[RESOLVED] GEt unc path gives access denied error for user without admin permissions

[IT researcher]

I am using code given in this link to get UNC path of a file.

It works only if a user has admin Admin Privileges. Otherwise it gives access denied error. What is the reason for it? Is there any alternative or solutions?

[westconn1]

Is there any alternative

file system object can return the sharename of a mapped drive

[dilettante]

Spelunking for shares on the local PC is secured because a malware "agent" running locally could use this to find such shares and report them to external machines for exploitation. Since a local process never needs to use a share to reach a local file (i.e. mapped drive letters or UNC names) this isn't a burden.

Thus enumerating shares on the local machine requires elevation.

However it is simple for a local process to convert a remote path based on a mapped drive letter to a UNC name for local use. This doesn't need to be secured.

So if you taker Karl's code (at your link) and strip out 90% of it you'll have working code that doesn't require elevation. Or just write your own, for example:

Code:

Option Explicit

Private Const UNIVERSAL_NAME_INFO_LEVEL As Long = 1

Private Const NO_ERROR As Long = 0
Private Const ERROR_MORE_DATA As Long = 234
Private Const ERROR_NO_NET_OR_BAD_PATH = 1203
Private Const ERROR_NOT_CONNECTED As Long = 2250

Private Declare Function lstrcpy Lib "kernel32" Alias "lstrcpyW" ( _
    ByVal lpStringDest As Long, _
    ByVal lpStringSource As Long) As Long

Private Declare Function lstrlen Lib "kernel32" Alias "lstrlenW" ( _
    ByVal lpString As Long) As Long

Private Declare Function WNetGetUniversalName Lib "mpr" _
    Alias "WNetGetUniversalNameW" ( _
    ByVal lpLocalPath As Long, _
    ByVal dwInfoLevel As Long, _
    ByRef Buffer As Long, _
    ByRef BufferSize As Long) As Long

Private Function UncNameOf(ByVal DriveLetterPath As String, ByRef UncPath As String) As Long
    Dim BufferSize As Long
    Dim Buffer() As Long

    ReDim Buffer(0)
    UncNameOf = WNetGetUniversalName(StrPtr(DriveLetterPath), _
                                     UNIVERSAL_NAME_INFO_LEVEL, _
                                     Buffer(0), _
                                     BufferSize)
    If UncNameOf = ERROR_MORE_DATA Then
        ReDim Buffer((BufferSize + 3) \ 4 - 1)
        UncNameOf = WNetGetUniversalName(StrPtr(DriveLetterPath), _
                                         UNIVERSAL_NAME_INFO_LEVEL, _
                                         Buffer(0), _
                                         BufferSize)
        If UncNameOf = NO_ERROR Then
            UncPath = Space$(lstrlen(Buffer(0)))
            lstrcpy StrPtr(UncPath), Buffer(0)
        End If
    End If
End Function

[IT researcher]

The code given by you only works for mapped drive. What about other folders?

[dilettante]

Yes, it accepts a full drive-letter based path and translates that by putting the server & share names in, creating a UNC-format name for the path.

It will not do this for paths on local drives, because that is an administration function and not a legitimate application function. To do that is a little like trying to unscramble an egg anyway: any given file could be located within any number of overlapping shares.

[fafalone]

Perhaps I'm not understanding what kind of shares we're talking about; but if we're talking about things you see when you select Network in an Explorer window or Mapped Drives in My Computer, both of those can be enumerated with IShellFolder without any elevation.

See http://btmtz.mvps.org/enumdeskvb for a basic shell browser that will enumerate all mapped drives and network locations. No ocx or dll required.

Here what a treeview in my project looks like with My Computer and Network opened. JON-PC is the local machine:

[IT researcher]

Yes, it accepts a full drive-letter based path and translates that by putting the server & share names in, creating a UNC-format name for the path.

It will not do this for paths on local drives, because that is an administration function and not a legitimate application function. To do that is a little like trying to unscramble an egg anyway: any given file could be located within any number of overlapping shares.

But Path copy copy works even in user and without admin privileges. Its able to provide UNC path for all files, also of local drive.

How does it do?( The code is in C++)

[fafalone]

One of the ways it does it is to get a list of all the shares and search them for the path, then replaces the drive letter with the share name. See the PluginUtils::GetNetworkShareFilePath function. It calls that when its function using WGetUniversalNameW fails, so I'd guess it has the same permission issues. Wouldn't be hard to do the same thing in VB; especially since there's a registry key that has all the shares that can be read (SYSTEM\\CurrentControlSet\\Services\\Lanmanserver\\Shares)

Interesting program.

[westconn1]

you can also try

Code:

Dim fso As FileSystemObject, d As Drive
Set fso = CreateObject("scripting.filesystemobject")
 fil = "y:\compex\usb_lan.exe"  ' change to suit
 Set f = fso.GetFile(fil).Drive
 MsgBox Replace(fil, f.Path, f.ShareName)

[IT researcher]

One of the ways it does it is to get a list of all the shares and search them for the path, then replaces the drive letter with the share name. See the PluginUtils::GetNetworkShareFilePath function. It calls that when its function using WGetUniversalNameW fails, so I'd guess it has the same permission issues. Wouldn't be hard to do the same thing in VB; especially since there's a registry key that has all the shares that can be read (SYSTEM\\CurrentControlSet\\Services\\Lanmanserver\\Shares)

Interesting program.

ok. By using registry SYSTEM\\CurrentControlSet\\Services\\Lanmanserver\\Shares we can get share name. I think it will work in user also. Is there any readily available code to get share name from the registry?

[IT researcher]

Got the solution here