Last active
April 11, 2023 03:22
-
-
Save jborean93/a89058ba3c5a6ecb78a9b2ee2f856685 to your computer and use it in GitHub Desktop.
Get the file SDDL string
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Module Ctypes | |
| #Requires -Module PSPrivilege | |
| Function Get-FileSDDL { | |
| [CmdletBinding()] | |
| param ($Path) | |
| $a32 = New-CtypesLib Advapi32.dll | |
| $allSecurityInformation = 0xF00000FF | |
| Enable-ProcessPrivilege -Name SeSecurityPrivilege, SeBackupPrivilege | |
| $pSd = [IntPtr]::Zero | |
| $res = $a32.CharSet('Unicode').GetNamedSecurityInfoW( | |
| $a32.MarshalAs($path, 'LPWStr'), | |
| 1, # SE_FILE_OBJECT | |
| $allSecurityInformation, | |
| $null, | |
| $null, | |
| $null, | |
| $null, | |
| [ref]$pSd) | |
| if ($res) { | |
| throw [System.ComponentModel.Win32Exception]$res | |
| } | |
| $pSddl = [IntPtr]::Zero | |
| try { | |
| $sddlLength = 0 | |
| $res = $a32.SetLastError().CharSet('Unicode').Returns([bool]).ConvertSecurityDescriptorToStringSecurityDescriptorW( | |
| $pSd, | |
| 1, # SDDL_REVISION_1 | |
| $allSecurityInformation, | |
| [ref]$pSddl, | |
| [ref]$sddlLength) | |
| if (-not $res) { | |
| throw [System.ComponentModel.Win32Exception]$a32.LastError | |
| } | |
| [System.Runtime.InteropServices.Marshal]::PtrToStringUni($pSddl, $sddlLength) | |
| } | |
| finally { | |
| $k32 = New-CtypesLib Kernel32.dll | |
| if ($pSddl -ne [IntPtr]::Zero) { | |
| $null = $k32.LocalFree($pSddl) | |
| } | |
| $null = $k32.LocalFree($pSd) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment