advapi32

How to use Windows API AuditEnumerateCategories function in PowerShell?

一世执手 提交于 2020-07-22 21:39:27
问题 I want get the current Advanced Security Audit Policy using PowerShell. I could use auditpol.exe , but its ouput is different per OS language, which makes it difficult to parse. The settings are stored in a REG_NONE value in HKEY_Local_Machine\Security\Policy\PolAdtEv . I could try to parse the value with the help of that unofficial structure table. My preferred approach, however, is to use the Windows API function AuditQuerySystemPolicy of advapi32.dll . With the great help of this article,

How to use Windows API AuditEnumerateCategories function in PowerShell?

房东的猫 提交于 2020-07-22 21:37:27
问题 I want get the current Advanced Security Audit Policy using PowerShell. I could use auditpol.exe , but its ouput is different per OS language, which makes it difficult to parse. The settings are stored in a REG_NONE value in HKEY_Local_Machine\Security\Policy\PolAdtEv . I could try to parse the value with the help of that unofficial structure table. My preferred approach, however, is to use the Windows API function AuditQuerySystemPolicy of advapi32.dll . With the great help of this article,

How to use Windows API AuditEnumerateCategories function in PowerShell?

a 夏天 提交于 2020-07-22 21:37:03
问题 I want get the current Advanced Security Audit Policy using PowerShell. I could use auditpol.exe , but its ouput is different per OS language, which makes it difficult to parse. The settings are stored in a REG_NONE value in HKEY_Local_Machine\Security\Policy\PolAdtEv . I could try to parse the value with the help of that unofficial structure table. My preferred approach, however, is to use the Windows API function AuditQuerySystemPolicy of advapi32.dll . With the great help of this article,

Access Violation in LogonUserW in Python 3

旧时模样 提交于 2020-02-06 07:49:37
问题 I am writing a Python3 script for someone, that utilizes the advapi dll and its LogonUserW function via ctypes. When running the code in the __init__ function dll_location = find_library("advapi32"); if (dll_location == None): raise FileNotFoundError adv_dll = WinDLL(dll_location); #gets the pointer to the function logonUser = adv_dll.LogonUserW; self.logonUser = logonUser In login(username, domain, password) function #Sets the parameters to call the DLL loginType = DWORD(2) loginProvider =

Access Violation in LogonUserW in Python 3

北城余情 提交于 2020-02-06 07:49:13
问题 I am writing a Python3 script for someone, that utilizes the advapi dll and its LogonUserW function via ctypes. When running the code in the __init__ function dll_location = find_library("advapi32"); if (dll_location == None): raise FileNotFoundError adv_dll = WinDLL(dll_location); #gets the pointer to the function logonUser = adv_dll.LogonUserW; self.logonUser = logonUser In login(username, domain, password) function #Sets the parameters to call the DLL loginType = DWORD(2) loginProvider =

When a process is elevated how can I get the windows authentication ID of the non elevated session

风流意气都作罢 提交于 2020-01-15 11:23:31
问题 I need to get the AuthenticationID as returned by GetTokenInformation with the TokenStatistics class for the user that logged in on the station whether I'm elevated or not. Lemme give you some more info. Suppose I do : var Result = GetTokenInformation(WindowsIdentity.GetCurrent().Token, TOKEN_INFORMATION_CLASS.TokenStatistics, TokenInformation, TokenInfLength, out TokenInfLength); This will allow me to get the AuthenticationID from the TokenInformation structure without problem. Let's say the

When a process is elevated how can I get the windows authentication ID of the non elevated session

混江龙づ霸主 提交于 2020-01-15 11:22:25
问题 I need to get the AuthenticationID as returned by GetTokenInformation with the TokenStatistics class for the user that logged in on the station whether I'm elevated or not. Lemme give you some more info. Suppose I do : var Result = GetTokenInformation(WindowsIdentity.GetCurrent().Token, TOKEN_INFORMATION_CLASS.TokenStatistics, TokenInformation, TokenInfLength, out TokenInfLength); This will allow me to get the AuthenticationID from the TokenInformation structure without problem. Let's say the

I successfully called advapi32's LsaEnumerateAccountRights() from C#. Now how do I unmarshal the array of LSA_UNICODE_STRING it returns?

邮差的信 提交于 2019-12-30 09:24:11
问题 It's a pointer to an array of LSA_UNICODE_STRING structures. I found some code that does the inverse, i.e., create a LSA_UNICODE_STRING from a C# string. You can see that in the helper code section below. What I have up to and including the call to LsaEnumerateAccountRights() seems to work just fine. Sensible values are returned for the array pointer and for the count. I am at a loss as to how to get at those blasted strings. Help please? Pretty please? UPDATE: nobugz's helper function in his

Check if another process has admin privileges

大兔子大兔子 提交于 2019-12-24 15:47:07
问题 I have wrote a code to check is a process running on the same machine has administrator privileges or not. But it always returns false. Can you tell me what's wrong with it. private static bool HasAdminPrivileges(int processId) { var hProcess = WinApi.OpenProcess(ProcessAccessFlags.QueryInformation, false, processId); var opened = WinApi.OpenProcessToken(hProcess, WinApi.TOKEN_QUERY, out IntPtr hToken); if (opened) { var token = new IntPtr(hProcess.ToInt64() + hToken.ToInt64()); // 64 bit

Trying to call wincred api using ctypes

风格不统一 提交于 2019-12-24 05:13:18
问题 I am trying to read the Windows Credential vault using ctypes API, but I am unsure how to cast back the function result back into a usable ctypes.Structure. import ctypes class CREDENTIALS(ctypes.Structure): _fields_ = [ ("Flags", ctypes.c_int), ("Type", ctypes.c_int), ("TargetName", ctypes.c_wchar_p), ("Comment", ctypes.c_wchar_p), ("CredentialBlobSize", ctypes.c_int), ("CredentialBlob", ctypes.c_wchar_p), ("AttributeCount", ctypes.c_int), ("Attributes", ctypes.c_wchar_p), ("TargetAlias",