C# Signature:
[DllImport("advapi32.dll", SetLastError=true)]
public static extern uint LsaEnumerateAccountRights(
IntPtr PolicyHandle,
[MarshalAs(UnmanagedType.LPArray)] byte[] AccountSid,
out IntPtr UserRights,
out uint CountOfRights
);
VB Signature:
Declare Function LsaEnumerateAccountRights Lib "advapi32.dll" (TODO) As TODO
User-Defined Types:
None.
Notes:
// NTSTATUS LsaEnumerateAccountRights(
// in LSA_HANDLE PolicyHandle,
// in PSID AccountSid,
// out PLSA_UNICODE_STRING* UserRights,
// out PULONG CountOfRights
//);
NTSTATUS can be converted to a Windows error using LsaNtStatusToWinError
The reason behind using byte[] for a sid is a mystery to me. Has anyone documented this? I've just copied the techniques from other functions here and it seems to work.
Similarly - the sample code below works, but why can't you just use an array of LSA_UNICODE_STRING ???
(Answer: Nobody knows why, but the runtime seems to screw it up)
Tips & Tricks:
Please add some!
Sample Code (C#):
// You should already have the HPolicy and SID ready
IntPtr rightsPtr;
uint countOfRights;
LsaEnumerateAccountRights(HPolicy, SID, out rightsPtr, out countOfRights);
try
{
IntPtr ptr = rightsPtr;
for (Int32 i = 0; i < countOfRights; i++)
{
LSA_UNICODE_STRING_withPointer structure = new LSA_UNICODE_STRING_withPointer();
Marshal.PtrToStructure(ptr, structure);
char[] destination = new char[structure.length / sizeof(char)];
Marshal.Copy(structure.pwstr, destination, 0, destination.Length);
string userRightStr = new string(destination, 0, destination.Length);
Console.WriteLine("Another Privilege found: " + userRightStr);
ptr = (IntPtr)(((long)ptr) + Marshal.SizeOf(typeof(LSA_UNICODE_STRING)));
}
}
finally
{
LsaFreeMemory(rightsPtr);
}
Alternative Managed API:
Do you know one? Please contribute it!
