|
|
You're in the
visual studio .net general
group:Converting C definitions to VB.NET
visual studio .net general:
Hi,
I am trying to modify the Audit Object Access option in Local Security Setting using VB.NET i.e. changing it from No Auditing to Success. I have pieced together the solution from a small amount of other examples but have stumbled on the last part of actually applying the modification. This is because the only information available is in C and I am unable to convert C declarations etc. into VB.NET 2003 for this last part. I need to call function LsaSetInformationPolicy: -----C Definition NTSTATUS LsaSetInformationPolicy( LSA_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PVOID Buffer ); I have converted it to he VB.NET definition: Private Declare Function LsaSetInformationPolicy Lib "ADVAPI32.dll" _ (ByVal PolicyHandle As IntPtr, ByVal policyInfoClass As Int32, _ ByVal policyAuditEventsInfo As IntPtr) As UInt32 I am confortable with supplying first two parameters however the last parameter is the issue. The structure that must be passed is a pointer to: typedef struct _POLICY_AUDIT_EVENTS_INFO { BOOLEAN AuditingMode; PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions; ULONG MaximumAuditEventCount; } POLICY_AUDIT_EVENTS_INFO, *PPOLICY_AUDIT_EVENTS_INFO; I have attempted to convert this to VB.NET as below: <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Auto, Pack:=4)> _ Private Structure _POLICY_AUDIT_EVENTS_INFO Dim AuditingMode As Boolean Dim EventAuditingOptions() As Int32 'Each element corresponds to _POLICY_AUDIT_EVENT_TYPE and value is POLICY_AUDIT_EVENT_* Dim MaxiumumAuditEventCount As Int32 End Structure The big sticking point is EventAuditingOptions. I cannot figure out how to convert the C definition to VB as i am not a C expert. I then need to know how to pass a variable with this entire structure as a pointer. All attempts have failed with an 'invalid parameter' error. Can someone please help me translate this so i can pass the correct structure and update the setting as required.
Thank you for quick response.
I have tried: <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Auto, Pack:=4)> _ Private Structure _POLICY_AUDIT_EVENTS_INFO <MarshalAs(UnmanagedType.I1)> _ Dim AuditingMode As Boolean Dim EventAuditingOptions As IntPtr Dim MaxiumumAuditEventCount As Int32 End Structure Is this correct? Can you explain the purpose of the MarshalAs item in this instance? I am very new to Marshalling. Do you have any example code on how to use marshal to create an array and then get an intptr to that array? Would the array be of type int32? Is there a standard type that C uses when it is not explicit in the header files? Thanks. [quoted text, click to view] "Mattias Sjögren" wrote:
> >I have attempted to convert this to VB.NET as below: > > <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Auto, Pack:=4)> _ > > Private Structure _POLICY_AUDIT_EVENTS_INFO > > Dim AuditingMode As Boolean > > Dim EventAuditingOptions() As Int32 'Each element corresponds to > >_POLICY_AUDIT_EVENT_TYPE and value is POLICY_AUDIT_EVENT_* > > Dim MaxiumumAuditEventCount As Int32 > > End Structure > > Try it like this > > <MarshalAs(UnmanagedType.I1)> _ > Dim AuditingMode As Boolean > Dim EventAuditingOptions As IntPtr > Dim MaxiumumAuditEventCount As Int32 > End Structure > > You have to dynamically allocate and fill the options array using the > Marshal class. > > > >I then need to know how to pass a variable with this entire structure as a > >pointer. > > Change the type of the policyAuditEventsInfo parameter to ByRef > POLICY_AUDIT_EVENTS_INFO. > > > Mattias > > -- > Mattias Sjögren [C# MVP] mattias @ mvps.org > http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com > Please reply only to the newsgroup.
Hi,
Thanks heaps. I re-read your response and did some additional investigations and figured it out and it works fine (all with a small amount of code). Simon. [quoted text, click to view] "Mattias Sjögren" wrote:
> >I have attempted to convert this to VB.NET as below: > > <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Auto, Pack:=4)> _ > > Private Structure _POLICY_AUDIT_EVENTS_INFO > > Dim AuditingMode As Boolean > > Dim EventAuditingOptions() As Int32 'Each element corresponds to > >_POLICY_AUDIT_EVENT_TYPE and value is POLICY_AUDIT_EVENT_* > > Dim MaxiumumAuditEventCount As Int32 > > End Structure > > Try it like this > > <MarshalAs(UnmanagedType.I1)> _ > Dim AuditingMode As Boolean > Dim EventAuditingOptions As IntPtr > Dim MaxiumumAuditEventCount As Int32 > End Structure > > You have to dynamically allocate and fill the options array using the > Marshal class. > > > >I then need to know how to pass a variable with this entire structure as a > >pointer. > > Change the type of the policyAuditEventsInfo parameter to ByRef > POLICY_AUDIT_EVENTS_INFO. > > > Mattias > > -- > Mattias Sjögren [C# MVP] mattias @ mvps.org > http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com > Please reply only to the newsgroup.
[quoted text, click to view]
>I have attempted to convert this to VB.NET as below: > <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Auto, Pack:=4)> _ > Private Structure _POLICY_AUDIT_EVENTS_INFO > Dim AuditingMode As Boolean > Dim EventAuditingOptions() As Int32 'Each element corresponds to >_POLICY_AUDIT_EVENT_TYPE and value is POLICY_AUDIT_EVENT_* > Dim MaxiumumAuditEventCount As Int32 > End Structure Try it like this <MarshalAs(UnmanagedType.I1)> _ Dim AuditingMode As Boolean Dim EventAuditingOptions As IntPtr Dim MaxiumumAuditEventCount As Int32 End Structure You have to dynamically allocate and fill the options array using the Marshal class. [quoted text, click to view] >I then need to know how to pass a variable with this entire structure as a >pointer. Change the type of the policyAuditEventsInfo parameter to ByRef POLICY_AUDIT_EVENTS_INFO. Mattias -- Mattias Sjögren [C# MVP] mattias @ mvps.org http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Simon,
Would you be so kind as to post your working code. I currently have gone down the same path and seem to be stuck with a ERROR_INVALID_FUNCTION error. You help would be greatly appreciated. Thank you for your time.
Here is the working declaration:
<StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Auto, Pack:=4)> _ Private Structure _POLICY_AUDIT_EVENTS_INFO <MarshalAs(UnmanagedType.I1)> _ Dim AuditingMode As Boolean Dim EventAuditingOptions As IntPtr 'Each element corresponds to _POLICY_AUDIT_EVENT_TYPE and value is POLICY_AUDIT_EVENT_* Dim MaxiumumAuditEventCount As Int32 End Structure Private Declare Function LsaSetInformationPolicy Lib "ADVAPI32.dll" _ (ByVal PolicyHandle As IntPtr, _ ByVal policyInfoClass As Int32, _ ByRef policyAuditEventsInfo As _POLICY_AUDIT_EVENTS_INFO) As UInt32 I also included the working function to actually set the object access as required. It took me about 2 days to get working properly but it was worth it. Public Shared Function SetAuditObjectAccessSuccess() As Boolean Dim Win32Error As Win32Exception 'Create an empty system name file to force changing of local security policies. Dim systemName As LSA_UNICODE_STRING = New LSA_UNICODE_STRING systemName.Length = 0 'Initialize a pointer for the policy handle Dim policyHandle As IntPtr = IntPtr.Zero 'These attributes are not used by policy, but LsaOpenPolicy wants them to exists Dim ObjectAttributes As LSA_OBJECT_ATTRIBUTES = New LSA_OBJECT_ATTRIBUTES ObjectAttributes.Length = 0 ObjectAttributes.RootDirectory = IntPtr.Zero ObjectAttributes.Attributes = 0 ObjectAttributes.SecurityDescriptor = IntPtr.Zero ObjectAttributes.SecurityQualityOfService = IntPtr.Zero 'Get a policy handle Dim resultPolicy As UInt32 = LsaOpenPolicy(systemName, ObjectAttributes, LSA_AccessPolicy.POLICY_SET_AUDIT_REQUIREMENTS, policyHandle) If Not resultPolicy.ToString = "0" Then 'If it's not an error then display the windows error message Dim winError As Integer = Convert.ToInt32(LsaNtStatusToWinError(resultPolicy)) Win32Error = New Win32Exception(winError) MessageBox.Show(Intl.GetMessageText("quantec_fileranger_1040", Win32Error.Message, Win32Error.NativeErrorCode.ToString), Intl.GetMessageText("quantec_fileranger_1041"), MessageBoxButtons.OK, MessageBoxIcon.Exclamation) 'The user does not have permission to modify the policies specified. If this machine is a domain controller or is controlled by Group Security Policies, refer to documentation on how to activate the Object Access auditing.\n\nError: %1 (%2) Return False 'Convert.ToInt32(winError) End If 'Create required audit event info variable Dim paei As New _POLICY_AUDIT_EVENTS_INFO paei.AuditingMode = True paei.MaxiumumAuditEventCount = SIZE_OF_POLICY_AUDIT_EVENT_TYPE 'Create an array for Audit Policy items and change the object access policy to success Dim eventAuditingOptionsPtr As IntPtr = Marshal.AllocHGlobal(4 * SIZE_OF_POLICY_AUDIT_EVENT_TYPE) For i As Integer = 0 To SIZE_OF_POLICY_AUDIT_EVENT_TYPE - 1 Select Case i Case _POLICY_AUDIT_EVENT_TYPE.AuditCategoryObjectAccess 'If it's the policy we wan to change add SUCCESS Marshal.WriteInt32(eventAuditingOptionsPtr, _POLICY_AUDIT_EVENT_TYPE.AuditCategoryObjectAccess * 4, POLICY_AUDIT_EVENT_SUCCESS) Case Else 'If it's any other policy then remain unchanged Marshal.WriteInt32(eventAuditingOptionsPtr, i * 4, POLICY_AUDIT_EVENT_UNCHANGED) End Select Next paei.EventAuditingOptions = eventAuditingOptionsPtr 'Attempt to set the policy details as required resultPolicy = LsaSetInformationPolicy(policyHandle, _POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, paei) 'paei) 'Removed memory allocated by Marshal Marshal.FreeHGlobal(eventAuditingOptionsPtr) 'Check to see if the set info policy was successful If Not resultPolicy.ToString = "0" Then 'If it's not an error then display the windows error message Dim winError As Integer = Convert.ToInt32(LsaNtStatusToWinError(resultPolicy)) Win32Error = New Win32Exception(winError) MessageBox.Show(Intl.GetMessageText("quantec_fileranger_1042", Win32Error.Message, Win32Error.NativeErrorCode.ToString), Intl.GetMessageText("quantec_fileranger_1041"), MessageBoxButtons.OK, MessageBoxIcon.Exclamation) 'Unable to update the Object Access Auditing option required. If this machine is a domain controller or is controlled by Group Security Policies, refer to documentation on how to activate the Object Access auditing.\n\nError: %1 (%2) Return False 'Convert.ToInt32(winError) End If LsaClose(policyHandle) 'Remove the policy as it is no longer needed Return True 'ERROR_SUCCESS 'Successful completion End Function [quoted text, click to view] "pyro kin" wrote:
> Simon, > > Would you be so kind as to post your working code. I currently have gone > down the same path and seem to be stuck with a ERROR_INVALID_FUNCTION error. > You help would be greatly appreciated. Thank you for your time. > > > pyro
Thanks so much, this really helped.
[quoted text, click to view] >Here is the working declaration: <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Auto, Pack:=4)> _ Private Structure _POLICY_AUDIT_EVENTS_INFO <MarshalAs(UnmanagedType.I1)> _ Dim AuditingMode As Boolean Dim EventAuditingOptions As IntPtr 'Each element corresponds to _POLICY_AUDIT_EVENT_TYPE and value is POLICY_AUDIT_EVENT_* Dim MaxiumumAuditEventCount As Int32 End Structure Private Declare Function LsaSetInformationPolicy Lib "ADVAPI32.dll" _ (ByVal PolicyHandle As IntPtr, _ ByVal policyInfoClass As Int32, _ ByRef policyAuditEventsInfo As _POLICY_AUDIT_EVENTS_INFO) As UInt32 I also included the working function to actually set the object access as required. It took me about 2 days to get working properly but it was worth it. Public Shared Function SetAuditObjectAccessSuccess() As Boolean Dim Win32Error As Win32Exception 'Create an empty system name file to force changing of local security policies. Dim systemName As LSA_UNICODE_STRING = New LSA_UNICODE_STRING systemName.Length = 0 'Initialize a pointer for the policy handle Dim policyHandle As IntPtr = IntPtr.Zero 'These attributes are not used by policy, but LsaOpenPolicy wants them to exists Dim ObjectAttributes As LSA_OBJECT_ATTRIBUTES = New LSA_OBJECT_ATTRIBUTES ObjectAttributes.Length = 0 ObjectAttributes.RootDirectory = IntPtr.Zero ObjectAttributes.Attributes = 0 ObjectAttributes.SecurityDescriptor = IntPtr.Zero ObjectAttributes.SecurityQualityOfService = IntPtr.Zero 'Get a policy handle Dim resultPolicy As UInt32 = LsaOpenPolicy(systemName, ObjectAttributes, LSA_AccessPolicy.POLICY_SET_AUDIT_REQUIREMENTS, policyHandle) If Not resultPolicy.ToString = "0" Then 'If it's not an error then display the windows error message Dim winError As Integer = Convert.ToInt32(LsaNtStatusToWinError(resultPolicy)) Win32Error = New Win32Exception(winError) MessageBox.Show(Intl.GetMessageText("quantec_fileranger_1040", Win32Error.Message, Win32Error.NativeErrorCode.ToString), Intl.GetMessageText("quantec_fileranger_1041"), MessageBoxButtons.OK, MessageBoxIcon.Exclamation) 'The user does not have permission to modify the policies specified. If this machine is a domain controller or is controlled by Group Security Policies, refer to documentation on how to activate the Object Access auditing.\n\nError: %1 (%2) Return False 'Convert.ToInt32(winError) End If 'Create required audit event info variable Dim paei As New _POLICY_AUDIT_EVENTS_INFO paei.AuditingMode = True paei.MaxiumumAuditEventCount = SIZE_OF_POLICY_AUDIT_EVENT_TYPE 'Create an array for Audit Policy items and change the object access policy to success Dim eventAuditingOptionsPtr As IntPtr = Marshal.AllocHGlobal(4 * SIZE_OF_POLICY_AUDIT_EVENT_TYPE) For i As Integer = 0 To SIZE_OF_POLICY_AUDIT_EVENT_TYPE - 1 Select Case i Case _POLICY_AUDIT_EVENT_TYPE.AuditCategoryObjectAccess 'If it's the policy we wan to change add SUCCESS Marshal.WriteInt32(eventAuditingOptionsPtr, _POLICY_AUDIT_EVENT_TYPE.AuditCategoryObjectAccess * 4, POLICY_AUDIT_EVENT_SUCCESS) Case Else 'If it's any other policy then remain unchanged Marshal.WriteInt32(eventAuditingOptionsPtr, i * 4, POLICY_AUDIT_EVENT_UNCHANGED) End Select Next paei.EventAuditingOptions = eventAuditingOptionsPtr 'Attempt to set the policy details as required resultPolicy = LsaSetInformationPolicy(policyHandle, _POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, paei) 'paei) 'Removed memory allocated by Marshal Marshal.FreeHGlobal(eventAuditingOptionsPtr) 'Check to see if the set info policy was successful If Not resultPolicy.ToString = "0" Then 'If it's not an error then display the windows error message Dim winError As Integer = Convert.ToInt32(LsaNtStatusToWinError(resultPolicy)) Win32Error = New Win32Exception(winError) MessageBox.Show(Intl.GetMessageText("quantec_fileranger_1042", Win32Error.Message, Win32Error.NativeErrorCode.ToString), Intl.GetMessageText("quantec_fileranger_1041"), MessageBoxButtons.OK, MessageBoxIcon.Exclamation) 'Unable to update the Object Access Auditing option required. If this machine is a domain controller or is controlled by Group Security Policies, refer to documentation on how to activate the Object Access auditing.\n\nError: %1 (%2) Return False 'Convert.ToInt32(winError) End If LsaClose(policyHandle) 'Remove the policy as it is no longer needed Return True 'ERROR_SUCCESS 'Successful completion End Function [quoted text, click to view] "pyro kin" wrote: > Simon, > > Would you be so kind as to post your working code. I currently have gone > down the same path and seem to be stuck with a ERROR_INVALID_FUNCTION error. > You help would be greatly appreciated. Thank you for your time. > > > pyro > ___
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
| home · blog · groups | Questions? Comments? Contact the dn |