Check privilege admin RRS feed

  • Question

  • Hello ,
    this code ioctl don't work, it return always status denied.
    I want determine if user is admin.

                /*PVOID p = ExAllocatePool(NonPagedPool, 64 * 1024 * 1024);
                if (p != NULL)
                status = STATUS_SUCCESS;*/
                if (irps->Parameters.DeviceIoControl.InputBufferLength >= sizeof(LUID))
                    LUID FatSecurityPrivilege = { SE_SECURITY_PRIVILEGE, 0 };
                    if (!SeSinglePrivilegeCheck(FatSecurityPrivilege,
                        status = STATUS_ACCESS_DENIED;
                        status = STATUS_SUCCESS;
                    KdPrintfSure2(("Security test %d return status:%x\n", FatSecurityPrivilege.LowPart,status));
                    status = STATUS_BUFFER_TOO_SMALL;

    Monday, July 9, 2018 7:03 PM

All replies

  • Have you validated that the process sending the request has the privilege using !token in WinDBG?


    Azius Developer Training Windows device driver, internals, security, & forensics training and consulting. Blog at

    Monday, July 9, 2018 9:55 PM
  • > I want determine if user is admin.

    That phrase is not really meaningful any more.  Being an "admin user" just means that you have the ability to acquire these privileges, not that you are automatically granted them.  If you are an admin user and you launch a program, the program will think it is a normal user.  It has no privileges, and it can't even ask for privileges.

    Now, let's say you have a program that is elevated to "run as administrator", either through Explorer or through a manifest.  In that case, SeSecurityPrivilege will be on the list, but it is disabled by default.  You have to go modify your token to request SeSecurityPrivilege.

    Were you calling this from an elevated process?

    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    Monday, July 9, 2018 10:22 PM