rbmm/gist:9a64857ff9d1f80d996c6aff6295459c

## gistfile1.txt
#include <ntlsa.h>

VOID CheckWindowsPrivileges(DWORD PID)
{
	if (HANDLE hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, PID))
	{
		HANDLE hToken;
		BOOL b = OpenProcessToken(hProcess, TOKEN_QUERY, &hToken);
		CloseHandle(hProcess);
		if (b)
		{
			PVOID stack = alloca(guz);
			ULONG cb = 0, rcb = __builtin_offsetof(TOKEN_PRIVILEGES, Privileges[3]);
			union {
				PVOID buf;
				PTOKEN_PRIVILEGES pPrivileges;
			};
			ULONG dwError;

			do
			{
				if (cb < rcb)
				{
					// /RTC* must be off
					cb = RtlPointerToOffset(buf = alloca(rcb - cb), stack);
				}

				dwError = GetTokenInformation(hToken, ::TokenPrivileges, buf, cb, &rcb) ? NOERROR : GetLastError();

			} while (ERROR_INSUFFICIENT_BUFFER == dwError);

			CloseHandle(hToken);

			if (NOERROR == dwError)
			{
				if (ULONG PrivilegeCount = pPrivileges->PrivilegeCount)
				{
					PLUID_AND_ATTRIBUTES Privileges = pPrivileges->Privileges;

					LSA_HANDLE PolicyHandle;
					LSA_OBJECT_ATTRIBUTES oa = { sizeof(oa) };
					if (0 <= LsaOpenPolicy(0, &oa, POLICY_LOOKUP_NAMES, &PolicyHandle))
					{
						do
						{
							PUNICODE_STRING Name;
							NTSTATUS status;
							if (0 <= (status = LsaLookupPrivilegeName(PolicyHandle, &Privileges->Luid, &Name)))
							{
								DbgPrint("%08x [%08x] %wZ\n", Privileges->Luid.LowPart, Privileges->Attributes, Name);
								LsaFreeMemory(Name->Buffer);
								LsaFreeMemory(Name);
							}
							else
							{
								DbgPrint("%08x [%08x] //%x\n", Privileges->Luid.LowPart, Privileges->Attributes, status);
							}

						} while (Privileges++, --PrivilegeCount);

						LsaClose(PolicyHandle);
					}
				}
			}
		}
	}
}
	#include <ntlsa.h>

	VOID CheckWindowsPrivileges(DWORD PID)
	{
	if (HANDLE hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, PID))
	{
	HANDLE hToken;
	BOOL b = OpenProcessToken(hProcess, TOKEN_QUERY, &hToken);
	CloseHandle(hProcess);
	if (b)
	{
	PVOID stack = alloca(guz);
	ULONG cb = 0, rcb = __builtin_offsetof(TOKEN_PRIVILEGES, Privileges[3]);
	union {
	PVOID buf;
	PTOKEN_PRIVILEGES pPrivileges;
	};
	ULONG dwError;

	do
	{
	if (cb < rcb)
	{
	// /RTC* must be off
	cb = RtlPointerToOffset(buf = alloca(rcb - cb), stack);
	}

	dwError = GetTokenInformation(hToken, ::TokenPrivileges, buf, cb, &rcb) ? NOERROR : GetLastError();

	} while (ERROR_INSUFFICIENT_BUFFER == dwError);

	CloseHandle(hToken);

	if (NOERROR == dwError)
	{
	if (ULONG PrivilegeCount = pPrivileges->PrivilegeCount)
	{
	PLUID_AND_ATTRIBUTES Privileges = pPrivileges->Privileges;

	LSA_HANDLE PolicyHandle;
	LSA_OBJECT_ATTRIBUTES oa = { sizeof(oa) };
	if (0 <= LsaOpenPolicy(0, &oa, POLICY_LOOKUP_NAMES, &PolicyHandle))
	{
	do
	{
	PUNICODE_STRING Name;
	NTSTATUS status;
	if (0 <= (status = LsaLookupPrivilegeName(PolicyHandle, &Privileges->Luid, &Name)))
	{
	DbgPrint("%08x [%08x] %wZ\n", Privileges->Luid.LowPart, Privileges->Attributes, Name);
	LsaFreeMemory(Name->Buffer);
	LsaFreeMemory(Name);
	}
	else
	{
	DbgPrint("%08x [%08x] //%x\n", Privileges->Luid.LowPart, Privileges->Attributes, status);
	}

	} while (Privileges++, --PrivilegeCount);

	LsaClose(PolicyHandle);
	}
	}
	}
	}
	}
	}