NetLocalGroupEnum access violation enumerating local groups

Bertrand PERRET 61 Reputation points
2023-10-10T19:09:37.23+00:00

Hello,

I fall into problem of using correectly NetLocalGroupEnum api

When debugging I notice a weird pointer value set to 0xFFFFFFFFF. (screenshot joined)

Has anybody a working code snippet for this API call ?

Thanks in advance :)

NetLocalGroupEnum_test

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,449 questions
0 comments No comments
{count} votes

Accepted answer
  1. RLWA32 41,031 Reputation points
    2023-10-10T19:51:26.2533333+00:00

    The cause of the access violation is the improper casting of &workingDword to a (PDWORD_PTR). In an x64 build a DWORD_PTR is a 64-bit value. The workingDword variable should be a DWORD_PTR, not a DWORD.

    Also, the call will allocate memory that must be freed with NetApiBufferFree and return that address in the pBytes variable. The call to malloc is not needed.

        DWORD dwentriesread{}, dwtotalentries{};
        DWORD_PTR resumehandle{};
        LPBYTE pbuf{};
    
        auto ret = NetLocalGroupEnum(
            NULL, // servername
            0, // level
            &pbuf, // bufptr
            MAX_PREFERRED_LENGTH, // prefmaxlen
            &dwentriesread, // entries read
            &dwtotalentries, // total entries
            &resumehandle // resume handle
        );
    
        if (ret == NERR_Success)
        {
            printf_s("Entries read: %u, total entries: %u\n", dwentriesread, dwtotalentries);
            for (ULONG i = 0; i < dwentriesread; i++)
            {
                LOCALGROUP_INFO_0 lgi = ((PLOCALGROUP_INFO_0)pbuf)[i];
                printf_s("Group name: %ls\n", lgi.lgrpi0_name);
            }
        }
        else
        {
            printf_s("NetLocalGroupEnum returned %u\n", ret);
        }
    
    
        if (pbuf)
            NetApiBufferFree(pbuf);
    
    3 people found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Bertrand PERRET 61 Reputation points
    2023-10-11T19:04:19.26+00:00

    Hi RLWA32,

    thanks for your help :)

    I didn't realized that I should use a 64 bits dword pointer

    declaring p_resume_handle like this make it working

    .....
    DWORD    totalentries = 0;
    // declare a working 64 bits dword
    DWORD_PTR    workingDword64 = 0;
    PDWORD_PTR    p_resume_handle = &workingDword64;
    
    	pBytes = NULL;
    
    
    	ntStatus= NetLocalGroupEnum(
    		/*[in]      LPCWSTR*/    NULL,
    		/*[in]      DWORD*/      level,
    		/*[out]     LPBYTE * */ &pBytes,
    		/*[in]      DWORD */      MAX_PREFERRED_LENGTH,
    		/*[out]     LPDWORD*/    &entriesread,
    		/*[out]     LPDWORD*/    &totalentries,
    		/*[in, out] PDWORD_PTR */ p_resume_handle
    	);
    	wprintf(L"NetGroupEnum: %d\n", ntStatus);