How Can I Reliably Determine if a Process is Running with Elevated Privileges?

Precisely Determining Administrator and Elevated Privileges

The provided code snippet accurately identifies administrator status, but lacks the ability to differentiate between standard administrator rights and elevated privileges. This enhancement addresses that limitation.

The solution involves a refined approach to elevation status determination:

Improved IsProcessElevated Method:

This enhanced method leverages the GetTokenInformation function to directly ascertain the process elevation level, accounting for User Account Control (UAC) settings:

<code class="language-csharp">public static bool IsProcessElevated
{
    get
    {
        // Check UAC status
        if (UacHelper.IsUacEnabled)
        {
            // Obtain process token
            IntPtr tokenHandle;
            if (!OpenProcessToken(Process.GetCurrentProcess().Handle, TOKEN_READ, out tokenHandle))
            {
                throw new ApplicationException($"Failed to retrieve process token. Win32 Error Code: {Marshal.GetLastWin32Error()}");
            }

            // Retrieve elevation type
            TOKEN_ELEVATION_TYPE elevationResult = TOKEN_ELEVATION_TYPE.TokenElevationTypeDefault;
            int elevationResultSize = Marshal.SizeOf((int)elevationResult);
            uint returnedSize = 0;
            IntPtr elevationTypePtr = Marshal.AllocHGlobal(elevationResultSize);

            bool success = GetTokenInformation(tokenHandle, TOKEN_INFORMATION_CLASS.TokenElevationType, elevationTypePtr, (uint)elevationResultSize, out returnedSize);
            if (success)
            {
                elevationResult = (TOKEN_ELEVATION_TYPE)Marshal.ReadInt32(elevationTypePtr);
                return elevationResult == TOKEN_ELEVATION_TYPE.TokenElevationTypeFull;
            }
            else
            {
                throw new ApplicationException("Elevation status determination failed.");
            }
        }
        else
        {
            // Fallback to standard administrator check if UAC is disabled
            WindowsIdentity identity = WindowsIdentity.GetCurrent();
            WindowsPrincipal principal = new WindowsPrincipal(identity);
            return principal.IsInRole(WindowsBuiltInRole.Administrator);
        }
    }
}</code>

This method robustly handles both UAC-enabled and UAC-disabled scenarios, providing a reliable determination of elevated privileges.

The above is the detailed content of How Can I Reliably Determine if a Process is Running with Elevated Privileges?. For more information, please follow other related articles on the PHP Chinese website!