Re: Get Handle Owner,...

In other words, you want to get SID of user which run the process or
service? If so, ZwOpenProcessToken to open process, and
ZwQueryInformationToken with TokenUser to get SID.

--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Kerem Gümrükcü" <kareem114@xxxxxxxxxxx> wrote in message
news:OYXXsFhxIHA.3968@xxxxxxxxxxxxxxxxxxxxxxx
Hi Jeroen ,

the point is, that i operate from Mannaged .NET Code
and i have several Process Handles and Ids and Service
Handles. I need to know in which Context they Run. I
expressed myelf a little unclear. I need a reliable way to
get the user context in which they run. I used the method
of GetTheToken->DuplicateIt->Impersonate->GetThe
UserName->RevertToSelf->CloseTheToken. But is there
another way? I got the process and service handles. The
more Problem are the Service Handles here: How do i get
the User Context from just a service handle?

Regards

Kerem


--
--
-----------------------
Beste Grüsse / Best regards / Votre bien devoue
Kerem Gümrükcü
Microsoft Live Space: http://kerem-g.spaces.live.com/
Latest Open-Source Projects: http://entwicklung.junetz.de
-----------------------
"This reply is provided as is, without warranty express or implied."

"Jeroen Mostert" <jmostert@xxxxxxxxx> schrieb im Newsbeitrag
news:484626c4$0$14351$e4fe514c@xxxxxxxxxxxxxxxxx
Kerem Gümrükcü wrote:
my application has sufficient privileges enabled
and i can open any process,thread,kernel/user-object
to query information from the objects. The Point is
that i want to find out, from who owns this handle, e.g.
the Username of the Owner. Calls to GetKernelObjectSecurity
and GetUserObjectSecurity return sometimes different information
than e.g. Process Explorer. I also dont want to do things like
get the process token->Impersonate->GetUserName->RevertToSelf.
Calls to GetSecurityInfo also just return owner of the token, but
not the Usercontext that was responsible for the creation of the
Token. Invoking LookupAccountSid works just fine after i got
the sid buffers. I hope, you know what i want to do. Who created
the handle and in what user context has it been created,...

What you seem to be asking for is "the SID of the owner of the token
associated with the thread that created the object at the moment it
created
it". AFAIK, that information is not recorded anywhere -- the system does
record which process created an object (if any), but that's it. A
security
descriptor contains the SID of the owner, which need not have any
relation
to who created the object, and it can always be changed afterwards.

Take care also to distinguish between handles and objects. Objects have
owners, handles belong to processes. An object has only one DACL (and
hence
only one owner), a handle can be duplicated among many processes. It's
not
entirely clear what you want or whether what you want makes sense.

--
J.
http://symbolsprose.blogspot.com




.

Relevant Pages

  • Re: Take ownership of a process
    ... I'm a beginner when it comes to security. ... actually thought the process token just had one owner SID and one group SID. ... > Thomas - ...
    (microsoft.public.platformsdk.security)
  • Re: how the enumerate the groups of a user account SID?
    ... All I wanted to do is to check, whether the owner of a file is a local ... convert owner SID to ownerString using LookupAccountSid ... convert local administrators group SID to groupString using ...
    (microsoft.public.platformsdk.security)
  • Re: SetSecurityInfo API
    ... Yes Im the owner, the securable object in discussion is a Process. ... I get an error like cannot assign the specified SID. ... > Im using SetSecurityInfo API ...
    (microsoft.public.platformsdk.security)
  • Re: Collection gesucht (Framework 2.0)
    ... > verwendet nicht den Hashwert des Keys zur Suche und hat Items vom ... wie wär's mit SortedList<string, object>? ... Owner festgestellt. ... Listview auf der jeweiligen Tabpage (eine pro SID) hinzugefügt. ...
    (microsoft.public.de.german.entwickler.dotnet.framework)
Loading