advapi32

问题 I want get the current Advanced Security Audit Policy using PowerShell. I could use auditpol.exe , but its ouput is different per OS language, which makes it difficult to parse. The settings are stored in a REG_NONE value in HKEY_Local_Machine\Security\Policy\PolAdtEv . I could try to parse the value with the help of that unofficial structure table. My preferred approach, however, is to use the Windows API function AuditQuerySystemPolicy of advapi32.dll . With the great help of this article,

问题 I want get the current Advanced Security Audit Policy using PowerShell. I could use auditpol.exe , but its ouput is different per OS language, which makes it difficult to parse. The settings are stored in a REG_NONE value in HKEY_Local_Machine\Security\Policy\PolAdtEv . I could try to parse the value with the help of that unofficial structure table. My preferred approach, however, is to use the Windows API function AuditQuerySystemPolicy of advapi32.dll . With the great help of this article,

问题 I want get the current Advanced Security Audit Policy using PowerShell. I could use auditpol.exe , but its ouput is different per OS language, which makes it difficult to parse. The settings are stored in a REG_NONE value in HKEY_Local_Machine\Security\Policy\PolAdtEv . I could try to parse the value with the help of that unofficial structure table. My preferred approach, however, is to use the Windows API function AuditQuerySystemPolicy of advapi32.dll . With the great help of this article,

问题 I am writing a Python3 script for someone, that utilizes the advapi dll and its LogonUserW function via ctypes. When running the code in the __init__ function dll_location = find_library("advapi32"); if (dll_location == None): raise FileNotFoundError adv_dll = WinDLL(dll_location); #gets the pointer to the function logonUser = adv_dll.LogonUserW; self.logonUser = logonUser In login(username, domain, password) function #Sets the parameters to call the DLL loginType = DWORD(2) loginProvider =

问题 I am writing a Python3 script for someone, that utilizes the advapi dll and its LogonUserW function via ctypes. When running the code in the __init__ function dll_location = find_library("advapi32"); if (dll_location == None): raise FileNotFoundError adv_dll = WinDLL(dll_location); #gets the pointer to the function logonUser = adv_dll.LogonUserW; self.logonUser = logonUser In login(username, domain, password) function #Sets the parameters to call the DLL loginType = DWORD(2) loginProvider =

问题 I need to get the AuthenticationID as returned by GetTokenInformation with the TokenStatistics class for the user that logged in on the station whether I'm elevated or not. Lemme give you some more info. Suppose I do : var Result = GetTokenInformation(WindowsIdentity.GetCurrent().Token, TOKEN_INFORMATION_CLASS.TokenStatistics, TokenInformation, TokenInfLength, out TokenInfLength); This will allow me to get the AuthenticationID from the TokenInformation structure without problem. Let's say the

问题 I need to get the AuthenticationID as returned by GetTokenInformation with the TokenStatistics class for the user that logged in on the station whether I'm elevated or not. Lemme give you some more info. Suppose I do : var Result = GetTokenInformation(WindowsIdentity.GetCurrent().Token, TOKEN_INFORMATION_CLASS.TokenStatistics, TokenInformation, TokenInfLength, out TokenInfLength); This will allow me to get the AuthenticationID from the TokenInformation structure without problem. Let's say the

问题 It's a pointer to an array of LSA_UNICODE_STRING structures. I found some code that does the inverse, i.e., create a LSA_UNICODE_STRING from a C# string. You can see that in the helper code section below. What I have up to and including the call to LsaEnumerateAccountRights() seems to work just fine. Sensible values are returned for the array pointer and for the count. I am at a loss as to how to get at those blasted strings. Help please? Pretty please? UPDATE: nobugz's helper function in his

问题 I have wrote a code to check is a process running on the same machine has administrator privileges or not. But it always returns false. Can you tell me what's wrong with it. private static bool HasAdminPrivileges(int processId) { var hProcess = WinApi.OpenProcess(ProcessAccessFlags.QueryInformation, false, processId); var opened = WinApi.OpenProcessToken(hProcess, WinApi.TOKEN_QUERY, out IntPtr hToken); if (opened) { var token = new IntPtr(hProcess.ToInt64() + hToken.ToInt64()); // 64 bit

问题 I am trying to read the Windows Credential vault using ctypes API, but I am unsure how to cast back the function result back into a usable ctypes.Structure. import ctypes class CREDENTIALS(ctypes.Structure): _fields_ = [ ("Flags", ctypes.c_int), ("Type", ctypes.c_int), ("TargetName", ctypes.c_wchar_p), ("Comment", ctypes.c_wchar_p), ("CredentialBlobSize", ctypes.c_int), ("CredentialBlob", ctypes.c_wchar_p), ("AttributeCount", ctypes.c_int), ("Attributes", ctypes.c_wchar_p), ("TargetAlias",