I was trying to get pSID from SidStart value of ACCESS_ALLOWED_ACE structure and could not get it for some time.
I found PInvoke for DWORD-aligned handles to memory, but unfortunately I cannot add comments just yet.
The person gets the pSid from ACE pointer offset by 8 as follows (don't mind the "deniedAceIntPtr")
IntPtr tempSid = IntPtr.Add(deniedAceIntPtr, 8);
My question is, where does the 8 come from?
Is it because SidStart in ACCESS_ALLOWED_ACE comes after ACE_HEADER and ACCESS_MASK which are both of 4 bytes? So 4 4=8 and SidStart starts after those two at the IntPtr address of the ACE?
Getting the pSid and later SidString using ConvertSidToStringSidW works for me.
CodePudding user response:
According to ACCESS_DENIED_ACE structure, You can refer to SidStart directly And Yes, sizeof
(ACE_HEADER) sizeof
(ACCESS_MASK)=8BYTE.