none
Check privilege admin RRS feed

  • Question

  • Hello ,
    this code ioctl don't work, it return always status denied.
    I want determine if user is admin.

    case IOCTL_CMD_FILE_TEST:
            {
                /*PVOID p = ExAllocatePool(NonPagedPool, 64 * 1024 * 1024);
                if (p != NULL)
                {
                    KdPrintfcriti(("Oui"));
                }
                else
                    KdPrintfcriti(("Non"));
                status = STATUS_SUCCESS;*/
                if (irps->Parameters.DeviceIoControl.InputBufferLength >= sizeof(LUID))
                {
                    LUID FatSecurityPrivilege = { SE_SECURITY_PRIVILEGE, 0 };
                   
                    if (!SeSinglePrivilegeCheck(FatSecurityPrivilege,
                        UserMode))
                    {
                        
                        status = STATUS_ACCESS_DENIED;
                    }
                    else
                        status = STATUS_SUCCESS;
                    KdPrintfSure2(("Security test %d return status:%x\n", FatSecurityPrivilege.LowPart,status));
    
                }
                else
                    status = STATUS_BUFFER_TOO_SMALL;
            }
            break;

    Thank
    Monday, July 9, 2018 7:03 PM

All replies

  • Have you validated that the process sending the request has the privilege using !token in WinDBG?

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Monday, July 9, 2018 9:55 PM
    Moderator
  • > I want determine if user is admin.

    That phrase is not really meaningful any more.  Being an "admin user" just means that you have the ability to acquire these privileges, not that you are automatically granted them.  If you are an admin user and you launch a program, the program will think it is a normal user.  It has no privileges, and it can't even ask for privileges.

    Now, let's say you have a program that is elevated to "run as administrator", either through Explorer or through a manifest.  In that case, SeSecurityPrivilege will be on the list, but it is disabled by default.  You have to go modify your token to request SeSecurityPrivilege.

    Were you calling this from an elevated process?


    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    Monday, July 9, 2018 10:22 PM