Jump to content

check if any process run as administrator


Recommended Posts

hello autoit team
is there any wey to check if any process run as admin or no?
i mean e.g if i want to restart any process, now i have the ability to get the process path and commands line
what i need is a wey to check if the process was runing as admin or no to restart it with the same state.
here is the part that am using it to restart the process

func _processRestart($i_pid, $s_ProcessPath)
if not (ProcessExists($i_ProcessPid)) then return SetError(1, 0, -1)
local $s_ProcessWorkDir = _WinAPI_GetProcessWorkingDirectory($i_ProcessPid)
ProcessClose($i_ProcessPid)
ProcessWaitClose($i_ProcessPid)
ProcessWait(ShellExecute($i_pid,"", $s_ProcessWorkDir))
ProcessesGetList()
return true
endFunc

thanks in advance

Link to comment
Share on other sites

  • Developers

Do you want to know whether the User running the process has Admin rights or do you want to know whether the process is running elevated (_WinAPI_IsElevated())?  

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

@Jos

thanks for the speed on answer

am asking about the externel process, e.g check if notepad.exe is runing as admin

inedition to if the user is admin to ask it to enter the password if it isn't admin

thx in advence

Edited by nacerbaaziz
Link to comment
Share on other sites

  • Developers

So have you looked at and tested with the UDF  I pointed you to if that is what you want as your answer is still not conclusive?

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

  • Developers

Your last post is a statement which doesn't make much sense to me, unless it was meant as some sort of question? 😕
So Yes, did you try the _WinAPI_IsElevated() UDF to see if that does what you want?

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

@Jos
I'm sorry if I bothered you.
yes i read the UDF
_WinAPI_IsElevated ( )
is not have params to select the pid or name of process
so, what i need to is a function that give me if any process is runing as admin or not, e.g Notepad.exe or Chrome.exe ....eetc
i hope that i can find that.
thx

Edited by nacerbaaziz
Link to comment
Share on other sites

  • Developers

Indeed it is about the current process elevation level. 
I couldn't find an already made UDF so made a copy of the UDF and added the option for a PID. Just have a try with this _WinAPI_IsElevated_pid($iPID) version:

#RequireAdmin
#include <WinAPIProc.au3>

ConsoleWrite('Current process = ' & _WinAPI_IsElevated_pid() & '   >Error code: ' & @error & @CRLF) ;### Debug Console
; Display a list of Notepad processes returned by ProcessList.
Local $aProcessList = ProcessList()
For $i = 1 To $aProcessList[0][0]
    ConsoleWrite($aProcessList[$i][0] & ' = ' & _WinAPI_IsElevated_pid($aProcessList[$i][1]) & '   >Error code: ' & @error & @CRLF) ;### Debug Console
Next

; #FUNCTION# ====================================================================================================================
; Author.........: Yashied
; Modified.......: jpm. Jos
; ===============================================================================================================================
Func _WinAPI_IsElevated_pid($iPID=0)
    Local $aAdjust, $hToken, $iElev, $aRet, $iError = 0
    ; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes
    Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
    _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)

    If $iPID <> 0 then
        Local $hProcess = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'dword', (($__WINVER < 0x0600) ? 0x00000400 : 0x00001000), _
                'bool', 0, 'dword', $iPID)
        If @error Or Not $hProcess[0] Then Return SetError(@error + 20, @extended, 0)
        $hToken = _WinAPI_OpenProcessToken(0x0008, $hProcess[0])
    Else
        $hToken = _WinAPI_OpenProcessToken(0x0008)
    EndIf
    If Not $hToken Then Return SetError(@error + 10, @extended, False)

    Do
        $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 20, 'uint*', 0, 'dword', 4, _
                'dword*', 0) ; TOKEN_ELEVATION
        If @error Or Not $aRet[0] Then
            $iError = @error + 10
            ExitLoop
        EndIf
        $iElev = $aRet[3]
        $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 18, 'uint*', 0, 'dword', 4, _
                'dword*', 0) ; TOKEN_ELEVATION_TYPE
        If @error Or Not $aRet[0] Then
            $iError = @error + 20
            ExitLoop
        EndIf
    Until 1
    DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hToken)
    If $iError Then Return SetError($iError, 0, False)

    Return SetExtended($aRet[0] - 1, $iElev)
EndFunc   ;==>_WinAPI_IsElevated_pid

EDIT: Updated the code after some more testing. Obviously you need to run this elevated to get info from elevated processes. 

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

@Jos

that exact what i need to

but it have a small problem the function always return 1

here is what i tried

#RequireAdmin
#include <WinAPIProc.au3>
$list = ProcessList("CMD.exe")
if not @Error then
for $i = 1 to $list[0][0]
if _WinAPI_IsElevated_pid($list[$i][1]) then
MSGBox(64, "", 1)
else
MSGBox(64, "", 0)
endIf
next
endIf



; #FUNCTION# ====================================================================================================================
; Author.........: Yashied
; Modified.......: jpm. Jos
; ===============================================================================================================================
Func _WinAPI_IsElevated_pid($iPID)
    Local $iElev, $aRet, $iError = 0

    Local $hProcess = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'dword', (($__WINVER < 0x0600) ? 0x00000400 : 0x00001000), _
            'bool', 0, 'dword', $iPID)
    If @error Or Not $hProcess[0] Then Return SetError(@error + 20, @extended, 0)

    Local $hToken = _WinAPI_OpenProcessToken(0x0008, $hProcess)
    If Not $hToken Then Return SetError(@error + 10, @extended, False)

    Do
        $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 20, 'uint*', 0, 'dword', 4, _
                'dword*', 0) ; TOKEN_ELEVATION
        If @error Or Not $aRet[0] Then
            $iError = @error + 10
            ExitLoop
        EndIf
        $iElev = $aRet[3]
        $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 18, 'uint*', 0, 'dword', 4, _
                'dword*', 0) ; TOKEN_ELEVATION_TYPE
        If @error Or Not $aRet[0] Then
            $iError = @error + 20
            ExitLoop
        EndIf
    Until 1
    DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hToken)
    If $iError Then Return SetError($iError, 0, False)

    Return SetExtended($aRet[0] - 1, $iElev)
EndFunc   ;==>_WinAPI_IsElevated_pid

 

i hope you can help me

Link to comment
Share on other sites

  • Developers
8 minutes ago, nacerbaaziz said:

but it have a small problem the function always return 1

Have you tried my last example?   that should show also many non elevated processes (0). 

EDIT: Also started a cmd.exe and ran my script which returned 

cmd.exe = 0   >Error code: 0

So all looks correct to me. :) 

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

@Jos
thank you very much
the last example is working successFully
Merci beaucoup

#RequireAdmin
#include <WinAPIProc.au3>
$list = ProcessList("CMD.exe")
if not @Error then
for $i = 1 to $list[0][0]
if _WinAPI_IsElevated_pid($list[$i][1]) then
MSGBox(64, "", 1)
else
MSGBox(64, "", 0)
endIf
next
endIf



; #FUNCTION# ====================================================================================================================
; Author.........: Yashied
; Modified.......: jpm. Jos
; ===============================================================================================================================
Func _WinAPI_IsElevated_pid($iPID=0)
    Local $aAdjust, $hToken, $iElev, $aRet, $iError = 0
    ; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes
    Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
    _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)

    If $iPID <> 0 then
        Local $hProcess = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'dword', (($__WINVER < 0x0600) ? 0x00000400 : 0x00001000), _
                'bool', 0, 'dword', $iPID)
        If @error Or Not $hProcess[0] Then Return SetError(@error + 20, @extended, 0)
        $hToken = _WinAPI_OpenProcessToken(0x0008, $hProcess[0])
    Else
        $hToken = _WinAPI_OpenProcessToken(0x0008)
    EndIf
    If Not $hToken Then Return SetError(@error + 10, @extended, False)

    Do
        $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 20, 'uint*', 0, 'dword', 4, _
                'dword*', 0) ; TOKEN_ELEVATION
        If @error Or Not $aRet[0] Then
            $iError = @error + 10
            ExitLoop
        EndIf
        $iElev = $aRet[3]
        $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 18, 'uint*', 0, 'dword', 4, _
                'dword*', 0) ; TOKEN_ELEVATION_TYPE
        If @error Or Not $aRet[0] Then
            $iError = @error + 20
            ExitLoop
        EndIf
    Until 1
    DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hToken)
    If $iError Then Return SetError($iError, 0, False)

    Return SetExtended($aRet[0] - 1, $iElev)
EndFunc   ;==>_WinAPI_IsElevated_pid

 

Link to comment
Share on other sites

  • Developers

@nacerbaaziz....  great :) 

 

@jpm,

Would it be an idea to update the current _WinAPI_IsElevated() with the above version as it is compatible with the option to supply the process PID?

Jos 

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

  • 4 years later...

_WinAPI_IsElevated_pid() do not close all handles :(

Spoiler
#RequireAdmin
#include <WinAPIProc.au3>

ConsoleWrite("ProcessHandleCount: " & _WinAPI_GetProcessHandleCount() & @CRLF)

ConsoleWrite('Current process = ' & _WinAPI_IsElevated_pid() & '   >Error code: ' & @error & @CRLF) ;### Debug Console
; Display a list of Notepad processes returned by ProcessList.
Local $aProcessList = ProcessList()
For $i = 1 To $aProcessList[0][0]
    _WinAPI_IsElevated_pid($aProcessList[$i][1])
;~     ConsoleWrite($aProcessList[$i][0] & ' = ' & _WinAPI_IsElevated_pid($aProcessList[$i][1]) & '   >Error code: ' & @error & @CRLF) ;### Debug Console
Next

ConsoleWrite("ProcessHandleCount: " & _WinAPI_GetProcessHandleCount() & @CRLF)

; #FUNCTION# ====================================================================================================================
; Author.........: Yashied
; Modified.......: jpm. Jos
; ===============================================================================================================================
Func _WinAPI_IsElevated_pid($iPID=0)
    Local $aAdjust, $hToken, $iElev, $aRet, $iError = 0
    ; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes
    Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
    _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)

    If $iPID <> 0 then
        Local $hProcess = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'dword', 0x00001000, _
                'bool', 0, 'dword', $iPID)
        If @error Or Not $hProcess[0] Then Return SetError(@error + 20, @extended, 0)
        $hToken = _WinAPI_OpenProcessToken(0x0008, $hProcess[0])
    Else
        $hToken = _WinAPI_OpenProcessToken(0x0008)
    EndIf
    If Not $hToken Then Return SetError(@error + 10, @extended, False)

    Do
        $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 20, 'uint*', 0, 'dword', 4, _
                'dword*', 0) ; TOKEN_ELEVATION
        If @error Or Not $aRet[0] Then
            $iError = @error + 10
            ExitLoop
        EndIf
        $iElev = $aRet[3]
        $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 18, 'uint*', 0, 'dword', 4, _
                'dword*', 0) ; TOKEN_ELEVATION_TYPE
        If @error Or Not $aRet[0] Then
            $iError = @error + 20
            ExitLoop
        EndIf
    Until 1
    DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hToken)
    If $iError Then Return SetError($iError, 0, False)

    Return SetExtended($aRet[0] - 1, $iElev)
EndFunc   ;==>_WinAPI_IsElevated_pid

 

@Jos, can you fix it ?
 

Edited by argumentum
used you code

Follow the link to my code contribution ( and other things too ).
FAQ - Please Read Before Posting.
autoit_scripter_blue_userbar.png

Link to comment
Share on other sites

  • Developers

This is a change to the func to close all $hToken handles properly:

; #FUNCTION# ====================================================================================================================
; Author.........: Yashied
; Modified.......: jpm. Jos
; ===============================================================================================================================
Func _WinAPI_IsElevated_pid($iPID=0)
    Local $aAdjust, $hToken, $iElev, $aRet, $iError = 0
    ; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes
    Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
    _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)
    _WinAPI_CloseHandle($hToken)

    If $iPID <> 0 then
        Local $hProcess = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'dword', 0x00001000, _
                'bool', 0, 'dword', $iPID)
        If @error Or Not $hProcess[0] Then Return SetError(@error + 20, @extended, 0)
        $hToken = _WinAPI_OpenProcessToken(0x0008, $hProcess[0])
    Else
        $hToken = _WinAPI_OpenProcessToken(0x0008)
    EndIf
    If Not $hToken Then Return SetError(@error + 10, @extended, False)

    Do
        $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 20, 'uint*', 0, 'dword', 4, _
                'dword*', 0) ; TOKEN_ELEVATION
        If @error Or Not $aRet[0] Then
            $iError = @error + 10
            ExitLoop
        EndIf
        $iElev = $aRet[3]
        $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 18, 'uint*', 0, 'dword', 4, _
                'dword*', 0) ; TOKEN_ELEVATION_TYPE
        If @error Or Not $aRet[0] Then
            $iError = @error + 20
            ExitLoop
        EndIf
    Until 1
    _WinAPI_CloseHandle($hToken)
    If $iError Then Return SetError($iError, 0, False)
    Return SetExtended($aRet[0] - 1, $iElev)
EndFunc   ;==>_WinAPI_IsElevated_pid

 

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

@Nine  I've been trying it since yesterday,
and I always have a leak.
I've never come out with a Handle Count equal to the ones I entered.
Apparently, in some failure it comes out before closing the Handle

 

#RequireAdmin
#include <WinAPIProc.au3>

ConsoleWrite("ProcessHandleCount: " & _WinAPI_GetProcessHandleCount() & @CRLF)

; Display a list of Notepad processes returned by ProcessList.
Local $aProcessList = ProcessList()
For $i = 1 To $aProcessList[0][0]
    ConsoleWrite("  " & $i & ") ")
    ConsoleWrite($aProcessList[$i][0])
    Local $iElev = _WinAPI_IsElevated_pid($aProcessList[$i][1])
    Local $err = @error
    Local $ext = @extended
    ConsoleWrite($err <> 0 ? " *** @error:" & $err : "")
    ConsoleWrite($ext <> 0 ? " * @extended:" & $ext : "")
    ConsoleWrite(" (" & $iElev & ")" & @CRLF)
Next

ConsoleWrite("ProcessHandleCount: " & _WinAPI_GetProcessHandleCount() & @CRLF)

; #FUNCTION# ====================================================================================================================
; Author.........: Yashied
; Modified.......: jpm. Jos
; ===============================================================================================================================
Func _WinAPI_IsElevated_pid($iPID = 0)
    Local $aAdjust, $hToken, $iElev, $aRet, $iError = 0
    Local $hProcess = 0

    ; Enable "SeDebugPrivilege" privilege for obtaining full access rights to other processes
    $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
    If Not $hToken Then Return SetError(@error + 10, @extended, False)

    _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)
    DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hToken) ; Close the token handle used for privilege adjustment

    If $iPID <> 0 Then
        $hProcess = DllCall("kernel32.dll", "handle", "OpenProcess", "dword", 0x00001000, _
                "bool", 0, "dword", $iPID)
        If @error Or Not $hProcess[0] Then Return SetError(@error + 20, @extended, 0)

        $hToken = _WinAPI_OpenProcessToken(0x0008, $hProcess[0])
        If Not $hToken Then
            DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess[0]) ; Close the process handle
            Return SetError(@error + 10, @extended, False)
        EndIf
        DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess[0]) ; Close the process handle
    Else
        $hToken = _WinAPI_OpenProcessToken(0x0008)
        If Not $hToken Then Return SetError(@error + 10, @extended, False)
    EndIf

    Do
        $aRet = DllCall("advapi32.dll", "bool", "GetTokenInformation", "handle", $hToken, "uint", 20, "uint*", 0, "dword", 4, _
                "dword*", 0) ; TOKEN_ELEVATION
        If @error Or Not $aRet[0] Then
            $iError = @error + 10
            ExitLoop
        EndIf
        $iElev = $aRet[3]

        $aRet = DllCall("advapi32.dll", "bool", "GetTokenInformation", "handle", $hToken, "uint", 18, "uint*", 0, "dword", 4, _
                "dword*", 0) ; TOKEN_ELEVATION_TYPE
        If @error Or Not $aRet[0] Then
            $iError = @error + 20
            ExitLoop
        EndIf
    Until 1

    DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hToken)

    If $iError Then Return SetError($iError, 0, False)

    Return SetExtended($aRet[3] - 1, $iElev)
EndFunc   ;==>_WinAPI_IsElevated_pid

 

I know that I know nothing

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...