Forum | | | | | | - Page 1 - |
|  | Hello Profaner...
I have to, me soon time something mowers with the NT/NTFS File-Security To keep busy - Show and Change of Eigentümern and son stuff to that example. has someone such a thing already time made (with Security Descriptors worked) or there interest on the Topic? |
| | | | | | |
| | | | | | - Page 4 - |
| | | | OK - now are you dran. Füge time to the besagten row a Editbox one and let you The values spend - i think my suspicion will confirm. |
| | | | | | |
| | 
CB | the stupid on it is, that I on unserem companies-PC no eindeutige Zeilenzuordnung meet can - I kanns there verständlicherweise only compiled testing and on my private PC wars I these Error Message none. whom commands have You there in the suspicion? and wieso wars I this Error only with Benutzerrechten?
Christian |
| | | | | | |
| | 
Ragnar
Rehbein | Why compilierst You not XPSE ???
I have To eachone Version The I in employment have The suitable .enh - File stored.
therefore have I always The right row with fehlermeldungen parat.
I stubborn cut down (windowsschutzverletzungen) übersetze I with {$debug kernelout} and let me whom quellcode with debugview Show.
r.r. |
| | | | | | |
| | | Hello Christian...
I faith, I have you The whole Time not correctly. understood:
you have The Problems means on your companies-PC, and there are you only one User with eingeschränkten Rechten and no Admin?
I set here in my code Systemeinstellungen.
lest eachone Schwachkopf in the system fiddle can, are The Systemeinstellungen through Privilegien Safe.
circa you The data the Security Descriptors over The API Show To let, must your Account the privilege SeSecurityPrivilege own. The occupancy this Privilegs becomes u.a. by the group geregelt, the your Account angehört (Administrator or user with eingeschränkten Rechten). in the rule are Privilegien deaktiviert, d.h. too Admins cannot without further Systemeinstellungen over The API Change.
In my View source activate I with AdjustTokenPrivileges The Privilegien in the Token the aufrufenden Program. The Token is a one Process (Program) zugeordneter Speicherbereich, the Info over the User contains, the straight the program executing - itself means eingeloggt has.
I wealth time, you have the privilege none, that I here enable wants...
as follow of it supply GetFileSecurity only Garbage back. there GetFileSecurity u.a. The Size the Security Descriptors ausliest, is Needed& well 0.
with DIM PSECURITY_DESCRIPTOR#,Needed& becomes means the area not correctly. dimensioniert.
under 2000 power dss no Problems, I could me but present, that XP there something differently reacted.
I have once more something changed and wants hoping, the now The Fehlermeldungen stay away.
Error 997 is incidentally nothing Schlimmes, as long as The aufrufende function whom success reports.
CompileMarkSeparationWindowstyle 31
Windowtitle "File Security"
Window 0,0-640,440
DEF @GetFileSecurity(5) !"ADVAPI32","GetFileSecurityA"
DEF @GetLastError(0) !"KERNEL32","GetLastError"
DEF @SetLastError(1) !"KERNEL32","SetLastError"
DEF @LookupPrivilegeName(4)!"advapi32","LookupPrivilegeNameA" Ermittelt aus dem Luid eines Privilegs dessen Namen.
DEF @LookupPrivilegeValue(3) !"advapi32","LookupPrivilegeValueA" Ermittelt aus dem Namen eines Privilegs dessen Luid.
DEF @OpenProcessToken(3) !"advapi32","OpenProcessToken" Öffnet Einstellprozess.
DEF @AdjustTokenPrivileges(6) !"advapi32","AdjustTokenPrivileges" Stellt Privilegien ein.
DEF @GetCurrentProcess(0) !"kernel32","GetCurrentProcess" Ermittel das Handle des aktiven Prozesses.
DEF @CloseHandle(1) !"kernel32","CloseHandle" Schließt ein Handle (Programm).
Def @GetVolumeInformation(8) !"KERNEL32","GetVolumeInformationA"
DEF @GetSecurityDescriptorOwner(3) !"ADVAPI32","GetSecurityDescriptorOwner"
DEF @GetSecurityDescriptorGroup(3) !"ADVAPI32","GetSecurityDescriptorGroup"
DEF @GetSecurityDescriptorDACL(4) !"ADVAPI32","GetSecurityDescriptorDacl"
DEF @LookupAccountSid(7) !"ADVAPI32","LookupAccountSidA"
DEF @IsValidSecurityDescriptor(1) !"ADVAPI32","IsValidSecurityDescriptor"
DEF @IsValidSid(1) !"ADVAPI32","IsValidSid"
DEF @IsValidAcl(1) !"ADVAPI32","IsValidAcl"
DEF @GetAclInformation(4) !"ADVAPI32","GetAclInformation"
DEF @CopyMemory(3) !"kernel32","RtlMoveMemory"
DEF @GetAce(3) !"ADVAPI32","GetAce"
DEF @ConvertSidToStringSid(2) !"ADVAPI32","ConvertSidToStringSidA"
DEF @LocalFree(1) !"KERNEL32","LocalFree"
Declare Filename$,Fehler&,PSECURITY_DESCRIPTOR#,Needed#,Needed&
Declare NewState#,token#,Privileg#,Luid#,System$
Declare Laufwerk$,Label#,LFLAGS#,DAT#
DEclare SID#,GFLAG#
DEclare ACCOUNT_NAME#,SIZE_ACCOUNT#,Domain#,SIZE_DOMAIN#,SID_NAME_USE#
Declare Test&
Declare DACL_PRESENT#,P_ACL#,DACL_D#
Declare ACL_INFO#,Zähler&,ACE#,P_ACE#,ACE_SIZE&,STRSID#,P_STRSID#
Declare SID2#,IO%,ADDR_NEWSTATE&
LET Filename$=@LOADFILE$("Datei laden","Alle Dateien |*.*|Textdateien|*.TXT")
IF Filename$<>""
CLEARLIST
LET LAUFWERK$=@LEFT$(Filename$,3)
DIM Label#,256
DIM LFLAGS#,4
DIM DAT#,256
DIM STRSID#,256
DIM P_STRSID#,4
ADDSTRING "Gewählte Datei="+Filename$
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
LET FEHLER&=@GetVolumeInformation(@ADDR(Laufwerk$),Label#,256,0,0,LFlags#,DAT#,256)
ADDSTRING "Rückgabe von GetVolumeInformation="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
ADDSTRING "Laufwerksflags="+@BIN$(@LONG(LFLAGS#,0))
IF @LONG(LFLAGS#,0) | $8 = @LONG(LFLAGS#,0)
ADDSTRING "Zugriff ist einschränkbar"
else
ADDSTRING "Zugriff ist nicht einschränkbar"
endif
ADDSTRING "Ausgelesene Partition="+@String$(Dat#,0)
dim token#,4
DIM NewState#,16
DIM Luid#,8
DIM Privileg#,33
ADDSTRING "Windowsversion="+$WINVER
Long NewState#,0=1 Nur ein Privileg soll geändert werden
Long NewState#,12=$00000002 Das Privileg soll eingeschaltet werden
LET FEHLER&=@OpenProcessToken(@GetCurrentProcess(),$0020 | $0008,Token#)
ADDSTRING "Rückgabe von OpenProcessToken="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
Clear Privileg#
Clear LUID#
STRING Privileg#,0="SeSecurityPrivilege"
LET Fehler&=@LookupPrivilegeValue(@addr(System$),Privileg#,LUID#)
ADDSTRING "Rückgabe von LookupPrivilegeValue für SeSecurityPrivilege="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
ADDSTRING "Reset des API-Fehlers wird durchgeführt"
@SetLastError(0)
LET IO%=%IORESULT
LET ADDR_NEWSTATE&=NewState#
LET ADDR_NEWSTATE&=ADDR_NEWSTATE&+4
@CopyMemory(ADDR_NEWSTATE&,Luid#,8)
ADDSTRING "Letzter API-Fehler nach CopyMemory="+@STR$(@GetLastError())
Let Fehler&=@AdjustTokenPrivileges(@LONG(Token#,0),0,NewState#,0,0,0)
ADDSTRING "Rückgabe von AdjustTokenPrivileges="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
Clear NewState#
Long NewState#,0=1 Nur ein Privileg soll geändert werden
Long NewState#,12=$00000002 Das Privileg soll eingeschaltet werden
Clear Privileg#
Clear LUID#
STRING Privileg#,0="SeTakeOwnershipPrivilege"
LET Fehler&=@LookupPrivilegeValue(@addr(System$),Privileg#,LUID#)
ADDSTRING "Rückgabe von LookupPrivilegeValue fur SeTakeOwnershipPrivilege="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
ADDSTRING "Reset des API-Fehlers wird durchgeführt"
@SetLastError(0)
LET IO%=%IORESULT
LET ADDR_NEWSTATE&=NewState#
LET ADDR_NEWSTATE&=ADDR_NEWSTATE&+4
@CopyMemory(ADDR_NEWSTATE&,Luid#,8)
ADDSTRING "Letzter API-Fehler nach CopyMemory="+@STR$(@GetLastError())
Let Fehler&=@AdjustTokenPrivileges(@LONG(Token#,0),0,NewState#,0,0,0)
ADDSTRING "Rückgabe von AdjustTokenPrivileges="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
ADDSTRING "Reset des API-Fehlers wird durchgeführt"
@SetLastError(0)
LET IO%=%IORESULT
DIM Needed#,4
Clear Needed#
LET Fehler&=@GetFileSecurity(@ADDR(Filename$),$1 | $2 | $4 | $8,0,0,Needed#)
ADDSTRING "Rückgabe von GetFileSecurity="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
LET NEEDED&=@LONG(Needed#,0)
ADDSTRING "Erforderliche Länge des Security Descriptor="+@STR$(Needed&)
CASE NEEDED&=0 : LET NEEDED&=1024
DIM PSECURITY_DESCRIPTOR#,Needed&
Clear PSECURITY_DESCRIPTOR#
@SetLastError(0)
LET Fehler&=@GetFileSecurity(@ADDR(Filename$),$1 | $2 | $4,PSECURITY_DESCRIPTOR#,NEEDED&,Needed#)
ADDSTRING "Rückgabe von GetFileSecurity="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
LET Fehler&=@IsValidSecurityDescriptor(PSECURITY_DESCRIPTOR#)
ADDSTRING "Rückgabe von IsValidSecurityDescriptor="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
DIM SID#,4
DIM GFlag#,4
Clear SID#
Clear GFLAG#
LET FEHLER&=@GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR#,SID#,GFLAG#)
ADDSTRING "Rückgabe von GetSecurityDescriptorOwner="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
LET Fehler&=@IsValidSid(@long(SID#,0))
ADDSTRING "Rückgabe von IsValidSid für den Besitzer="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
DIM ACCOUNT_NAME#,256
DIM SIZE_ACCOUNT#,4
DIM Domain#,256
DIM SIZE_DOMAIN#,4
DIM SID_NAME_USE#,4
Clear SID_NAME_USE#
Clear ACCOUNT_NAME#
Clear Domain#
Long SIZE_ACCOUNT#,0=255
LONG SIZE_DOMAIN#,0=255
LET FEHLER&=@LookupAccountSid(@ADDR(System$),@Long(SID#,0),ACCOUNT_NAME#,SIZE_ACCOUNT#,Domain#,SIZE_DOMAIN#,SID_NAME_USE#)
ADDSTRING "Rückgabe von LookupAccountSid="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
ADDSTRING "Reset des API-Fehlers wird durchgeführt"
@SetLastError(0)
LET IO%=%IORESULT
ADDSTRING "Domainname="+@String$(Domain#,0)
ADDSTRING "Besitzer der Datei="+@String$(ACCOUNT_NAME#,0)
Clear STRSID#
IF @VAL(@LEFT$($WINVER,3))>=5.0
LET FEHLER&=@ConvertSidToStringSid(@Long(SID#,0),P_STRSID#)
@CopyMemory(STRSID#,@LONG(P_STRSID#,0),255)
ADDSTRING "String-SID des Besitzers="+@STRING$(STRSID#,0)
ADDSTRING "Rückgabe von ConvertSidToStringSid="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
endif
LET Fehler&=@LocalFree(@LONG(P_STRSID#,0))
ADDSTRING "Rückgabe von LocalFree für den String-SID="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
Clear SID_NAME_USE#
Clear ACCOUNT_NAME#
Clear Domain#
Clear SID#
Clear GFLAG#
LET FEHLER&=@GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR#,SID#,GFLAG#)
ADDSTRING "Rückgabe von GetSecurityDescriptorGroup="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
LET Fehler&=@IsValidSid(@long(SID#,0))
ADDSTRING "Rückgabe von IsValidSid für die primäre Gruppe="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
Long SIZE_ACCOUNT#,0=255
LONG SIZE_DOMAIN#,0=255
LET FEHLER&=@LookupAccountSid(@ADDR(System$),@Long(SID#,0),ACCOUNT_NAME#,SIZE_ACCOUNT#,Domain#,SIZE_DOMAIN#,SID_NAME_USE#)
ADDSTRING "Rückgabe von LookupAccountSid="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
ADDSTRING "Reset des API-Fehlers wird durchgeführt"
@SetLastError(0)
LET IO%=%IORESULT
ADDSTRING "Domainname="+@String$(Domain#,0)
ADDSTRING "Primäre Gruppe der Datei="+@String$(ACCOUNT_NAME#,0)
DIM DACL_PRESENT#,1
DIM P_ACL#,4
DIM DACL_D#,4
Let Fehler&=@GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR#,DACL_PRESENT#,P_ACL#,DACL_D#)
ADDSTRING "Rückgabe von GetSecurityDescriptorDacl="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
LET Fehler&=@IsValidAcl(@long(P_ACL#,0))
ADDSTRING "Rückgabe von IsValidAcl für den DACL="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
IF Fehler&=1
DIM ACL_INFO#,12
DIM P_ACE#,4
CLEAR ACL_INFO#
Let Fehler&=@GetAclInformation(@long(P_ACL#,0),ACL_INFO#,12,2)
ADDSTRING "Rückgabe von GetAclInformation="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
ADDSTRING "ACEs in ACL="+@STR$(@LONG(ACL_INFO#,0))
LET Zähler&=0
IF @STR$(@LONG(ACL_INFO#,0))<>0
While Zähler&<@LONG(ACL_INFO#,0)
Clear P_ACE#
Let Fehler&=@GetAce(@long(P_ACL#,0),Zähler&,P_ACE#)
DIM ACE#,4
Clear ACE#
@CopyMemory(ACE#,@LONG(P_ACE#,0),4)
LET ACE_SIZE&=@Word(ACE#,2)
ADDSTRING "Größe des "+@STR$(@INT(Zähler&+1))+".ACEs="+@STR$(@Word(ACE#,2))
IF @BYTE(ACE#,0)=0
ADDSTRING "ACE Typ des "+@STR$(@INT(Zähler&+1))+".ACEs=ACCESS_ALLOWED_ACE_TYPE"
ElseIF @BYTE(ACE#,0)=1
ADDSTRING "ACE Typ des "+@STR$(@INT(Zähler&+1))+".ACEs=ACCESS_DENIED_ACE_TYPE"
ElseIF @BYTE(ACE#,0)=2
ADDSTRING "ACE Typ des "+@STR$(@INT(Zähler&+1))+".ACEs=SYSTEM_AUDIT_ACE_TYPE"
ElseIF @BYTE(ACE#,0)=3
ADDSTRING "ACE Typ des "+@STR$(@INT(Zähler&+1))+".ACEs=SYSTEM_ALARM_ACE"
endif
Dispose ACE#
DIM ACE#,ACE_SIZE&
Clear SID_NAME_USE#
Clear ACCOUNT_NAME#
Clear Domain#
Clear ACE#
Long SIZE_ACCOUNT#,0=255
LONG SIZE_DOMAIN#,0=255
@CopyMemory(ACE#,@LONG(P_ACE#,0),ACE_SIZE&)
DIM SID2#,ACE_SIZE&-8
@CopyMemory(SID2#,@LONG(P_ACE#,0)+8,ACE_SIZE&-8)
LET FEHLER&=@LookupAccountSid(@ADDR(System$),SID2#,ACCOUNT_NAME#,SIZE_ACCOUNT#,Domain#,SIZE_DOMAIN#,SID_NAME_USE#)
ADDSTRING "Rückgabe von LookupAccountSid="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
ADDSTRING "Reset des API-Fehlers wird durchgeführt"
@SetLastError(0)
LET IO%=%IORESULT
ADDSTRING @STR$(Zähler&)+". ACE Bezogen auf SID="+@String$(ACCOUNT_NAME#,0)
ADDSTRING @STR$(Zähler&)+". ACE Bezogen auf Domainname="+@String$(Domain#,0)
ADDSTRING "Accessrechte des "+@STR$(Zähler&)+". ACEs=$"+@HEX$(@LONG(ACE#,4))
LET Zähler&=Zähler&+1
Dispose SID2#
Dispose ACE#
wend
Endif
Endif
LET FEHLER&=@CloseHandle(@LONG(Token#,0))
ADDSTRING "Rückgabe von CloseHandle="+@STR$(Fehler&)
ADDSTRING "Letzter API-Fehler="+@STR$(@GetLastError())
Dispose P_ACE#
Dispose ACL_INFO#
Dispose DACL_D#
Dispose P_ACL#
Dispose DACL_PRESENT#
Dispose SID_NAME_USE#
Dispose ACCOUNT_NAME#
Dispose SIZE_ACCOUNT#
Dispose Domain#
Dispose SIZE_DOMAIN#
Dispose SID#
Dispose GFLAG#
Dispose Luid#
Dispose Privileg#
Dispose NewState#
Dispose token#
Dispose Needed#
Dispose PSECURITY_DESCRIPTOR#
Dispose Label#
Dispose LFlags#
DISPOSE DAT#
Dispose STRSID#
Dispose P_STRSID#
@Editbox("API Rückgaben",1)
Ea>
While 0=0
Waitinput
Wend
the second privilege, that I here activate, is incidentally necessary, circa incidentally moreover necessary, around the proprietor To Change... |
| | | | | | |
| |
CB | the 1. make I Yes - therefore voices Yes The Zeilennummern in the .enh not any more with the ursprünglichen code überein - in the enh stand any Declares in the 1. row, where stand The in the .prc? there shift itself everything a morsel of.
Debuggen can I in the Fa not, because I there no Profan install can - if The rauskriegen, that I there stranger Progs installiere, moreover have I there only Benutzerrechte ...
Christian |
| | | | | | |
| | | Hello Christian...
do you need there also not testing - I have mere The whole Time virtual, You would have the trouble on your computer To dwell - as Admin.
Dass not with all Useraccount functions, is completely clear and nachzuvollziehen - and the need We also not further nachzugehen - means go ahead dwell testing. I have you already time said - is everything nothing for Hacker, only for Admins.
i'll me soon still in whom SACL reinknien and then go any values yet changed...
The Zeilennummer is correct u.a. because of the Leerzeilen not. |
| | | | | | |
| |
CB | Erspart me something work  - but interested hätts me already, wieso these Error Message only with Benutzerrechten appears...
Christian |
| | | | | | |
| |
Ragnar
Rehbein | another nice option is the compileroption -M with XProfan9.
then becomes a mapdatei for zeilennummern created.
these ought to at find the fehlerhaften row help.
have I yet but only short tested. can means not say How very she's.
r.r. |
| | | | | | |
| | | Hello Christian...
The Statement, The I in moment have, have I already posted. If the so is, might the Error since the last View source fixed his.
another integrally stupid question:
as i me to of/ one Time with the Privilegien and thereafter with the LSA-Security-API engage have, have I so whom local get, that nobody from the XP and 2000 fans (apparently Roland neither) a blassen Schimmer of it has, How the Betriebsystem at all vaguely operates.
self The things, The You over The Registry recognized have, shining here hardly someone ( - or except us both quite none?) to know - or The, The the know, keep your know for itself.
In how far have you got understood, what there in the View source - and hereon related in the Betriebssystem - bislang expires, or are the everything böhmishe villages for you? It's all right I do not around the function eachone API, separate only therefore, what there in the principle happens... |
| | | | | | |
| | | Hello Ragnar...
best Thanks for Info, but zumindestens I work yet with Profan 7.5  .
In how far have you got Einblick into Security? I have slow so whom local, that I the only be, the itself ever so engage has... |
| | | | | | |
| |
CB | Hello Andreas!
What the Security angeht: I have me already to years one bissel with Netzwerken and Rechtevergaben etc. auseinandergesetzt and I therefore already a vaguely Review, mere reicht The unfortunately not from, circa you a large Help his to, already sooner with the Registry - with the have I something intensiver befasst.
Also hats me always already interested, what there in the background so expires, zB at Access to a File, where within of/ one second a couple thousand Schreib- and Lesezugriffe on The Reg. come off. gives Yes integrally nice Tools moreover, of [...]  in example...
Specifically TokenMon (goes unfortunately only NT and 2000) could I me present that tappt im dunkeln us weiterhilft.
Christian |
| | | | | | |
| | | Hello Christian...
that you you well in the Registry auskennst have I me already virtual. I have therefore a SID too in Stringform dastellen let => Related moreover HKEY_USERS.
where Gibts these Tools? sees very schick from!
If you there otherwise irgenwas unclear is - frag me simply. i think, I habs understood.
Help I will well hardly need - The thing turn out to be integral plainer as everything else, I bislang in the Securitybereich zusammengeschustert have.
what I yet bräuchte, would a possible complete list all User and groups one Systems.
on The User be I bislang always so herangekommen:
- under HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionProfileListProfilesDirectory read I the way asus, in the The Userprofile stored are.
- I Search then there to whom vorhandenen Verzeichnissen.
- Currently see I then to, whether in this directory a NTUSER.DAT existing. rather would however then LookupAccountName and IsValidSid To use, in order to testing, whether the directory the Loginname one Users is.
You seem there in the Registry too some over The groups found to have - a idea How one The lists could? |
| | | | | | |
|
AnswerThemeninformationenthis Topic has 6 subscriber: |
(551)
Deutsch
English
Français
Español
Italia
