none
How can my process best tell if it is running elevated?

    Question

  • Hi all, I asked this in another forum also but thought I'd give it a shot here.

    I'd like to programmatically determine whether the process my dll is running in has had its authority elevated.  I think I remember having read about an API call that would tell me this, but I can't find that doc anymore.  This info will help me do the right/safe thing in an app that MS would say should be split into two parts: non-admin and admin -- but that I do not have time to split.  I see there is an entry point exported from kernel32.dll called "CheckElevation", but I see no doc on this anywhere.  Thanks!
    Tuesday, October 10, 2006 12:48 AM

Answers

  • I am not sure if this is the best or the "right" way, but it is a way.

    Start off with getting your process's token:

        HANDLE hToken;
        OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &hToken);

    You can then look at either or both the TokenElevationType or TokenElevation token property:

        DWORD infoLen;
        TOKEN_ELEVATION_TYPE elevationType;
        GetTokenInformation(
                hToken, TokenElevationType,
                &elevationType, sizeof(elevationType), &infoLen)

        TOKEN_ELEVATION elevation;
        GetTokenInformation(
                hToken, TokenElevation,
                &elevation, sizeof(elevation), &infoLen)

    I am not sure why Microsoft has both of these in the token, or which one is better to use.

    Tuesday, October 10, 2006 4:34 PM

All replies

  • I am not sure if this is the best or the "right" way, but it is a way.

    Start off with getting your process's token:

        HANDLE hToken;
        OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &hToken);

    You can then look at either or both the TokenElevationType or TokenElevation token property:

        DWORD infoLen;
        TOKEN_ELEVATION_TYPE elevationType;
        GetTokenInformation(
                hToken, TokenElevationType,
                &elevationType, sizeof(elevationType), &infoLen)

        TOKEN_ELEVATION elevation;
        GetTokenInformation(
                hToken, TokenElevation,
                &elevation, sizeof(elevation), &infoLen)

    I am not sure why Microsoft has both of these in the token, or which one is better to use.

    Tuesday, October 10, 2006 4:34 PM
  • Hi, and thanks for the reply.  Unfortunately, I cannot locate definitions nor documentation for the TOKEN_ELEVATION_TYPE or TOKEN_ELEVATION typedefs, nor for the TokenElevationType or TokenElevation values of the TOKEN_INFORMATION_CLASS enumeration.  Are these by any chance in the "Windows Vista July 2006 CTP SDK"?  That is the only SDK I have seen referenced since the Windows Server 2003 R2 (March, 2006) SDK, which does not have these definitions.  Thanks in advance!
    Thursday, October 12, 2006 11:27 AM
  • Yes, this stuff is defined in the Vista version(s) of the SDK - and the latest is the one that came with Vista RC1. For your convenience, here are the relevant sections:

    typedef enum _TOKEN_INFORMATION_CLASS {
        TokenUser = 1,
        TokenGroups,
        TokenPrivileges,
        TokenOwner,
        TokenPrimaryGroup,
        TokenDefaultDacl,
        TokenSource,
        TokenType,
        TokenImpersonationLevel,
        TokenStatistics,
        TokenRestrictedSids,
        TokenSessionId,
        TokenGroupsAndPrivileges,
        TokenSessionReference,
        TokenSandBoxInert,
        TokenAuditPolicy,
        TokenOrigin,
        TokenElevationType,
        TokenLinkedToken,
        TokenElevation,
        TokenHasRestrictions,
        TokenAccessInformation,
        TokenVirtualizationAllowed,
        TokenVirtualizationEnabled,
        TokenIntegrityLevel,
        TokenUIAccess,
        TokenMandatoryPolicy,
        TokenLogonSid,
        MaxTokenInfoClass  // MaxTokenInfoClass should always be the last enum
    } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;

    typedef enum _TOKEN_ELEVATION_TYPE {
        TokenElevationTypeDefault = 1,
        TokenElevationTypeFull,
        TokenElevationTypeLimited,
    } TOKEN_ELEVATION_TYPE, *PTOKEN_ELEVATION_TYPE;

    typedef struct _TOKEN_ELEVATION {
        DWORD TokenIsElevated;
    } TOKEN_ELEVATION, *PTOKEN_ELEVATION;

    Thursday, October 12, 2006 10:00 PM
  • Hello

    > I am not sure why Microsoft has both of these in the token, or which one is better to use.

    One difference is that, when UAC is turned off, TOKEN_ELEVATION_TYPE will always return TokenElevationTypeDefault, while TOKEN_ELEVATION tells you that the process is elevated.
    Regards,
    Jialiang Ge
    MSDN Subscriber Support in Forum
    If you have any feedback of our support, please contact msdnmg@microsoft.com.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Monday, December 28, 2009 8:21 AM