[Windows] IsProcessEvelated()

Share your advanced PureBasic knowledge/code with the community.
User avatar
Mijikai
Addict
Addict
Posts: 1360
Joined: Sun Sep 11, 2016 2:17 pm

[Windows] IsProcessEvelated()

Post by Mijikai »

One of the ways to see if your program runs with evelated rights (was started by an admin).

Code:

Code: Select all

EnableExplicit

;IsProcessEvelated()
;Checks if the process is evelated (runs with admin rights).

Procedure.i IsProcessEvelated()
  Protected hlib.i
  Protected *ascii
  Protected *proc
  hlib = LoadLibrary_("shell32.dll")
  If hlib
    *ascii = Ascii("SHTestTokenMembership");<- available since Windows XP!
    If *ascii
      *proc = GetProcAddress_(hlib,*ascii)
      FreeMemory(*ascii)
      If *proc
        ProcedureReturn CallFunctionFast(*proc,#Null,$220);DOMAIN_ALIAS_RID_ADMINS
      EndIf
    EndIf
  EndIf
  ProcedureReturn #False
EndProcedure

Debug IsProcessEvelated()

End

Same Code as before but less insane:

Code: Select all

EnableExplicit

;IsProcessEvelated()
;Checks if a the process is evelated (runs with admin rights).

Procedure.i IsProcessEvelated()
  Protected *proc
  *proc = GetProcAddress_(LoadLibrary_("shell32.dll"),?SHTestTokenMembership)
  If *proc
    ProcedureReturn CallFunctionFast(*proc,#Null,$220);DOMAIN_ALIAS_RID_ADMINS
  EndIf
  ProcedureReturn #False
  SHTestTokenMembership:
  !db 'SHTestTokenMembership',0x0
EndProcedure

Debug IsProcessEvelated()

End

The sanest Version of the Code (it properly imports the function):

Code: Select all


EnableExplicit

Import "shell32.lib";<- from ms sdk
  SHTestTokenMembership_.i(Token.i,RID.i) As "SHTestTokenMembership"
EndImport

;IsProcessEvelated()
;Checks if a the process is evelated (runs with admin rights).

Macro IsProcessEvelated()
  SHTestTokenMembership_(#Null,$220)
EndMacro

Debug IsProcessEvelated()

End
Have fun :)
BarryG
Addict
Addict
Posts: 3267
Joined: Thu Apr 18, 2019 8:17 am

Re: [Windows] IsProcessEvelated()

Post by BarryG »

[Deleted due to no response]
Last edited by BarryG on Sun Oct 03, 2021 1:03 am, edited 1 time in total.
User avatar
Paul
PureBasic Expert
PureBasic Expert
Posts: 1243
Joined: Fri Apr 25, 2003 4:34 pm
Location: Canada
Contact:

Re: [Windows] IsProcessEvelated()

Post by Paul »

Just a note from docs.microsoft.com
SHTestTokenMembership
"Uses CheckTokenMembership to test whether the given token is a member of the local group with the specified RID."

"This function wraps CheckTokenMembership and only checks local groups."
IsUserAnAdmin
"Tests whether the current user is a member of the Administrator's group."
"Available for use in the operating systems specified in the Requirements section. It may be altered or unavailable in subsequent versions"

"This function is a wrapper for CheckTokenMembership. It is recommended to call that function directly to determine Administrator group status rather than calling IsUserAnAdmin."
CheckTokenMembership
"The CheckTokenMembership function determines whether a specified security identifier (SID) is enabled in an access token. If you want to determine group membership for app container tokens, you need to use the CheckTokenMembershipEx function."

"The CheckTokenMembership function simplifies the process of determining whether a SID is both present and enabled in an access token."
Image Image
User avatar
Mijikai
Addict
Addict
Posts: 1360
Joined: Sun Sep 11, 2016 2:17 pm

Re: [Windows] IsProcessEvelated()

Post by Mijikai »

If u want to be less offical u can also skip the membership check and just evaluate the token.
User avatar
Paul
PureBasic Expert
PureBasic Expert
Posts: 1243
Joined: Fri Apr 25, 2003 4:34 pm
Location: Canada
Contact:

Re: [Windows] IsProcessEvelated()

Post by Paul »

@ Mijikai

I really appreciate how you show 3 different ways to accomplish the same goal.
Nice work!
Image Image
Post Reply