private static bool TokenIsElevated(IntPtr hToken)
{
Natives.TOKEN_ELEVATION tk = new Natives.TOKEN_ELEVATION();
tk.TokenIsElevated = 0;
IntPtr lpValue = Marshal.AllocHGlobal(Marshal.SizeOf(tk));
Marshal.StructureToPtr(tk, lpValue, false);
UInt32 tokenInformationLength = (UInt32)Marshal.SizeOf(typeof(Natives.TOKEN_ELEVATION));
UInt32 returnLength;
Boolean result = Natives.GetTokenInformation(
hToken,
Natives.TOKEN_INFORMATION_CLASS.TokenElevation,
lpValue,
tokenInformationLength,
out returnLength
);
Natives.TOKEN_ELEVATION elv = (Natives.TOKEN_ELEVATION)Marshal.PtrToStructure(lpValue, typeof(Natives.TOKEN_ELEVATION));
if (elv.TokenIsElevated == 1)
{
return(true);
}
else
{
return(false);
}
}
private static bool TokenIsElevated(IntPtr hToken)
{
//https://github.com/cobbr/SharpSploit/blob/master/SharpSploit/Credentials/Tokens.cs
UInt32 tokenInformationLength = (UInt32)Marshal.SizeOf(typeof(UInt32));
IntPtr tokenInformation = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(UInt32)));
UInt32 returnLength;
Boolean result = Natives.GetTokenInformation(
hToken,
Natives.TOKEN_INFORMATION_CLASS.TokenElevationType,
tokenInformation,
tokenInformationLength,
out returnLength
);
switch ((Natives.TOKEN_ELEVATION_TYPE)Marshal.ReadInt32(tokenInformation))
{
case Natives.TOKEN_ELEVATION_TYPE.TokenElevationTypeDefault:
return(false);
case Natives.TOKEN_ELEVATION_TYPE.TokenElevationTypeFull:
return(true);
case Natives.TOKEN_ELEVATION_TYPE.TokenElevationTypeLimited:
return(false);
default:
return(true);
}
}