351 views

Suggestion Box

03 Mar

Posted by: Christian Wimmer in: Common, JEDI Windows API Headers, JEDI Windows Security Code Lib

Suggestion box

Do you want to know something about security? How to use a special class or method? Need a snipet code using JWSCL? Just type here your question.

However, we do not create whole applications. That’s your business.

convert this post to pdf.

7 Responses

satoo
18|Mar|2008 1

1. how can i get username of process (in win2000, winxp, terminal service) started under other user? i do following: OpenProcess, OpenProcessToken, LookupAccountSid (or OpenProcess, GetSecurityInfo, LookupAccountSid). i get truth only if i use both of method

2. CachedGetUserFromSid how to use it? i call it with good sid (IsValidSid before) but i take AV.

3. lsass uses cpu if i use LookupAccountSid etc, but taskman.exe don’t load system through lsass. how taskman is working?
Christian Wimmer
19|Mar|2008 2

1. You can use either GetTokenInformation with TokenUser as parameter, or impersonate the token and call GetUserName to get the user name. However OpenProcess needs the DEBUG privilege to open foreign processes.

2. Without reading your code I can only guess which I don’t do now.
JWSCL implements this function in JwsclSid.pas at function TJwSecurityId.GetCachedUserFromSid : WideString;

3. You can use Mark Russinovich’s ProcessExplorer to find out more about your system.

rweijnen

19|Mar|2008 3

@cachedgetuserfromsid: are you reserving memory?

if IsValidSid(ProcessInfoPtr^[i].pUserSid) then
begin
   cbUserName := 256;
   GetMem(pwUserName, cbUserName * SizeOf(WCHAR));
   CachedGetUserFromSid(ProcessInfoPtr^[i].pUserSid, pwUserName, cbUsername);
   FreeMem(pwUserName);
end;

satoo
24|Mar|2008 4

thx a lot. i was stupid (a little :)) it’s works fine. another question: how can i get user’s domain. result of CachedGetUserFromSid is USERNAME_ONLY, but some users have similar local and domain users; some users are members of other domain….

sorry of my russian’s english
Christian Wimmer
24|Mar|2008 5

The SID already contains the domain SID. See also here. So you can use the API GetWindowsAccountDomainSid to get the users’ domain as a SID or you can use LookupAccountSid to get the user’s name and domain.

Try out the JWSCL - it helps a lot.
Oliver
04|Apr|2008 6

Привет,

sorry of my russian’s english

… а может быть кто-нибудь тоже понимает на-русском. Но наверное редко здесь

// Оливер
satoo
10|Aug|2008 7

я не тормоз рсс подписку не видел. чего изволите?

M	T	W	T	F	S	S
« Dec				Apr »
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

JEDI Windows API

Suggestion Box

7 Responses

Leave a reply

Search

Paypal donation (EUR)

Categories

Most Viewed

Archives

Tags

Recent Posts

Recent Comments

Blogroll

Pages

Meta

A design creation of Design Disease