mirror of
https://github.com/reactos/reactos.git
synced 2025-01-01 03:54:02 +00:00
53 lines
1.9 KiB
Text
53 lines
1.9 KiB
Text
|
|
||
|
Re: alternative to SeCaptureSubjectContext for Win2000 sought
|
||
|
|
||
|
From: "dave porter" <porter@zultranet.com>
|
||
|
Reply to: "dave porter"
|
||
|
Date: Mon, 26 Jun 2000 10:57:18 -0400
|
||
|
Newsgroups:
|
||
|
comp.os.ms-windows.programmer.nt.kernel-mode
|
||
|
Followup to: newsgroup
|
||
|
References:
|
||
|
<39520e7f$0$15896@wodc7nh1.news.uu.net>
|
||
|
<sl5ulbjfe7f47@corp.supernews.com>
|
||
|
<39575985$0$24336@wodc7nh0.news.uu.net>
|
||
|
|
||
|
|
||
|
> Under advise, I have tried ZwOpenProcessToken(), but to little avail.
|
||
|
> ZwQueryInformationToken( ..TokenUser ...) doesn't seem to want to do its
|
||
|
job
|
||
|
> either under NT4.
|
||
|
|
||
|
I could be jumping in the middle here, but in what way doesn't it work?
|
||
|
This code works for me:
|
||
|
|
||
|
int bufLen = 256; // we suppose this is enough
|
||
|
void* sidBuf = new char[bufLen];
|
||
|
int sidLen = 0;
|
||
|
|
||
|
void* pToken = PsReferencePrimaryToken(PsGetCurrentProcess());
|
||
|
if (!pToken) ... error ...
|
||
|
|
||
|
NTSTATUS ntstatus = ObOpenObjectByPointer(pToken, 0, 0, TOKEN_QUERY,
|
||
|
0, KernelMode, &handle);
|
||
|
if (!NT_SUCCESS(ntstatus)) ... error ...
|
||
|
|
||
|
TOKEN_USER* user = static_cast<TOKEN_USER*>(sidBuf);
|
||
|
ULONG tokenInfoLen;
|
||
|
ntstatus = ZwQueryInformationToken(handle, TokenUser, user, bufLen,
|
||
|
&tokenInfoLen);
|
||
|
if (!NT_SUCCESS(ntstatus)) ... error ...
|
||
|
|
||
|
assert(tokenInfoLen <= bufLen); // else we would have got an error,
|
||
|
right?
|
||
|
assert(user->User.Sid == user+1); // SID is in buffer just past
|
||
|
TOKEN_USER structure
|
||
|
|
||
|
sidLen = tokenInfoLen - sizeof (TOKEN_USER);
|
||
|
memmove(sidBuf, user->User.Sid, sidLen); // shuffle down the buffer
|
||
|
|
||
|
Naturally, this returns the id of the thread that's running it.
|
||
|
If you execute this in DriverEntry, you're running in some
|
||
|
thread in the system process, which is not related to
|
||
|
the thread which executed the Win32 StartService call.
|