Type a page name and press Enter. You'll jump to the page if it exists, or you can create it if it doesn't.
To create a page in a module other than netapi32, prefix the name with the module name and a period.
With all the different information you can get with just one command; this one sure is difficult. Very, very little documentation on this because Microsoft probably doesn't want easy access to these. My company has allowed me to contribute my findings as long as I mention it. We are Digital Boundary Group, based in London, Ontario, Canada, and we do penetration testing. Please visit us at http://digitalboundary.net I will be allowed to continue my contributions as long as my company does not lose credit for its contributions.
//Everything from here until the "Good Stuff", was copied from this site
byte[] Sid = null;
uint cbSid = 0;
StringBuilder referencedDomainName = new StringBuilder();
uint cchReferencedDomainName = (uint)referencedDomainName.Capacity;
SID_NAME_USE sidUse;
int err = 0;
if (!LookupAccountName(this.ResourceName, this.UserName, Sid, ref cbSid, referencedDomainName, ref cchReferencedDomainName, out sidUse))
{
err = Marshal.GetLastWin32Error();
if (err == ERROR_INSUFFICIENT_BUFFER || err == ERROR_INVALID_FLAGS)
{
Sid = new byte[cbSid];
referencedDomainName.EnsureCapacity((int)cchReferencedDomainName);
err = 0;
if (!LookupAccountName(this.ResourceName, this.UserName, Sid, ref cbSid, referencedDomainName, ref cchReferencedDomainName, out sidUse))
err = Marshal.GetLastWin32Error();
//throw error here
//return custom error constant
}
}
LSA_UNICODE_STRING aSystemName = new LSA_UNICODE_STRING();
uint aOpenPolicyResult = LsaOpenPolicy(ref aSystemName, ref aObjectAttributes, aAccess, out aPolicyHandle);
//Here's the "Good Stuff" folks
//This example gets Audit Policy information
uint retval = LsaQueryInformationPolicy(aPolicyHandle, infoclass, out bufptr);
//do what you want with the retval, this is a pretty lazy example
_POLICY_AUDIT_EVENTS_INFO pevents;
//Marshal the pointer to structure; pretty standard stuff
pevents = (_POLICY_AUDIT_EVENTS_INFO)Marshal.PtrToStructure(bufptr, typeof(_POLICY_AUDIT_EVENTS_INFO));
//Microsoft states that this could be an arbitrary number of elements because they may expand upon this in later Windows versions
int[] policy_values = new int[pevents.MaximumAuditEventCount];
//pevents.MaximumAuditEventCount gives you the number of elements, take this number of elements and Marshall copy the array
Marshal.Copy(pevents.EventAuditingOptions, policy_values, 0, pevents.MaximumAuditEventCount);
//Only take the lowest array count
int max_policies = Policies.GetLength(0);
max_policies = max_policies > pevents.MaximumAuditEventCount ? pevents.MaximumAuditEventCount : max_policies;
//Grade 10 programming class
for (int x = 0; x < max_policies; x++)
{
switch (policy_values[x])
{
case 0:
Policies[x, 1] = "None";
break;
case 1:
Policies[x, 1] = "Success";
break;
case 2:
Policies[x, 1] = "Failure";
break;
case 3:
Policies[x, 1] = "Success/Failure";
break;
}
}
return 0;
}
public struct _POLICY_AUDIT_EVENTS_INFO
{
public bool AuditingMode;
public IntPtr EventAuditingOptions;
public Int32 MaximumAuditEventCount;
}
Microsoft also has an enumeration for the different policies; but like I said above, they strongly caution you to not fix the number of elements in the array because that can and probably will change. Use my array at the top of the function for now.
Happy coding! http://digitalboundary.net
An IntPtr is a pointer to a memory location (unmanaged) that adapts to the platform it is running on (64-bit, etc.) UNLIKE a standard int/Integer. You should always use this type for unmanaged calls that require it, even though an int will appear to work on your development machine.
1/13/2008 4:00:13 AM - Damon Carr-72.43.165.29
An IntPtr is a pointer to a memory location (unmanaged) that adapts to the platform it is running on (64-bit, etc.) UNLIKE a standard int/Integer. You should always use this type for unmanaged calls that require it, even though an int will appear to work on your development machine.
1/13/2008 4:00:13 AM - Damon Carr-72.43.165.29
Retrieve Local Policy Information for a Local or Remote Host
1/10/2021 4:03:18 PM - -165.225.114.95
ByVal is a VB keyword that specifies a variable to be passed as a parameter BY VALUE. In other words, if the function or sub changes the value of the internal variable, it does not change the value of the external variable that was passed to it.
4/25/2007 3:19:55 AM - josep1er@cmich.edu-141.209.229.179
An IntPtr is a pointer to a memory location (unmanaged) that adapts to the platform it is running on (64-bit, etc.) UNLIKE a standard int/Integer. You should always use this type for unmanaged calls that require it, even though an int will appear to work on your development machine.
1/13/2008 4:00:13 AM - Damon Carr-72.43.165.29
ByVal is a VB keyword that specifies a variable to be passed as a parameter BY VALUE. In other words, if the function or sub changes the value of the internal variable, it does not change the value of the external variable that was passed to it.
4/25/2007 3:19:55 AM - josep1er@cmich.edu-141.209.229.179
Click to read this page
10/23/2022 7:47:26 PM - gBqsPxAZ-51.137.182.20
ByRef is a VB keyword that specifies a variable to be passed as a parameter BY REFERENCE. In other words, the pointer to the variable is passed and any change to its value made within the function or sub will change its value outside the function/sub.
4/25/2007 3:19:29 AM - anonymous
An IntPtr is a pointer to a memory location (unmanaged) that adapts to the platform it is running on (64-bit, etc.) UNLIKE a standard int/Integer. You should always use this type for unmanaged calls that require it, even though an int will appear to work on your development machine.
1/13/2008 4:00:13 AM - Damon Carr-72.43.165.29
Click to read this page
10/23/2022 7:47:26 PM - gBqsPxAZ-51.137.182.20
Please edit this page!
Do you have...
helpful tips or sample code to share for using this API in managed code?
corrections to the existing content?
variations of the signature you want to share?
additional languages you want to include?
Select "Edit This Page" on the right hand toolbar and edit it! Or add new pages containing supporting types needed for this API (structures, delegates, and more).
Revisions