Created
May 28, 2023 10:50
-
-
Save puppis42/be1e432b239f6e3c2ea21d9e5a053cbf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <windows.h> | |
| DWORD GetProcessIntegrityLevel() | |
| { | |
| DWORD dwIntegrityLevel = 0; | |
| DWORD dwError = ERROR_SUCCESS; | |
| HANDLE hToken = NULL; | |
| DWORD cbTokenIL = 0; | |
| PTOKEN_MANDATORY_LABEL pTokenIL = NULL; | |
| // Open the primary access token of the process with TOKEN_QUERY. | |
| if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) | |
| { | |
| dwError = GetLastError(); | |
| goto Cleanup; | |
| } | |
| // Query the size of the token integrity level information. Note that | |
| // we expect a FALSE result and the last error ERROR_INSUFFICIENT_BUFFER | |
| // from GetTokenInformation because we have given it a NULL buffer. On | |
| // exit cbTokenIL will tell the size of the integrity level information. | |
| if (!GetTokenInformation(hToken, TokenIntegrityLevel, NULL, 0, &cbTokenIL)) | |
| { | |
| if (ERROR_INSUFFICIENT_BUFFER != GetLastError()) | |
| { | |
| // When the process is run on operating systems prior to Windows | |
| // Vista, GetTokenInformation returns FALSE with the | |
| // ERROR_INVALID_PARAMETER error code because TokenElevation | |
| // is not supported on those operating systems. | |
| dwError = GetLastError(); | |
| goto Cleanup; | |
| } | |
| } | |
| // Now we allocate a buffer for the integrity level information. | |
| pTokenIL = (TOKEN_MANDATORY_LABEL*)LocalAlloc(LPTR, cbTokenIL); | |
| if (pTokenIL == NULL) | |
| { | |
| dwError = GetLastError(); | |
| goto Cleanup; | |
| } | |
| // Retrieve token integrity level information. | |
| if (!GetTokenInformation(hToken, TokenIntegrityLevel, pTokenIL, | |
| cbTokenIL, &cbTokenIL)) | |
| { | |
| dwError = GetLastError(); | |
| goto Cleanup; | |
| } | |
| // Integrity Level SIDs are in the form of S-1-16-0xXXXX. (e.g. | |
| // S-1-16-0x1000 stands for low integrity level SID). There is one and | |
| // only one subauthority. | |
| dwIntegrityLevel = *GetSidSubAuthority(pTokenIL->Label.Sid, 0); | |
| Cleanup: | |
| // Centralized cleanup for all allocated resources. | |
| if (hToken) | |
| { | |
| CloseHandle(hToken); | |
| hToken = NULL; | |
| } | |
| if (pTokenIL) | |
| { | |
| LocalFree(pTokenIL); | |
| pTokenIL = NULL; | |
| cbTokenIL = 0; | |
| } | |
| // Throw the error if something failed in the function. | |
| if (ERROR_SUCCESS != dwError) | |
| { | |
| throw dwError; | |
| } | |
| return dwIntegrityLevel; | |
| } | |
| int main(int argc, char* argv[]) { | |
| // Get and display the process integrity level. | |
| DWORD const dwIntegrityLevel = GetProcessIntegrityLevel(); | |
| switch (dwIntegrityLevel) | |
| { | |
| case SECURITY_MANDATORY_UNTRUSTED_RID: std::cout << "Integrity Level: Untrusted\n" << std::endl; break; | |
| case SECURITY_MANDATORY_LOW_RID: std::cout << "Integrity Level: Low\n" << std::endl; break; | |
| case SECURITY_MANDATORY_MEDIUM_RID: std::cout << "Integrity Level: Medium\n" << std::endl; break; | |
| case SECURITY_MANDATORY_HIGH_RID: std::cout << "Integrity Level: High\n" << std::endl; break; | |
| case SECURITY_MANDATORY_SYSTEM_RID: std::cout << "Integrity Level: System\n" << std::endl; break; | |
| default: std::cout << "Integrity Level: Unknown\n" << std::endl; break; | |
| } | |
| system("pause"); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment