I'm writing a logging service that may collect privileges of a process for the purpose of transmitting it to another computer. I use the following code to collect it:
HANDLE hToken;
if(OpenProcessToken(::GetCurrentProcess(), TOKEN_QUERY, &hToken))
{
DWORD dwSize = 0;
if(!GetTokenInformation(hToken, TokenPrivileges, NULL, dwSize, &dwSize) &&
::GetLastError() == ERROR_INSUFFICIENT_BUFFER)
{
BYTE* pb = new (std::nothrow) BYTE[dwSize];
if(pb)
{
TOKEN_PRIVILEGES* pTPs = (TOKEN_PRIVILEGES*)pb;
DWORD dwSize2;
if(GetTokenInformation(hToken, TokenPrivileges, pTPs, dwSize, &dwSize2) &&
dwSize2 <= dwSize)
{
//Got our BYTE array in 'pb' of size 'dwSize2' bytes
memcpy(pByteArrayToTransmit, pb, dwSize2);
}
delete[] pb;
}
}
CloseHandle(hToken);
}
But I'm curious, if I could pass the pByteArrayToTransmit array to another Windows computer and be able to convert it into a readable form using LookupPrivilegeName API?
PS. The reason I'm not calling LookupPrivilegeName on the client machine (where the data is being logged) is to save on the size of the logged data, since this process may repeat many times over.
Aucun commentaire:
Enregistrer un commentaire