Windows API OpenProcessToken, GetTokenInformation

The following example uses the OpenProcessToken and gettokeninformation functions to get the group Membe Rships in an access token.

The gettokeninformation function retrieves a specified type of information about a access token. The calling process must has appropriate access rights to obtain the information.

Reference:

Https://msdn.microsoft.com/en-us/library/windows/desktop/aa379554%28v=vs.85%29.aspx

The openprocesstoken function opens the access token associated with a process.

Reference:

Https://msdn.microsoft.com/en-us/library/windows/desktop/aa379295%28v=vs.85%29.aspx

The parameters are as follows:

BOOL WINAPI gettokeninformation (  _in_      HANDLE                  tokenhandle,  _in_      Token_information_class Tokeninformationclass,  _out_opt_ lpvoid                  tokeninformation,  _in_      DWORD                   Tokeninformationlength,  _out_     pdword                  returnlength);

The allocateandinitializesid function allocates and initializes a security identifier (SID) with up To eight subauthorities.

Reference:

Https://msdn.microsoft.com/en-us/library/windows/desktop/aa375213%28v=vs.85%29.aspx

The parameters are as follows:

pidentifierauthority [inch] A pointer to a sid_identifier_authority structure. This structure provides the top-level Identifier Authority value toSet inchThe Sid.nsubauthoritycount [inch] Specifies the number of subauthorities to placeinchThe SID. This parameter also identifies how many of the subauthority parameters has meaningful values. This parameter must contain a value from 1To8. For example, a value of3indicates the subauthority values specified by the dwSubAuthority0, DwSubAuthority1, and DwSubAuthority2 Paramet ERS has meaningful values and to ignore the remainder.dwsubauthority0 [inch] subauthority value to placeinchThe Sid.psid [ out] A pointer to a variable this receives the pointer to the allocated and initialized SID structure.

What access token means:

Reference:

https://msdn.microsoft.com/en-us/library/windows/desktop/ms721532%28v=vs.85%29.aspx#_security_access_token_gly

An access token contains the security information for a logon session. The system creates an access token when a user logs on, and every process executed on behalf of the user have a copy of the Token. The token identifies the user, the user's groups, and the user ' s privileges. The system uses the token to control access to securable objects and to control the ability of the user to perform various system-related operations on the local computer. There is kinds of access token, primary and impersonation.

Sid Meaning:

The system uses the SID in the "access token to identify the user" all subsequent interactions with Windows security.

Reference:

Https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571%28v=vs.85%29.aspx

#include <windows.h>#include<stdio.h>#pragmaComment (lib, "Advapi32.lib")#defineMax_name 256using namespacestd;intMain () {DWORD I, dwsize=0, dwresult =0;    HANDLE Htoken;    Ptoken_groups Pgroupinfo; PSID PSID=NULL; Sid_identifier_authority Sidauth=security_nt_authority; CharLpname[max_name]; CharLpdomain[max_name];    Sid_name_use Sidtype; //Open a handle to the access token for the calling process. //token_query:required to QUERY an access TOKEN. //getcurrentprocess () returns the process handle//[Out]htoken is a handle to access token    if(! OpenProcessToken (GetCurrentProcess (), Token_query, &htoken)) {printf ("OpenProcessToken Error%u\n", GetLastError ()); returnFALSE; }    //The purpose of calling GetTokenInformation is different for two times//Call gettokeninformation to get the buffer size. //The token_groups structure contains information about the group security identifiers (SIDs) under an access TOKEN.    if(! GetTokenInformation (Htoken, TokenGroups, NULL, dwsize, &dwsize)) {Dwresult=GetLastError (); if(Dwresult! =error_insufficient_buffer) {printf ("gettokeninformation Error%u\n", dwresult); returnFALSE; }    }    //Allocate the buffer.Pgroupinfo =(ptoken_groups) GlobalAlloc (gptr, dwsize); //Call GetTokenInformation again to get the group information.    if(!gettokeninformation (Htoken, TokenGroups, Pgroupinfo, dwsize,&dwsize)) {printf ("gettokeninformation Error%u\n", GetLastError ()); returnFALSE; }    //Create a SID for the BUILTIN\Administrators group.        if(! AllocateAndInitializeSid (&sidauth,2, Security_builtin_domain_rid, Domain_alias_rid_admins,0,0,0,0,0,0,        &PSID)) {printf ("allocateandinitializesid Error%u\n", GetLastError ()); returnFALSE; }    //Loop through the group SIDs looking for the administrator SID. //     for(i =0; I < pgroupinfo->groupcount; i++)    {        if(Equalsid (PSID, pgroupinfo->Groups[i]. Sid)) {//Lookup the account name and print it.dwsize=Max_name; if(! LookupAccountSid (NULL, pgroupinfo->Groups[i]. Sid, Lpname,&dwsize, Lpdomain,&dwsize, &Sidtype)) {Dwresult=GetLastError (); if(Dwresult = =error_none_mapped) strcpy_s (lpname, dwsize,"none_mapped"); Else{printf ("LookupAccountSid Error%u\n", GetLastError ()); returnFALSE; }} printf ("Current user is a member of the%s\\%s group\n", Lpdomain, lpname); //Find out whether the SID is enabled in the token.            if(Pgroupinfo->groups[i]. Attributes &se_group_enabled) printf ("The group SID is enabled.\n"); Else if(Pgroupinfo->groups[i]. Attributes &se_group_use_for_deny_only) printf ("The group SID is a deny-only sid.\n"); Elseprintf ("The group SID is not enabled.\n"); }    }    if(PSID) freesid (PSID); if(Pgroupinfo) GlobalFree (pgroupinfo); System ("Pause"); return 0;}

Overall process:

OpenProcessToken: Get token handle

GetTokenInformation: Get group information

For loop: Find in Group

Windows API OpenProcessToken, GetTokenInformation