VS debugger can do the trick with $user

Ashutosh Galande — Tue, 27 Jun 2006 00:30:00 GMT

It's a general perception that windbg and cdb are tools for a power debugger. Quite true! With the extensions and powerful commands, they provide the toolset you need to literally rip apart any process. Looks like VS debugger is getting there too.

Just last week I realized that Visual Studio 2005 has something called pseudovariables. These curiously named variables can yield you some power that you are so used to in the windbg land. In fact MSDN has documented these for long time.

Managed code can only use the $user and $exception variable of these. Try it out. Particularly $user. It gives a lot of helpful information on process and thread tokens. Pretty helpful if you are debugging impersonation problems in the managed world. Just type it in the watch window and debug away!!!

Administrators? Whats that?

Ashutosh Galande — Mon, 26 Dec 2005 04:10:00 GMT

It might not be as glorious as the "root" but Administrators command similar rights and privileges. But not every locale uses that string to identify the all powerful group of users. That might introduce interesting bugs. Even in some microsoft tools.

Use of well known SID is how these sort of bugs can be avoided. .Net has WellKnownSidType enumeration that makes it quite easy but in the unmanaged world, it’s a 2 step process. You have to create the SID yourself. The constants are defined in sddl.h to get admin SID you can do something like this:

PSID GetAdminSID()

{

SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY;

PSID pSID = NULL;

if(! AllocateAndInitializeSid( &SIDAuth, 2,

SECURITY_BUILTIN_DOMAIN_RID,

DOMAIN_ALIAS_RID_ADMINS,

0, 0, 0, 0, 0, 0,

&pSID) )

{

ThrowExceptionUsingHr(HRESULT_FROM_WIN32(GetLastError()));

}

return pSID;

}

Make sure that you free the SID created above using FreeSid()

Edit: Michael Kaplan has more details about the bug in Microsoft tools that I was referring to above.

Radius of Rainbow : Tech Gyaan

VS debugger can do the trick with $user

Administrators? Whats that?