Exemplo n.º 1
0
struct _SID_AND_ATTRIBUTES *
get_current_sid_a(ULONG *sid_a_size)		// must be called at PASSIVE_LEVEL!
{
	NTSTATUS status;
	HANDLE token;
	ULONG size;
	SID_AND_ATTRIBUTES *sid_a;

	*sid_a_size = 0;

	// open thread token
	status = ZwOpenThreadToken(CURRENT_THREAD, TOKEN_QUERY, FALSE, &token);
	if (status == STATUS_NO_TOKEN) {
		// open process token
		status = ZwOpenProcessToken(CURRENT_PROCESS, TOKEN_QUERY, &token);
	}
	if (status != STATUS_SUCCESS) {
		KdPrint(("[tdi_fw] get_current_sid_a: ZwOpen{Thread|Process}Token: 0x%x!\n"));
		return NULL;
	}

	size = sizeof(*sid_a) + 100;		// default size
	
	sid_a = (SID_AND_ATTRIBUTES *)malloc_np(size);
	if (sid_a == NULL) {
		KdPrint(("[tdi_fw] get_current_sid_a: malloc_np!\n"));
		goto done;
	}

	status = ZwQueryInformationToken(token, TokenUser, sid_a, size, &size);
	if (status == STATUS_BUFFER_TOO_SMALL) {
		free(sid_a);
		
		sid_a = (SID_AND_ATTRIBUTES *)malloc_np(size);
		if (sid_a == NULL) {
			KdPrint(("[tdi_fw] get_current_sid_a: malloc_np!\n"));
			goto done;
		}

		status = ZwQueryInformationToken(token, TokenUser, sid_a, size, &size);
	}
	if (status != STATUS_SUCCESS) {
		KdPrint(("[tdi_fw] get_current_sid_a: ZwQueryInformationToken: 0x%x!\n"));

		free(sid_a);
		sid_a = NULL;
		goto done;
	}

	// got sid & attributes!

	*sid_a_size = size;

done:
	ZwClose(token);
	return sid_a;
}
Exemplo n.º 2
0
Arquivo: util.c Projeto: Endt4sk/sebek 
// Largely based off of undelete.c from sysinternals
BOOLEAN GetUserSIDFromProcess(EPROCESS *pProcess, UNICODE_STRING *pusSID)
{
	NTSTATUS status;
	ULONG RetLen;
	HANDLE hToken;
	PTOKEN_USER tokenInfoBuffer;
	PACCESS_TOKEN Token;

	Token = PsReferencePrimaryToken(pProcess);

	status = ObOpenObjectByPointer(Token, 0, NULL, TOKEN_QUERY, NULL, KernelMode, &hToken);
	ObDereferenceObject(Token);

	if(!NT_SUCCESS(status))
		return FALSE;

	// Get the size of the sid.
	status = ZwQueryInformationToken(hToken, TokenUser, NULL, 0, &RetLen);
	if(status != STATUS_BUFFER_TOO_SMALL) {
    ZwClose(hToken);
    return FALSE;
  }

	tokenInfoBuffer = (PTOKEN_USER)ExAllocatePoolWithTag(NonPagedPool, RetLen, HELPER_POOL_TAG);
	if(tokenInfoBuffer)
      status = ZwQueryInformationToken(hToken, TokenUser, tokenInfoBuffer, RetLen, &RetLen);
 
  if(!NT_SUCCESS(status) || !tokenInfoBuffer ) {
    DBGOUT(("Error getting token information: %x\n", status));
    if(tokenInfoBuffer)
			ExFreePool(tokenInfoBuffer);
    ZwClose(hToken);
    return FALSE;
  }
  ZwClose(hToken);

  status = RtlConvertSidToUnicodeString(pusSID, tokenInfoBuffer->User.Sid, FALSE);
  ExFreePool(tokenInfoBuffer);

  if(!NT_SUCCESS(status)) {
    DBGOUT(("Unable to convert SID to UNICODE: %x\n", status ));
    return FALSE;
  }

	return TRUE;
}