trying to get the user and domain but GetTokenInformation fails with error code of 998
hToken DWORD ?
buf db 1024 dup(?)
tu_size DWORD ?
sch_accountname db 255 dup(?)
sch_domainname db 255 dup(?)
sid_name_use db 255 dup(?)
szBuffer db 255 dup(?)
err DWORD ?
.code
start:
invoke GetCurrentProcess
mov ecx,eax
invoke OpenProcessToken,ecx,TOKEN_QUERY,addr hToken
.if eax == 0
invoke GetLastError
invoke wsprintf,addr szBuffer,addr format,eax
invoke MessageBox,0,addr szBuffer,SADD("GetTokenInformation Failed"),MB_OK
ret
.endif
invoke GetTokenInformation,hToken,TokenUser,addr buf,1024,addr tu_size
.if eax == 0
invoke GetLastError
invoke wsprintf,addr szBuffer,addr format,eax
invoke MessageBox,0,addr szBuffer,SADD("OpenProcessToken Failed"),MB_OK
ret
.endif
invoke LookupAccountSid,0,addr buf,addr sch_accountname,sizeof sch_accountname,addr sch_domainname,sizeof sch_domainname,addr sid_name_use
invoke MessageBox,0,addr sch_accountname,addr sch_domainname,MB_OK
invoke CloseHandle,hToken
invoke ExitProcess,0
would i have to add debug privs?
You didn't copy/paste your proggy correctly, there are data declarations, include and assembler directives missing.
So it'd be better to include here the whole directly compileable program for others to test quickly.
inregards to LookupAccountSid your buff isn't pointing to the sid directly do
lea edx,buf
assume edx:ptr TOKEN_USER
then use [edx].User.Sid in place of addr buf, also assume edx:Nothing after the function call
also sizeof sch_accountname and sizeof sch_domainname are incorrect
sch_accountnameX dd ?
sch_domainnameX dd ?
mov sch_accountnameX,255
mov sch_domainnameX,255
then use addr sch_accountnameX, and addr sch_domainnameX in place of the sizeof's
this will fix your code, I didn't edit it all for you because I find it more rewarding personally, when I can do the last bit to fix something.
You know this thread is 1 year old ! :wink
:cheekygreen:
Astro.
Quote from: BlackVortex on September 03, 2009, 07:16:12 AM
You know this thread is 1 year old ! :wink
it also has over 300 views and no answer, so I figured i'd give him a answer, in hopes it'll help anyone who was having trouble using these apis in MASM.
998 error = [System Translation] -> Unable to add to the user accounts database. / [NetMsg Translation] -> Unable to add to the user accounts database.
if the 998 was in decimal it would translate to [System Translation] -> Invalid access to memory location.