The following example uses the OpenProcessToken and gettokeninformation functions to get the group Membe Rships in an access token.
The gettokeninformation function retrieves a specified type of information about a access token. The calling process must has appropriate access rights to obtain the information.
Reference:
Https://msdn.microsoft.com/en-us/library/windows/desktop/aa379554%28v=vs.85%29.aspx
The openprocesstoken function opens the access token associated with a process.
Reference:
Https://msdn.microsoft.com/en-us/library/windows/desktop/aa379295%28v=vs.85%29.aspx
The parameters are as follows:
BOOL WINAPI gettokeninformation ( _in_ HANDLE tokenhandle, _in_ Token_information_class Tokeninformationclass, _out_opt_ lpvoid tokeninformation, _in_ DWORD Tokeninformationlength, _out_ pdword returnlength);
The allocateandinitializesid function allocates and initializes a security identifier (SID) with up To eight subauthorities.
Reference:
Https://msdn.microsoft.com/en-us/library/windows/desktop/aa375213%28v=vs.85%29.aspx
The parameters are as follows:
pidentifierauthority [inch] A pointer to a sid_identifier_authority structure. This structure provides the top-level Identifier Authority value toSet inchThe Sid.nsubauthoritycount [inch] Specifies the number of subauthorities to placeinchThe SID. This parameter also identifies how many of the subauthority parameters has meaningful values. This parameter must contain a value from 1To8. For example, a value of3indicates the subauthority values specified by the dwSubAuthority0, DwSubAuthority1, and DwSubAuthority2 Paramet ERS has meaningful values and to ignore the remainder.dwsubauthority0 [inch] subauthority value to placeinchThe Sid.psid [ out] A pointer to a variable this receives the pointer to the allocated and initialized SID structure.
What access token means:
Reference:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms721532%28v=vs.85%29.aspx#_security_access_token_gly
An access token contains the security information for a logon session. The system creates an access token when a user logs on, and every process executed on behalf of the user have a copy of the Token. The token identifies the user, the user's groups, and the user ' s privileges. The system uses the token to control access to securable objects and to control the ability of the user to perform various system-related operations on the local computer. There is kinds of access token, primary and impersonation.
Sid Meaning:
The system uses the SID in the "access token to identify the user" all subsequent interactions with Windows security.
Reference:
Https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571%28v=vs.85%29.aspx
#include <windows.h>#include<stdio.h>#pragmaComment (lib, "Advapi32.lib")#defineMax_name 256using namespacestd;intMain () {DWORD I, dwsize=0, dwresult =0; HANDLE Htoken; Ptoken_groups Pgroupinfo; PSID PSID=NULL; Sid_identifier_authority Sidauth=security_nt_authority; CharLpname[max_name]; CharLpdomain[max_name]; Sid_name_use Sidtype; //Open a handle to the access token for the calling process. //token_query:required to QUERY an access TOKEN. //getcurrentprocess () returns the process handle//[Out]htoken is a handle to access token if(! OpenProcessToken (GetCurrentProcess (), Token_query, &htoken)) {printf ("OpenProcessToken Error%u\n", GetLastError ()); returnFALSE; } //The purpose of calling GetTokenInformation is different for two times//Call gettokeninformation to get the buffer size. //The token_groups structure contains information about the group security identifiers (SIDs) under an access TOKEN. if(! GetTokenInformation (Htoken, TokenGroups, NULL, dwsize, &dwsize)) {Dwresult=GetLastError (); if(Dwresult! =error_insufficient_buffer) {printf ("gettokeninformation Error%u\n", dwresult); returnFALSE; } } //Allocate the buffer.Pgroupinfo =(ptoken_groups) GlobalAlloc (gptr, dwsize); //Call GetTokenInformation again to get the group information. if(!gettokeninformation (Htoken, TokenGroups, Pgroupinfo, dwsize,&dwsize)) {printf ("gettokeninformation Error%u\n", GetLastError ()); returnFALSE; } //Create a SID for the BUILTIN\Administrators group. if(! AllocateAndInitializeSid (&sidauth,2, Security_builtin_domain_rid, Domain_alias_rid_admins,0,0,0,0,0,0, &PSID)) {printf ("allocateandinitializesid Error%u\n", GetLastError ()); returnFALSE; } //Loop through the group SIDs looking for the administrator SID. // for(i =0; I < pgroupinfo->groupcount; i++) { if(Equalsid (PSID, pgroupinfo->Groups[i]. Sid)) {//Lookup the account name and print it.dwsize=Max_name; if(! LookupAccountSid (NULL, pgroupinfo->Groups[i]. Sid, Lpname,&dwsize, Lpdomain,&dwsize, &Sidtype)) {Dwresult=GetLastError (); if(Dwresult = =error_none_mapped) strcpy_s (lpname, dwsize,"none_mapped"); Else{printf ("LookupAccountSid Error%u\n", GetLastError ()); returnFALSE; }} printf ("Current user is a member of the%s\\%s group\n", Lpdomain, lpname); //Find out whether the SID is enabled in the token. if(Pgroupinfo->groups[i]. Attributes &se_group_enabled) printf ("The group SID is enabled.\n"); Else if(Pgroupinfo->groups[i]. Attributes &se_group_use_for_deny_only) printf ("The group SID is a deny-only sid.\n"); Elseprintf ("The group SID is not enabled.\n"); } } if(PSID) freesid (PSID); if(Pgroupinfo) GlobalFree (pgroupinfo); System ("Pause"); return 0;}
Overall process:
OpenProcessToken: Get token handle
GetTokenInformation: Get group information
For loop: Find in Group
Windows API OpenProcessToken, GetTokenInformation