Re: Getting SID of process owner
- From: "Volodymyr M. Shcherbyna" <v_scherbina@xxxxxxxxxxxxxxx>
- Date: Wed, 2 Jul 2008 11:49:39 +0200
In your case if you know only the PID of the process, you'll have to start
from 2 step.
--
Volodymyr, blog: http://www.shcherbyna.com/
(This posting is provided "AS IS" with no warranties, and confers no
rights)
"Volodymyr M. Shcherbyna" <v_scherbina@xxxxxxxxxxxxxxx> wrote in message
news:e$QD5fC3IHA.5088@xxxxxxxxxxxxxxxxxxxxxxx
It is easy. The code usually is doing the following:
1. Get the thread token, i.e. ZwOpenThreadToken
2. If it returns STATUS_NO_TOKEN, try to get process token via
ZwOpenProcessToken
3. If step 2 fails, you are out of luck
4. Query information about token using ZwQueryInformationToken with
information class equal to TokenUser
5. Usually step 4 returns STATUS_BUFFER_TOO_SMALL so you will have to
reallocate bigger buffer
6. After you have allocated big enough buffer at 5 call
ZwQueryInformationToken with reallocated buffer
7. Read the SID from buffer->User.Sid (the buffer is a pointer to
PTOKEN_USER
Thats all.
--
Volodymyr, blog: http://www.shcherbyna.com/
(This posting is provided "AS IS" with no warranties, and confers no
rights)
"boris" <someone@xxxxxxxxxx> wrote in message
news:875CB617-63EA-4E0E-BA7F-DB49F596C860@xxxxxxxxxxxxxxxx
Hi,
Getting SID of user account under which a process is running can be
easily done by user-mode code via WIN32 APIs: OpenProcess(),
OpenProcessToken(), GetTokenInformation(TokenUser).
But in device driver, if PID of a process is known, how difficult is it
to get owner SID?
Thanks,
Boris
.
- References:
- Getting SID of process owner
- From: boris
- Re: Getting SID of process owner
- From: Volodymyr M. Shcherbyna
- Getting SID of process owner
- Prev by Date: NDIS encryption
- Next by Date: Checked build driver with free build OS....
- Previous by thread: Re: Getting SID of process owner
- Next by thread: Port Monitor: referencing external libraries in sample code
- Index(es):
Relevant Pages
|
