Getting the logged in user in Powershell

Question

I have written this Powershell script to get Active Logged in Users. It works perfectly in exe file (C#), when I run the same from Powershell, I am getting Arithmetic operation resulted in an overflow.

Couldn't find the issue. What's the issue?

function IsUserCurrentlyLoggedIn($UserDomain, $UserName)
{
    Add-Type -Language CSharp -TypeDefinition @'
using System;
using System.Runtime.InteropServices;

namespace Test
{
    public static class EnumerateUsers
    {
        [DllImport("wtsapi32.dll")]
        static extern IntPtr WTSOpenServer([MarshalAs(UnmanagedType.LPStr)] String pServerName);

        [DllImport("wtsapi32.dll")]
        static extern void WTSCloseServer(IntPtr hServer);

        [DllImport("wtsapi32.dll")]
        static extern Int32 WTSEnumerateSessions(
            IntPtr hServer,
            [MarshalAs(UnmanagedType.U4)] Int32 Reserved,
            [MarshalAs(UnmanagedType.U4)] Int32 Version,
            ref IntPtr ppSessionInfo,
            [MarshalAs(UnmanagedType.U4)] ref Int32 pCount);

        [DllImport("wtsapi32.dll")]
        static extern void WTSFreeMemory(IntPtr pMemory);

        [DllImport("Wtsapi32.dll")]
        static extern bool WTSQuerySessionInformation(
            System.IntPtr hServer, int sessionId, WTS_INFO_CLASS wtsInfoClass, out System.IntPtr ppBuffer, out uint pBytesReturned);

        [StructLayout(LayoutKind.Sequential)]
        private struct WTS_SESSION_INFO
        {
            public Int32 SessionID;

            [MarshalAs(UnmanagedType.LPStr)]
            public String pWinStationName;

            public WTS_CONNECTSTATE_CLASS State;
        }

        public enum WTS_INFO_CLASS
        {
            WTSInitialProgram,
            WTSApplicationName,
            WTSWorkingDirectory,
            WTSOEMId,
            WTSSessionId,
            WTSUserName,
            WTSWinStationName,
            WTSDomainName,
            WTSConnectState,
            WTSClientBuildNumber,
            WTSClientName,
            WTSClientDirectory,
            WTSClientProductId,
            WTSClientHardwareId,
            WTSClientAddress,
            WTSClientDisplay,
            WTSClientProtocolType
        }
        public enum WTS_CONNECTSTATE_CLASS
        {
            WTSActive,
            WTSConnected,
            WTSConnectQuery,
            WTSShadow,
            WTSDisconnected,
            WTSIdle,
            WTSListen,
            WTSReset,
            WTSDown,
            WTSInit
        }

        public static IntPtr OpenServer(String Name)
        {
            IntPtr server = WTSOpenServer(Name);
            return server;
        }
        public static void CloseServer(IntPtr ServerHandle)
        {
            WTSCloseServer(ServerHandle);
        }
        public static bool IsActiveSessionExists(string UserDomain, string Username)
        {
            IntPtr serverHandle = IntPtr.Zero;
            serverHandle = OpenServer(Environment.MachineName);
            IntPtr SessionInfoPtr = IntPtr.Zero;

            try
            {
                IntPtr userPtr = IntPtr.Zero;
                IntPtr domainPtr = IntPtr.Zero;
                Int32 sessionCount = 0;
                Int32 retVal = WTSEnumerateSessions(serverHandle, 0, 1, ref SessionInfoPtr, ref sessionCount);
                Int32 dataSize = Marshal.SizeOf(typeof(WTS_SESSION_INFO));
                Int32 currentSession = (int)SessionInfoPtr;
                uint bytes = 0;

                if (retVal != 0)
                {
                    for (int i = 0; i < sessionCount; i++)
                    {
                        WTS_SESSION_INFO si = (WTS_SESSION_INFO)Marshal.PtrToStructure((System.IntPtr)currentSession, typeof(WTS_SESSION_INFO));
                        currentSession += dataSize;

                        WTSQuerySessionInformation(serverHandle, si.SessionID, WTS_INFO_CLASS.WTSUserName, out userPtr, out bytes);
                        WTSQuerySessionInformation(serverHandle, si.SessionID, WTS_INFO_CLASS.WTSDomainName, out domainPtr, out bytes);

                        var domain = Marshal.PtrToStringAnsi(domainPtr);
                        var username = Marshal.PtrToStringAnsi(userPtr);

                        if (UserDomain.Equals(domain, StringComparison.OrdinalIgnoreCase) &&
                            Username.Equals(username, StringComparison.OrdinalIgnoreCase) &&
                            si.State == WTS_CONNECTSTATE_CLASS.WTSActive)
                        {
                            WTSFreeMemory(userPtr);
                            WTSFreeMemory(domainPtr);
                            return true;
                        }
                        WTSFreeMemory(userPtr);
                        WTSFreeMemory(domainPtr);
                    }
                }
            }
            finally
            {
                WTSFreeMemory(SessionInfoPtr);
                CloseServer(serverHandle);
            }
            return false;
        }
    }
}
'@
    return [Test.EnumerateUsers]::IsActiveSessionExists($UserDomain, $UserName)
}

Answer 1

I copied your C# code to a Visual Studio 2015 project and found that disabling Prefer 32-bit or changing Platform target to x64 in the Build properties of the project produces that same exception on this line:

Int32 currentSession = (int)SessionInfoPtr;

IntPtr is 32-bits in a 32-bit process and 64-bit in a 64-bit process, but this code assumes it is 32-bits by casting to int ( Int32 ). On 64-bit Windows the "default" version of PowerShell at $Env:SystemRoot\\system32\\WindowsPowerShell\\v1.0\\powershell.exe is also 64-bit, which you can confirm by the fact that [IntPtr]::Size returns 8 (bytes). Changing the code to the following eliminates the exception both in the 64-bit C# project and PowerShell:

IntPtr currentSession = SessionInfoPtr;