238 lines
6 KiB
C++
238 lines
6 KiB
C++
|
/******************************************************************************
|
||
|
|
||
|
Copyright (C) Microsoft Corporation
|
||
|
|
||
|
Module Name:
|
||
|
ProcessOwner.CPP
|
||
|
|
||
|
Abstract:
|
||
|
This module deals with Query functionality of OpenFiles.exe
|
||
|
NT command line utility.
|
||
|
|
||
|
Author:
|
||
|
|
||
|
Akhil Gokhale (akhil.gokhale@wipro.com) 25-APRIL-2000
|
||
|
|
||
|
Revision History:
|
||
|
|
||
|
Akhil Gokhale (akhil.gokhale@wipro.com) 25-APRIL-2000 : Created It.
|
||
|
|
||
|
|
||
|
*****************************************************************************/
|
||
|
#include "pch.h"
|
||
|
#include "OpenFiles.h"
|
||
|
|
||
|
|
||
|
#define SAFE_CLOSE_HANDLE(hHandle) \
|
||
|
if(hHandle!=NULL) \
|
||
|
{\
|
||
|
CloseHandle(hHandle);\
|
||
|
hHandle = NULL;\
|
||
|
}\
|
||
|
1
|
||
|
#define SAFE_FREE_GLOBAL_ALLOC(block) \
|
||
|
if(block!=NULL)\
|
||
|
{\
|
||
|
delete block;\
|
||
|
block = NULL;\
|
||
|
}\
|
||
|
1
|
||
|
#define SAFE_FREE_ARRAY(arr) \
|
||
|
if(arr != NULL)\
|
||
|
{\
|
||
|
delete [] arr;\
|
||
|
arr = NULL;\
|
||
|
}\
|
||
|
1
|
||
|
/*****************************************************************************
|
||
|
Routine Description:
|
||
|
|
||
|
|
||
|
Arguments:
|
||
|
|
||
|
|
||
|
result.
|
||
|
|
||
|
Return Value:
|
||
|
|
||
|
******************************************************************************/
|
||
|
BOOL GetProcessOwner(LPTSTR pszUserName,DWORD hFile)
|
||
|
{
|
||
|
|
||
|
DWORD dwRtnCode = 0;
|
||
|
PSID pSidOwner;
|
||
|
BOOL bRtnBool = TRUE;
|
||
|
LPTSTR DomainName = NULL,AcctName = NULL;
|
||
|
DWORD dwAcctName = 1, dwDomainName = 1;
|
||
|
SID_NAME_USE eUse = SidTypeUnknown;
|
||
|
PSECURITY_DESCRIPTOR pSD=0;
|
||
|
HANDLE hHandle = GetCurrentProcess();
|
||
|
HANDLE hDynHandle = NULL;
|
||
|
HANDLE hDynToken = NULL;
|
||
|
LUID luidValue;
|
||
|
BOOL bResult = FALSE;
|
||
|
HANDLE hToken = NULL;
|
||
|
TOKEN_PRIVILEGES tkp;
|
||
|
|
||
|
|
||
|
bResult = OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken);
|
||
|
if(bResult == FALSE)
|
||
|
|
||
|
{
|
||
|
return FALSE;
|
||
|
}
|
||
|
|
||
|
bResult = LookupPrivilegeValue(NULL,SE_SECURITY_NAME,&luidValue );
|
||
|
if(bResult == FALSE)
|
||
|
{
|
||
|
SAFE_CLOSE_HANDLE(hToken);
|
||
|
return FALSE;
|
||
|
}
|
||
|
|
||
|
// Prepare the token privilege structure
|
||
|
tkp.PrivilegeCount = 0;
|
||
|
tkp.Privileges[0].Luid = luidValue;
|
||
|
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED|SE_PRIVILEGE_USED_FOR_ACCESS;
|
||
|
|
||
|
// Now enable the debug privileges in token
|
||
|
|
||
|
bResult = AdjustTokenPrivileges(hToken,FALSE,&tkp,sizeof(TOKEN_PRIVILEGES),(PTOKEN_PRIVILEGES)NULL,
|
||
|
(PDWORD)NULL);
|
||
|
if(bResult == FALSE)
|
||
|
{
|
||
|
SAFE_CLOSE_HANDLE(hToken);
|
||
|
return FALSE;
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
hDynHandle = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,hFile);; // Here you can give any valid process ids..
|
||
|
|
||
|
if(hDynHandle == NULL)
|
||
|
{
|
||
|
|
||
|
return FALSE;
|
||
|
|
||
|
}
|
||
|
bResult = OpenProcessToken(hDynHandle,TOKEN_QUERY,&hDynToken);
|
||
|
|
||
|
if(bResult == FALSE)
|
||
|
{
|
||
|
|
||
|
SAFE_CLOSE_HANDLE(hDynHandle);
|
||
|
return FALSE;
|
||
|
}
|
||
|
TOKEN_USER * pUser = NULL;
|
||
|
DWORD cb = 0;
|
||
|
// determine size of the buffer needed to receive all information
|
||
|
if (!GetTokenInformation(hToken, TokenUser, NULL, 0, &cb))
|
||
|
{
|
||
|
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
|
||
|
{
|
||
|
SAFE_CLOSE_HANDLE(hDynHandle);
|
||
|
SAFE_CLOSE_HANDLE(hDynToken);
|
||
|
|
||
|
return FALSE;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
pUser = (TOKEN_USER *)_alloca(cb);
|
||
|
if(pUser==NULL)
|
||
|
{
|
||
|
SAFE_CLOSE_HANDLE(hDynHandle);
|
||
|
SAFE_CLOSE_HANDLE(hDynToken);
|
||
|
return FALSE;
|
||
|
}
|
||
|
|
||
|
if (!GetTokenInformation(hDynToken, TokenUser, pUser, cb, &cb))
|
||
|
{
|
||
|
SAFE_CLOSE_HANDLE(hDynHandle);
|
||
|
SAFE_CLOSE_HANDLE(hDynToken);
|
||
|
return FALSE;
|
||
|
}
|
||
|
|
||
|
|
||
|
PSID pSid = pUser->User.Sid;
|
||
|
// Allocate memory for the SID structure.
|
||
|
pSidOwner = new SID;
|
||
|
// Allocate memory for the security descriptor structure.
|
||
|
pSD = new SECURITY_DESCRIPTOR;
|
||
|
if(pSidOwner==NULL ||pSD == NULL)
|
||
|
{
|
||
|
SAFE_CLOSE_HANDLE(hDynHandle);
|
||
|
SAFE_CLOSE_HANDLE(hDynToken);
|
||
|
SAFE_FREE_GLOBAL_ALLOC(pSD);
|
||
|
SAFE_FREE_GLOBAL_ALLOC(pSidOwner);
|
||
|
return FALSE;
|
||
|
}
|
||
|
|
||
|
// First call to LookupAccountSid to get the buffer sizes.
|
||
|
bRtnBool = LookupAccountSid(
|
||
|
NULL, // local computer
|
||
|
pUser->User.Sid,
|
||
|
NULL, // AcctName
|
||
|
(LPDWORD)&dwAcctName,
|
||
|
NULL, // DomainName
|
||
|
(LPDWORD)&dwDomainName,
|
||
|
&eUse);
|
||
|
|
||
|
AcctName = new TCHAR[dwAcctName+1];
|
||
|
DomainName = new TCHAR[dwDomainName+1];
|
||
|
|
||
|
if(AcctName==NULL || DomainName==NULL)
|
||
|
{
|
||
|
|
||
|
SAFE_FREE_ARRAY(AcctName);
|
||
|
SAFE_FREE_ARRAY(DomainName);
|
||
|
return FALSE;
|
||
|
}
|
||
|
|
||
|
// Second call to LookupAccountSid to get the account name.
|
||
|
bRtnBool = LookupAccountSid(
|
||
|
NULL, // name of local or remote computer
|
||
|
pUser->User.Sid, // security identifier
|
||
|
AcctName, // account name buffer
|
||
|
(LPDWORD)&dwAcctName, // size of account name buffer
|
||
|
DomainName, // domain name
|
||
|
(LPDWORD)&dwDomainName, // size of domain name buffer
|
||
|
&eUse); // SID type
|
||
|
|
||
|
SAFE_CLOSE_HANDLE(hDynHandle);
|
||
|
SAFE_CLOSE_HANDLE(hDynToken);
|
||
|
|
||
|
SAFE_FREE_GLOBAL_ALLOC(pSD);
|
||
|
SAFE_FREE_GLOBAL_ALLOC(pSidOwner);
|
||
|
|
||
|
// Check GetLastError for LookupAccountSid error condition.
|
||
|
if (bRtnBool == FALSE)
|
||
|
{
|
||
|
SAFE_FREE_ARRAY(AcctName);
|
||
|
SAFE_FREE_ARRAY(DomainName);
|
||
|
return FALSE;
|
||
|
|
||
|
} else
|
||
|
{
|
||
|
if(lstrcmpi(DomainName,_T("NT AUTHORITY"))==0)
|
||
|
{
|
||
|
SAFE_FREE_ARRAY(AcctName);
|
||
|
SAFE_FREE_ARRAY(DomainName);
|
||
|
return FALSE;
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
lstrcpy(pszUserName,AcctName);
|
||
|
SAFE_FREE_ARRAY(AcctName);
|
||
|
SAFE_FREE_ARRAY(DomainName);
|
||
|
return TRUE;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
SAFE_FREE_ARRAY(AcctName);
|
||
|
SAFE_FREE_ARRAY(DomainName);
|
||
|
SAFE_CLOSE_HANDLE(hDynHandle);
|
||
|
SAFE_CLOSE_HANDLE(hDynToken);
|
||
|
SAFE_FREE_GLOBAL_ALLOC(pSD);
|
||
|
SAFE_FREE_GLOBAL_ALLOC(pSidOwner);
|
||
|
return FALSE;
|
||
|
}
|