TechQA.

KMDF how to get sid by pid (Security IDentifier by Process IDentifier)?

26 views Asked by At

How can i get SID by process in KMDF project (c++)?

Anyway, my goal is to find out which user the program is running from, how can I find this out?

I.e.

NTSTATUS PrintUsernameFromPID(DWORD32 pid)
{
...
// Gets pid and outputs the name of the user who ran the program
}

any hint is appreciated

My current code and it is not working all of SID data equal to 0


NTSTATUS GetSIDFromPID(DWORD32 pid1, SID* pOutSid)
{
    if (!pOutSid)
        return STATUS_UNSUCCESSFUL;

    NTSTATUS status = STATUS_SUCCESS;
    PEPROCESS process;
    PACCESS_TOKEN token;
    PTOKEN_USER tokenUser;

    status = PsLookupProcessByProcessId((HANDLE)pid1, &process);
    if (!NT_SUCCESS(status))
    {
        DbgPrintEx(0, 0, "PsLookupProcessByProcessId FAILED!\n");
        return status;
    }

    token = PsReferencePrimaryToken(process);
    if (token == NULL)
    {
        DbgPrintEx(0, 0, "PsReferencePrimaryToken FAILED!\n");

        ObDereferenceObject(process);
        return STATUS_UNSUCCESSFUL;
    }

    status = SeQueryInformationToken(token, TokenUser, (PVOID*)&tokenUser);
    if (!NT_SUCCESS(status))
    {
        DbgPrintEx(0, 0, "SeQueryInformationToken FAILED!\n");
        ObDereferenceObject(token);
        ObDereferenceObject(process);
        return status;
    }

    *pOutSid = *(SID*)(tokenUser->User.Sid);

    ExFreePool(tokenUser);
    ObDereferenceObject(token);
    ObDereferenceObject(process);

    return STATUS_SUCCESS;
}
windows-10 kernel pid sid kmdf
Original Q&A
0

There are 0 answers

Related Questions in WINDOWS-10

Related Questions in KERNEL

Related Questions in PID

Related Questions in SID

Related Questions in KMDF

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions