KMDF how to get sid by pid (Security IDentifier by Process IDentifier)?

26 Views Asked by Jaja Jeje At 29 February 2024 at 14:34

How can i get SID by process in KMDF project (c++)?

Anyway, my goal is to find out which user the program is running from, how can I find this out?

I.e.

NTSTATUS PrintUsernameFromPID(DWORD32 pid)
{
...
// Gets pid and outputs the name of the user who ran the program
}

any hint is appreciated

My current code and it is not working all of SID data equal to 0


NTSTATUS GetSIDFromPID(DWORD32 pid1, SID* pOutSid)
{
    if (!pOutSid)
        return STATUS_UNSUCCESSFUL;

    NTSTATUS status = STATUS_SUCCESS;
    PEPROCESS process;
    PACCESS_TOKEN token;
    PTOKEN_USER tokenUser;

    status = PsLookupProcessByProcessId((HANDLE)pid1, &process);
    if (!NT_SUCCESS(status))
    {
        DbgPrintEx(0, 0, "PsLookupProcessByProcessId FAILED!\n");
        return status;
    }

    token = PsReferencePrimaryToken(process);
    if (token == NULL)
    {
        DbgPrintEx(0, 0, "PsReferencePrimaryToken FAILED!\n");

        ObDereferenceObject(process);
        return STATUS_UNSUCCESSFUL;
    }

    status = SeQueryInformationToken(token, TokenUser, (PVOID*)&tokenUser);
    if (!NT_SUCCESS(status))
    {
        DbgPrintEx(0, 0, "SeQueryInformationToken FAILED!\n");
        ObDereferenceObject(token);
        ObDereferenceObject(process);
        return status;
    }

    *pOutSid = *(SID*)(tokenUser->User.Sid);

    ExFreePool(tokenUser);
    ObDereferenceObject(token);
    ObDereferenceObject(process);

    return STATUS_SUCCESS;
}

Original Q&A

KMDF how to get sid by pid (Security IDentifier by Process IDentifier)?

There are 0 best solutions below

Related Questions in WINDOWS-10

Related Questions in KERNEL

Related Questions in PID

Related Questions in SID

Related Questions in KMDF

Trending Questions

Popular # Hahtags

Popular Questions