GetTokenInformation error

ChillyWilly · September 23, 2008, 01:36:02 AM

trying to get the user and domain but GetTokenInformation fails with error code of 998


hToken           DWORD ?
buf              db 1024 dup(?)
tu_size          DWORD ?
sch_accountname  db 255 dup(?)
sch_domainname   db 255 dup(?)
sid_name_use     db 255 dup(?)
szBuffer   db 255 dup(?)
err           DWORD ?


.code
start:

     invoke GetCurrentProcess
     mov    ecx,eax
     invoke OpenProcessToken,ecx,TOKEN_QUERY,addr hToken
		.if eax == 0
		         invoke GetLastError
                           invoke wsprintf,addr szBuffer,addr format,eax
			invoke MessageBox,0,addr szBuffer,SADD("GetTokenInformation Failed"),MB_OK
			ret
		.endif
		
		
     invoke GetTokenInformation,hToken,TokenUser,addr buf,1024,addr tu_size
		.if eax == 0
                           invoke GetLastError
                           invoke wsprintf,addr szBuffer,addr format,eax
			invoke MessageBox,0,addr szBuffer,SADD("OpenProcessToken Failed"),MB_OK
			ret
		.endif
     invoke LookupAccountSid,0,addr buf,addr sch_accountname,sizeof sch_accountname,addr sch_domainname,sizeof sch_domainname,addr sid_name_use
			invoke MessageBox,0,addr sch_accountname,addr sch_domainname,MB_OK
     invoke CloseHandle,hToken
invoke ExitProcess,0

ChillyWilly · September 25, 2008, 05:34:34 PM

would i have to add debug privs?

BlackVortex · September 27, 2008, 05:41:59 PM

You didn't copy/paste your proggy correctly, there are data declarations, include and assembler directives missing.

So it'd be better to include here the whole directly compileable program for others to test quickly.

ecube · September 03, 2009, 03:16:15 AM

inregards to LookupAccountSid your buff isn't pointing to the sid directly do

lea edx,buf
assume edx:ptr TOKEN_USER

then use [edx].User.Sid in place of addr buf, also assume edx:Nothing after the function call

also sizeof sch_accountname and sizeof sch_domainname are incorrect

sch_accountnameX dd ?
sch_domainnameX dd ?

mov sch_accountnameX,255
mov sch_domainnameX,255

then use addr sch_accountnameX, and addr sch_domainnameX in place of the sizeof's

this will fix your code, I didn't edit it all for you because I find it more rewarding personally, when I can do the last bit to fix something.

BlackVortex · September 03, 2009, 07:16:12 AM

You know this thread is 1 year old ! :wink

Astro · September 04, 2009, 12:08:25 AM

:cheekygreen:

Astro.

ecube · September 04, 2009, 12:52:35 AM

Quote from: BlackVortex on September 03, 2009, 07:16:12 AM
You know this thread is 1 year old ! :wink

it also has over 300 views and no answer, so I figured i'd give him a answer, in hopes it'll help anyone who was having trouble using these apis in MASM.

evlncrn8 · September 08, 2009, 01:51:30 PM

998 error = [System Translation] -> Unable to add to the user accounts database. / [NetMsg Translation] -> Unable to add to the user accounts database.

if the 998 was in decimal it would translate to [System Translation] -> Invalid access to memory location.

News:

GetTokenInformation error

ChillyWilly

ChillyWilly

BlackVortex

ecube

BlackVortex

Astro

ecube

evlncrn8