-
Notifications
You must be signed in to change notification settings - Fork 12
/
advapi32_windows.go
132 lines (115 loc) · 2.75 KB
/
advapi32_windows.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
package customWin32
import (
"fmt"
"syscall"
"unsafe"
)
// #include<windows.h>
// #include<winnt.h>
//
// int wstrlen(WCHAR* str) {
// int i = 0;
// while(str[i] != 0) {
// ++i;
// }
// return i+1;
// }
//
// void copy(WCHAR* dst, WCHAR* src, int count) {
// memcpy(dst, src, count);
// }
import "C"
type TokenOwner C.TOKEN_OWNER
// BOOL OpenProcessToken(
// HANDLE ProcessHandle,
// DWORD DesiredAccess,
// PHANDLE TokenHandle
//);
func OpenProcessToken(process syscall.Handle, desiredAccess uint32) (syscall.Token, error) {
var t syscall.Token
err := syscall.OpenProcessToken(
process,
desiredAccess,
&t,
)
return t, err
}
//BOOL GetTokenInformation(
// HANDLE TokenHandle,
// TOKEN_INFORMATION_CLASS TokenInformationClass,
// LPVOID TokenInformation,
// DWORD TokenInformationLength,
// PDWORD ReturnLength
//);
func GetTokenOwner(token syscall.Token) (*syscall.SID, error) {
size := uint32(64) // Don't actually know what we need. In theory there should just be a pointer in there.
buffer := make([]byte, size)
err := syscall.GetTokenInformation(
token,
syscall.TokenOwner,
&buffer[0],
size,
&size,
)
if err != nil {
return nil, err
}
owner := (*TokenOwner)(unsafe.Pointer(&buffer[0]))
return (*syscall.SID)(owner.Owner), err
}
//BOOL LookupAccountSidW(
// LPCWSTR lpSystemName,
// PSID Sid,
// LPWSTR Name,
// LPDWORD cchName,
// LPWSTR ReferencedDomainName,
// LPDWORD cchReferencedDomainName,
// PSID_NAME_USE peUse
//);
func UsernameFromSID(sid *syscall.SID) (string, error) {
var nameLength uint32
var domainLength uint32
err := syscall.LookupAccountSid(
nil,
sid,
nil,
&nameLength,
nil,
&domainLength,
nil,
)
if err != syscall.ERROR_INSUFFICIENT_BUFFER || nameLength == 0 || domainLength == 0 {
return "", fmt.Errorf("could not determine username length, reason: %w", err)
}
accountName := make([]uint16, nameLength/2+1)
domainName := make([]uint16, domainLength/2+1)
err = syscall.LookupAccountSid(
nil,
sid,
&accountName[0],
&nameLength,
&domainName[0],
&domainLength,
nil,
)
if err != nil {
return "", err
}
return syscall.UTF16ToString(domainName) + "\\" + syscall.UTF16ToString(accountName), nil
}
//BOOL ConvertSidToStringSidW(
// PSID Sid,
// LPWSTR *StringSid
//);
func ConvertSidToStringSid(sid *syscall.SID) (string, error) {
var ptr *uint16
err := syscall.ConvertSidToStringSid(sid, &ptr)
if err != nil {
return "", err
}
l := C.wstrlen((*C.WCHAR)(ptr))
buff := make([]uint16, l)
C.copy((*C.WCHAR)(&buff[0]), (*C.WCHAR)(ptr), l)
syscall.LocalFree(syscall.Handle(unsafe.Pointer(ptr)))
return syscall.UTF16ToString(buff), nil
}