What are the return values of the function GetTokenInformation() and how do I use it-CodePudding

I tried this code:

import win32security
import win32api
token = win32security.OpenProcessToken(win32api.GetCurrentProcess(), win32security.TOKEN_QUERY_SOURCE | win32security.TOKEN_QUERY)

for i in range(0x30):
    try:
        n = win32security.LookupPrivilegeName(None, i)
        privs = win32security.GetTokenInformation(token, i)

    except Exception as e:
        pass
    else:
        print(privs)
        print(i, n)

while True:
    pass

I tried to get the information of each privilege(I mostly want the flags), but I can't understand the return values of GetTokenInformation() , it returns different types and I can't manage to extract any Info out of it, I searched on MSDN but I still didn't understand.

CodePudding user response：

After reading more in MSDN I found out that the GetTokenInformation function receives a parameter called TOKEN_INFORMATION_CLASS that specify what the function will return, so in order to find about the privileges and on their flags I used the following code:

import win32security
import win32api
token = win32security.OpenProcessToken(win32api.GetCurrentProcess(), win32security.TOKEN_QUERY_SOURCE | win32security.TOKEN_QUERY)
privs = win32security.GetTokenInformation(token, win32security.TokenPrivileges)
for i in range(len(privs)):
    # name of privilege
    name = win32security.LookupPrivilegeName(None, privs[i][0])
    flag = privs[i][1]

    # check the flag value
    if flag == 0:
        flag = 'Disabled'
    elif flag == 3:
        flag = 'Enabled'

    print(name, flag)

while True:
    pass