Issue PInvoking GetTokenInformation using TokenElevation

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Orlando - 16 Nov 2006 06:02 GMT

Hi,
I need to reproduce the code here using C#/pinvoke:
http://blogs.msdn.com/cjacks/archive/2006/10/09/How-to-Determine-if-a-User-is-a-
Member-of-the-Administrators-Group-with-UAC-Enabled-on-Windows-Vista.aspx

Unfortunately, my attempts aren't panning out - the returned values are off
fromw what they should be. Any help would be appreciated.

thanks,
Orlando

My code, stripped for clarity (although i've also gotten the same results
using IntPtr instead of out TOKEN_ELEVATION_TYPE):

private static bool? TryGetIsInAdminRole()
{
IntPtr tokenHandle;
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, out tokenHandle);

try
{
uint tokenInformationBufferLength = 0;
GetTokenInformation(tokenHandle, TOKEN_INFORMATION_CLASS.TokenElevation,
IntPtr.Zero    tokenInformationBufferLength, out tokenInformationBufferLength);
TOKEN_ELEVATION_TYPE tokenElevation;
GetTokenInformation(tokenHandle,
TOKEN_INFORMATION_CLASS.TokenElevation,                out tokenElevation,
tokenInformationBufferLength, out tokenInformationBufferLength);

/* Arghhh, this returns tokenElevation = 0 when it should be
TokenElevationTypeLimited, and TokenElevationTypeDefault when it should be
TokenElevationTypeFull (which are the values returned by the C++ code)*/

return (tokenElevation != TOKEN_ELEVATION_TYPE.TokenElevationTypeDefault);
}
finally
{
CloseHandle(tokenHandle);
}
}

[DllImport("advapi32.dll", SetLastError = true)]
        static extern bool OpenProcessToken(
            IntPtr ProcessHandle,
            UInt32 DesiredAccess,
            out IntPtr TokenHandle);

        enum TOKEN_ELEVATION_TYPE : int
        {
            TokenElevationTypeDefault = 1,
            TokenElevationTypeFull,
            TokenElevationTypeLimited
        }

        enum TOKEN_INFORMATION_CLASS : int
        {
            TokenUser = 1,
            TokenGroups,
            TokenPrivileges,
            TokenOwner,
            TokenPrimaryGroup,
            TokenDefaultDacl,
            TokenSource,
            TokenType,
            TokenImpersonationLevel,
            TokenStatistics,
            TokenRestrictedSids,
            TokenSessionId,
            TokenGroupsAndPrivileges,
            TokenSessionReference,
            TokenSandBoxInert,
            TokenAuditPolicy,
            TokenOrigin,
            TokenElevationType,
            TokenLinkedToken,
            TokenElevation,
            TokenHasRestrictions,
            TokenAccessInformation,
            TokenVirtualizationAllowed,
            TokenVirtualizationEnabled,
            TokenIntegrityLevel,
            TokenUIAccess,
            TokenMandatoryPolicy,
            TokenLogonSid,
            MaxTokenInfoClass
        }

[DllImport("advapi32.dll", SetLastError = true)]
static extern bool GetTokenInformation(
/*HANDLE*/ IntPtr TokenHandle,
/*TOKEN_INFORMATION_CLASS*/ TOKEN_INFORMATION_CLASS TokenInformationClass,
/*LPVOID*/out TOKEN_ELEVATION_TYPE TokenInformation,
/*DWORD*/UInt32 TokenInformationLength,
/*PDWORD*/ out UInt32 ReturnLength);

[DllImport("advapi32.dll", SetLastError = true)]
static extern bool GetTokenInformation(
/*HANDLE*/ IntPtr TokenHandle,
/*TOKEN_INFORMATION_CLASS*/ TOKEN_INFORMATION_CLASS TokenInformationClass,
/*LPVOID*/IntPtr TokenInformation,
/*DWORD*/UInt32 TokenInformationLength,
/*PDWORD*/ out UInt32 ReturnLength);

        [DllImport("kernel32.dll", SetLastError = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        static extern bool CloseHandle(IntPtr hObject);

        [DllImport("kernel32.dll")]
        static extern IntPtr GetCurrentProcess();

Here's the C++ that works great

#include "stdafx.h"
#include <windows.h>
#include <stdio.h>

int main() {
HANDLE hToken;
TOKEN_ELEVATION_TYPE elevationType;
DWORD dwSize;

OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken);
GetTokenInformation(hToken, TokenElevationType, &elevationType,
sizeof(elevationType), &dwSize);

switch (elevationType) {
case TokenElevationTypeDefault:
wprintf(TEXT("\nTokenElevationTypeDefault - User is not using a split
token.\n"));
break;
case TokenElevationTypeFull:
wprintf(TEXT("\nTokenElevationTypeFull - User has a split token, and
the process is running elevated.\n"));
break;
case TokenElevationTypeLimited:
wprintf(TEXT("\nTokenElevationTypeLimited - User has a split token,
but the process is not running elevated.\n"));
break;
}

if (hToken) {
CloseHandle(hToken);
}
Sleep(10000);
}

Reply to this Message

Walter Wang [MSFT] - 16 Nov 2006 11:21 GMT

Hi,

Your code seems passing the 3rd parameter incorrectly to
GetTokenInformation. Try following code instead:

using System;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;

namespace ConsoleApplication1
{
class Program
{
enum TOKEN_ELEVATION_TYPE
{
TokenElevationTypeDefault = 1,
TokenElevationTypeFull,
TokenElevationTypeLimited
}

enum TOKEN_INFORMATION_CLASS
{
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics,
TokenRestrictedSids,
TokenSessionId,
TokenGroupsAndPrivileges,
TokenSessionReference,
TokenSandBoxInert,
TokenAuditPolicy,
TokenOrigin,
TokenElevationType,
TokenLinkedToken,
TokenElevation,
TokenHasRestrictions,
TokenAccessInformation,
TokenVirtualizationAllowed,
TokenVirtualizationEnabled,
TokenIntegrityLevel,
TokenUIAccess,
TokenMandatoryPolicy,
TokenLogonSid,
MaxTokenInfoClass // MaxTokenInfoClass should always be the
last enum
}
const UInt32 TOKEN_QUERY = 0x0008;

[DllImport("kernel32.dll")]
static extern IntPtr GetCurrentProcess();

[DllImport("advapi32.dll", SetLastError = true)]
static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32
DesiredAccess, out IntPtr TokenHandle);

[DllImport("advapi32.dll", SetLastError = true)]
static extern bool GetTokenInformation(IntPtr TokenHandle,
TOKEN_INFORMATION_CLASS TokenInformationClass, IntPtr TokenInformation,
uint TokenInformationLength, out uint ReturnLength);

static void Main(string[] args)
{
IntPtr hToken;
TOKEN_ELEVATION_TYPE elevationType;
IntPtr pElevationType =
Marshal.AllocHGlobal(sizeof(TOKEN_ELEVATION_TYPE));
uint dwSize;

OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, out hToken);
GetTokenInformation(hToken,
TOKEN_INFORMATION_CLASS.TokenElevationType, pElevationType,
sizeof(TOKEN_ELEVATION_TYPE), out dwSize);
elevationType =
(TOKEN_ELEVATION_TYPE)Marshal.ReadInt32(pElevationType);
Marshal.FreeHGlobal(pElevationType);

switch (elevationType)
{
case TOKEN_ELEVATION_TYPE.TokenElevationTypeDefault:
Console.WriteLine("\nTokenElevationTypeDefault - User
is not using a split token.\n");
break;
case TOKEN_ELEVATION_TYPE.TokenElevationTypeFull:
Console.WriteLine("\nTokenElevationTypeFull - User has
a split token, and the process is running elevated.\n");
break;
case TOKEN_ELEVATION_TYPE.TokenElevationTypeLimited:
Console.WriteLine("\nTokenElevationTypeLimited - User
has a split token, but the process is not running elevated.\n");
break;
}
}
}
}

Let me know if this works on your side. Thanks.

Sincerely,
Walter Wang (wawang@online.microsoft.com, remove 'online.')
Microsoft Online Community Support

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications. If you are using Outlook Express, please make sure you clear the
check box "Tools/Options/Read: Get 300 headers at a time" to see your reply
promptly.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Reply to this Message

Orlando - 16 Nov 2006 21:52 GMT

Yup, works great. Thanks!

> Hi,
>
[quoted text clipped - 126 lines]
>
> This posting is provided "AS IS" with no warranties, and confers no rights.

Reply to this Message

Issue PInvoking GetTokenInformation using TokenElevation

Free Magazines