GetFileOwner – Get the owner of an NTFS file

GetFileOwner – Get the owner of an NTFS file

Private Declare Function GetFileSecurity Lib "advapi32.dll" Alias _    "GetFileSecurityA" (ByVal lpFileName As String, ByVal RequestedInformation _    As Long, pSecurityDescriptor As Byte, ByVal nLength As Long, _    lpnLengthNeeded As Long) As LongPrivate Declare Function GetSecurityDescriptorOwner Lib "advapi32.dll" _    (pSecurityDescriptor As Any, pOwner As Long, lpbOwnerDefaulted As Long) As _    LongPrivate Declare Function LookupAccountSid Lib "advapi32.dll" Alias _    "LookupAccountSidA" (ByVal lpSystemName As String, ByVal Sid As Long, _    ByVal name As String, cbName As Long, ByVal ReferencedDomainName As String, _    cbReferencedDomainName As Long, peUse As Long) As LongPrivate Declare Function GetWindowsDirectory Lib "kernel32" Alias _    "GetWindowsDirectoryA" (ByVal lpBuffer As String, _    ByVal nSize As Long) As LongConst OWNER_SECURITY_INFORMATION = &H1Const ERROR_INSUFFICIENT_BUFFER = 122&Const MAX_PATH = 255' return the name of the file owner'' runs over Windows NT or 2000, and works only with files in NTFS partitionsFunction GetFileOwner(ByVal szfilename As String) As String    Dim bSuccess As Long       ' Status variable    Dim sizeSD As Long         ' Buffer size to store Owner's SID    Dim pOwner As Long         ' Pointer to the Owner's SID    Dim ownerName As String    ' Name of the file owner    Dim domain_name As String  ' Name of the first domain for the owner    Dim name_len As Long       ' Required length for the owner name    Dim domain_len As Long     ' Required length for the domain name    Dim sdBuf() As Byte        ' Buffer for Security Descriptor    Dim nLength As Long        ' Length of the Windows Directory    Dim deUse As Long          ' Pointer to a SID_NAME_USE enumerated type                                ' indicating the type of the account        ' Call GetFileSecurity the first time to obtain the size of the buffer    ' required for the Security Descriptor.    bSuccess = GetFileSecurity(szfilename, OWNER_SECURITY_INFORMATION, 0, 0&, _        sizeSD)    ' exit if any error    If (bSuccess = 0) And (Err.LastDllError <> ERROR_INSUFFICIENT_BUFFER) Then _        Exit Function        ' Create a buffer of the required size and call GetFileSecurity again    ReDim sdBuf(0 To sizeSD - 1) As Byte    ' Fill the buffer with the security descriptor of the object specified by     ' the    ' filename parameter. The calling process must have the right to view the     ' specified    ' aspects of the object's security status.    bSuccess = GetFileSecurity(szfilename, OWNER_SECURITY_INFORMATION, sdBuf(0), _        sizeSD, sizeSD)    ' exit if error    If bSuccess = 0 Then Exit Function        ' Obtain the owner's SID from the Security Descriptor, exit if error    bSuccess = GetSecurityDescriptorOwner(sdBuf(0), pOwner, 0&)    If bSuccess = 0 Then Exit Function    ' Retrieve the name of the account and the name of the first domain on     ' which this SID is found.  Passes in the Owner's SID obtained previously.      ' Call LookupAccountSid twice, the    ' first time to obtain the required size of the owner and domain names.    bSuccess = LookupAccountSid(vbNullString, pOwner, ownerName, name_len, _        domain_name, domain_len, deUse)    ' exit if any error    If (bSuccess = 0) And (Err.LastDllError <> ERROR_INSUFFICIENT_BUFFER) Then _        Exit Function    '  Allocate the required space in the name and domain_name string variables.    ' Allocate 1 byte less to avoid the appended NULL character.    ownerName = Space(name_len - 1)    domain_name = Space(domain_len - 1)    '  Call LookupAccountSid again to actually fill in the name of the owner     ' and the first domain.    bSuccess = LookupAccountSid(vbNullString, pOwner, ownerName, name_len, _        domain_name, domain_len, deUse)    If bSuccess = 0 Then Exit Function           ' we've found a result    GetFileOwner = ownerName    End Function

Share the Post:
XDR solutions

The Benefits of Using XDR Solutions

May 24, 2023

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

May 23, 2023

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

May 22, 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

May 17, 2023

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of

kubernetes logging

Kubernetes Logging: What You Need to Know

May 16, 2023

Kubernetes from Google is one of the most popular open-source and free container management solutions made to make managing and deploying applications easier. It has a solid architecture that makes

ransomware cyber attack

Why Is Ransomware Such a Major Threat?

May 15, 2023

One of the most significant cyber threats faced by modern organizations is a ransomware attack. Ransomware attacks have grown in both sophistication and frequency over the past few years, forcing

data dictionary

Tools You Need to Make a Data Dictionary

May 12, 2023

Data dictionaries are crucial for organizations of all sizes that deal with large amounts of data. they are centralized repositories of all the data in organizations, including metadata such as

Show More