Question:I was trying to get pSID from SidStart value of ACCESS_ALLOWED_ACE structure and could not get it for some time.
I found PInvoke for DWORD-aligned handles to memory, but unfortunately I cannot add comments just yet.
The person gets the pSid from ACE pointer offset by 8 as follows (don’t mind the “deniedAceIntPtr”)
Is it because SidStart in ACCESS_ALLOWED_ACE comes after ACE_HEADER and ACCESS_MASK which are both of 4 bytes? So 4+4=8 and SidStart starts after those two at the IntPtr address of the ACE?
Getting the pSid and later SidString using ConvertSidToStringSidW works for me.
Answer:According to ACCESS_DENIED_ACE structure, You can refer to SidStart directly And Yes,
If you have better answer, please add a comment about this, thank you!