_cast<TOKEN_USER*>(sidBuf);
- ULONG tokenInfoLen;
- ntstatus = ZwQueryInformationToken(handle, TokenUser, user, bufLen,
-&tokenInfoLen);
- if (!NT_SUCCESS(ntstatus)) ... error ...
-
- assert(tokenInfoLen <= bufLen); // else we would have got an error,
-right?
- assert(user->User.Sid == user+1); // SID is in buffer just past
-TOKEN_USER structure
-
- sidLen = tokenInfoLen - sizeof (TOKEN_USER);
- memmove(sidBuf, user->User.Sid, sidLen); // shuffle down the buffer
-
-Naturally, this returns the id of the thread that's running it.
-If you execute this in DriverEntry, you're running in some
-thread in the system process, which is not related to
-the thread which executed the Win32 StartService call.