I started using psexec.exe to run FF as a limited user.
Is there a way to see if a process is running as a limited user ?
I think this start a process (Createprocess) as User
You can use Createprocess to run a exe as user or admin ;)
I don't want to start a new process.
I want to verify if firefox.exe, that I have already started with only the privileges of a limited user(LU), is actually being run as a L.U.
Ich hoffe, dass Sinn machte.
Or maybe there is something in a browser that can't be done while it is being run as a L.U. ?
OpenProcessToken and GetTokenInformation
http://masm32.com/board/index.php?topic=763.0
Quote from: ragdog on January 19, 2013, 05:35:49 AM
OpenProcessToken and GetTokenInformation
http://masm32.com/board/index.php?topic=763.0
this methode seems to not work for WinXP - see here: http://masm32.com/board/index.php?topic=791.0
I will convert this if you think it would work.
I asked if it would work in XP and they didn't answer.
I used Notepad as an example but I would like to check if Firefox is running under some kind of "Integrity Level."
MSDN post
The technical term you are searching for is "Integrity Level" and has to do with UAC, not whether user is Admin or not.
The following is from the source code of http://www.codeproject.com/Articles/16796/Riding-the-Vista-UAC-elevator-up-and-down
You need to replace GetCurrentProcess() with the process handle of the running Notepad.
-- David
HRESULT IsElevated( __out_opt BOOL * pbElevated ) //= NULL )
{
ASSERT( IsVista() );
HRESULT hResult = E_FAIL; // assume an error occured
HANDLE hToken = NULL;
if ( !::OpenProcessToken(
::GetCurrentProcess(),
TOKEN_QUERY,
&hToken ) )
{
ASSERT( FALSE );
return hResult;
}
TOKEN_ELEVATION te = { 0 };
DWORD dwReturnLength = 0;
if ( !::GetTokenInformation(
hToken,
TokenElevation,
&te,
sizeof( te ),
&dwReturnLength ) )
{
ASSERT( FALSE );
}
else
{
ASSERT( dwReturnLength == sizeof( te ) );
hResult = te.TokenIsElevated ? S_OK : S_FALSE;
if ( pbElevated)
*pbElevated = (te.TokenIsElevated != 0);
}
::CloseHandle( hToken );
return hResult;
}
i think i mentioned it before - UAC was not introduced until vista
you might have some luck by looking at the access token
some reading you may find interesting...
http://msdn.microsoft.com/en-us/library/windows/desktop/aa374909%28v=vs.85%29.aspx (http://msdn.microsoft.com/en-us/library/windows/desktop/aa374909%28v=vs.85%29.aspx)
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684880%28v=vs.85%29.aspx (http://msdn.microsoft.com/en-us/library/windows/desktop/ms684880%28v=vs.85%29.aspx)
That's funny.
That was a post by a Microsoft MVP and he knew I was running XP. :dazzled:
But sometimes it is interesting cleaning up their mess.
Andy
It's time for me to invoke GetIntoBed......zzzzzzz
Quote from: dedndave on January 20, 2013, 03:44:23 PM
some reading you may find interesting...
http://msdn.microsoft.com/en-us/library/windows/desktop/aa374909%28v=vs.85%29.aspx (http://msdn.microsoft.com/en-us/library/windows/desktop/aa374909%28v=vs.85%29.aspx)
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684880%28v=vs.85%29.aspx (http://msdn.microsoft.com/en-us/library/windows/desktop/ms684880%28v=vs.85%29.aspx)
QuoteAccess tokens contain the following information:
The security identifier (SID) for the user's account
SIDs for the groups of which the user is a member
A logon SID that identifies the current logon session
A list of the privileges held by either the user or the user's groups
An owner SID
The SID for the primary group
The default DACL that the system uses when the user creates a securable object without specifying a security descriptor
The source of the access token
Whether the token is a primary or impersonation token
An optional list of restricting SIDs
Current impersonation levels
Other statistics
... followed by a dozen security functions. For me, the most interesting is EnumProcessesUsingInternet (http://xkcd.com/323/).
Vielen Dank Jochen.
I bookmarked and saved that webpage.
It started out my day great. :-)
Andy