The strange thing about windows down with gettokeninformation--two calls

is to use the Getlasterr can get the error number, at the same time, will be required to write the length of the parameters, and then a second call, so as to save memory space.

The magic of long-time insight.

The relevant statements are as follows:

======================

The error occurs because the buffer is insufficient. :-) It ' s not large enough for the content. Once again, I refer you to the documentation. If The function fails, the ReturnLength parameter is set to the size of the buffer needed, so you can allocate sufficient memory and call the function again. The general rule for many API calls that has variable buffer requirements is "call the function once with a NULL buffer t o Determine the buffer size needed, allocate the memory, and then call it again to actually retrieve the information "

======================

TOKEN_USERThe structure contains pointers (in particular, a pointer to a so SID itself has variable length). Those pointers has to point somewhere. The API function would expect a buffer big enough to hold not only TOKEN_USER the the the structure but also all the things that St Ructure points to. The function tells your much memory it needs for everything. It'll all reside in adjacent memory.

======================

Recently re-write some of the previously implemented functions, one is to review some of the things learned before, the second is to rewrite a feature in the process of upgrading their existing programming technology and level, today this article is a small summary.

 before writing, please allow me to nag for a moment, the article involved in the technology and code examples may have been in Baidu and Google on a variety of original or reprinted articles, so my content will be as much as those articles in the same thing, For those who have already read those articles or have already been familiar with these technical friends may be slightly mediocre, but this is the experience of their own technology accumulation, laughed at, then the case. The gettokeninformation and settokeninformation functions are available in the Win32 API, and the 2 functions are to retrieve and set information about an access token, and friends interested in the specifics of the access token can go to MSDN to find out, Because there is no direct relationship with the topic of the article, so it is not in detail.Here is the API prototype for GetTokenInformation (if you want to learn more about the details of this function, you can go to MSDN for more information)

Winadvapi

BOOL

WINAPI

GetTokenInformation (

      _in_ HANDLE Tokenhandle,

      _in_ Token_information_class Tokeninformationclass,

       _out_opt_ lpvoid tokeninformation, _in_

      DWORD Tokeninformationlength, _out_

       Pdword Returnlength

);

Generally speaking, this function is a representative of the Win32 API, the meaning of the parameters are also at a glance, here is no longer too much (note: about the gettokeninformation parameter meaning there is an interesting thing here, If interested friends can find my description of it at the end of the article), interested friends can go to MSDN to find specific documentation for this API, below I use a code example to demonstrate how to use the GetTokenInformation function to retrieve all the privileged information of a process

Static Ptoken_groups getprocessgroups (HANDLE hprocess)

{

HANDLE Htoken;

  Ptoken_groups pgroups = NULL;

   DWORD neededsize;

       This gets a handle to the process access token first, and only allows the handle to have information query permissions.

        if (! OpenProcessToken (hprocess, Token_query, &htoken))

          return NULL;

        This is the first time that GetTokenInformation is called to get the size of the buffer that the token information needs,

        This is a common practice in using the Win32 API that many Win32 APIs can use to

       It is not necessary for programmers to always create a buffer that is supposed to be sufficient, which in many cases creates a waste of space

     neededsize = 0;

GetTokenInformation (Htoken, TokenGroups, NULL, Neededsize, &neededsize);

        if (GetLastError () = = Error_insufficient_buffer && neededsize > 0)

      {

               Pgroups = HeapAlloc (GetProcessHeap (), 0, neededsize);

           if (pgroups! = NULL)

            {

                       Here is the real go to retrieve privileged information and check for success or failure.

                     if (! GetTokenInformation (Htoken, TokenGroups, Pgroups, Neededsize, &neededsize))

                        {

                               HeapFree (GetProcessHeap (), 0, pgroups);

                         Pgroups = NULL;

                 }

               }

       }

       CloseHandle (Htoken);

    return pgroups;

}

This function is written in C, the key code next to the comment description of its function, the main content of the document here is finished, but it is worth saying that gettokeninformation can not only get the privileged information of the process, but also to get more information, For example, all user groups that the process belongs to, process owners, and virtualization information, and Token_information_class will tell gettokeninformation what kind of information you want.

Interesting things about the gettokeninformation function parameters

The interesting thing I found in using the gettokeninformation is that Microsoft seems to be having some ambiguity in maintaining the document and the Platform SDK header file.

BOOL

WINAPI

GetTokenInformation (

__in HANDLE Tokenhandle,

__in Token_information_class Tokeninformationclass,

__out_bcount_part_opt (Tokeninformationlength, *returnlength) lpvoid tokeninformation,

__in DWORD Tokeninformationlength,

__out_opt Pdword Returnlength

);

At this point returnlength this parameter with a modifier such as _out_opt, its document convention in the WIN32 API refers to the modified parameter can pass a null pointer in without any problems, At best, you don't know how many bytes the token information is actually populated into the tokeninformation buffer, but it's interesting that the API implementation appears to follow the form defined in the MSDN documentation. That is, returnlength. This value must point to a variable of a valid DWORD type, so if you pass to Returnlength when you call GetTokenInformation, it is a null value. Then GetTokenInformation will return a failure, and calling GetLastError () will return the error code (ERROR_INVALID_PARAMETER). The same problem may not just appear in the GetTokenInformation function, some of the other few APIs may also have such problems, so the use of the time need to pay more attention to the line.

In the MSDN documentation returnlength This parameter is defined as the "required" parameter, the term "required" here means that it is not a NULL pointer value, that is, does not allow such invocation behavior gettokeninformation (..., NULL); But if a careful friend looks at the prototype declaration of the function in this WinBase.h in Microsoft Visual Stdio 2005, it will find that it declares the following form:

The strange thing about windows down with gettokeninformation--two calls