Hi,
2008/12/4 Daniel Berger <djberg96 at gmail.com>:> Hi,
>
> I''m close, but what I''ve got doesn''t quite match
what
> Win32::Security::SID.new returns:
>
> require ''windows/file''
> require ''windows/handle''
> require ''windows/error''
> require ''windows/security''
> require ''windows/process''
>
> include Windows::File
> include Windows::Handle
> include Windows::Error
> include Windows::Security
> include Windows::Process
>
> token = 0.chr * 4
>
> unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token)
> raise error, get_last_error
> end
>
> token = token.unpack(''V'')[0]
> rlength = 0.chr * 4
> tu = 0.chr * 512 # TokenUser
>
> bool = GetTokenInformation(
> token,
> TokenUser,
> tu,
> tu.size,
> rlength
> )
>
> unless bool
> raise get_last_error
> end
>
> p tu.strip
>
> Looks like the first 8 bytes are unwanted. Are these the attributes? If so,
> why are they the first 8 bytes instead of the last 8? I guess I''m
confused
> about how to properly unroll a SID_AND_ATTRIBUTES struct.
>
According to the document, the first 4bytes is the pointer of SID and
the second 4bytes are attributes.
In my test with the above code,
[tu].pack(''P'').unpack(''L'').first is 50436232
tu[0,4].unpack(''L'').first is 50436240
rlength.unpack(''L'').first is 36
The SID is at 50436240 and equal to address of tu[8]
Thus the actual SID is tu[8,(36-8)]
Regards,
Park Heesob