配合判断当前进程权限的函数可以得知当前是否具备Bypass UAC的条件。
//
BOOL IsUserInAdminGroup()
{
BOOL fInAdminGroup = FALSE;
DWORD dwError = ERROR_SUCCESS;
HANDLE hToken = NULL;
HANDLE hTokenToCheck = NULL;
DWORD cbSize = 0;
ULONG dwMajorVersion = 0;
ULONG dwMinorVersion = 0;
do
{
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_DUPLICATE, &hToken))
return FALSE;
GetSysVer(&dwMajorVersion, &dwMinorVersion);
if (dwMajorVersion >= 6)
{
TOKEN_ELEVATION_TYPE elevType;
if (!GetTokenInformation(hToken, TokenElevationType, &elevType, sizeof(elevType), &cbSize))
break;
if (TokenElevationTypeLimited == elevType)
{
if (!GetTokenInformation(hToken, TokenLinkedToken, &hTokenToCheck, sizeof(hTokenToCheck), &cbSize))
break;
}
}
if (!hTokenToCheck)
{
if (!DuplicateToken(hToken, SecurityIdentification, &hTokenToCheck))
break;
}
BYTE adminSID[SECURITY_MAX_SID_SIZE];
cbSize = sizeof(adminSID);
if (!CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, &adminSID, &cbSize))
break;
if (!CheckTokenMembership(hTokenToCheck, &adminSID, &fInAdminGroup))
break;
} while (0);
if (hToken)
CloseHandle(hToken);
if (hTokenToCheck)
CloseHandle(hTokenToCheck);
return fInAdminGroup;
}
发表回复