/// <summary> /// You can only call this if you are elevated. /// </summary> public static SafeProcessHandle StartAttachedWithIntegrity(IntegrityLevel integrityLevel, string appToRun, string args, string startupFolder, bool newWindow, bool hidden) { // must return a process Handle because we cant create a Process() from a handle and get the exit code. Logger.Instance.Log($"{nameof(StartAttachedWithIntegrity)}: {appToRun} {args}", LogLevel.Debug); int currentIntegrity = ProcessHelper.GetCurrentIntegrityLevel(); SafeTokenHandle newToken; if ((int)integrityLevel == currentIntegrity) { return(new SafeProcessHandle(StartAttached(appToRun, args).Handle, true)); } if (integrityLevel >= IntegrityLevel.Medium) // Unelevation request. { try { return(TokenProvider .CreateFromSystemAccount() .EnablePrivilege(Privilege.SeIncreaseQuotaPrivilege, false) .EnablePrivilege(Privilege.SeAssignPrimaryTokenPrivilege, false) .Impersonate(() => { newToken = TokenProvider.CreateFromCurrentProcessToken().GetLinkedToken() .SetIntegrity(integrityLevel) .GetToken(); using (newToken) { return CreateProcessAsUser(newToken, appToRun, args, startupFolder, newWindow, hidden); } })); } catch (Exception e) { Logger.Instance.Log("Unable to get unelevated token. (Is UAC enabled?) Fallback to SaferApi Token but this process won't be able to elevate." + e.Message, LogLevel.Debug); newToken = TokenProvider.CreateFromSaferApi(SaferLevels.NormalUser) .SetIntegrity(integrityLevel) .GetToken(); } using (newToken) { return(CreateProcessAsUser(newToken, appToRun, args, startupFolder, newWindow, hidden)); } } else { // Integrity < Medium var tf = TokenProvider.CreateFromSaferApi(integrityLevel.ToSaferLevel()) .SetIntegrity(integrityLevel); newToken = tf.GetToken(); } using (newToken) { return(CreateProcessAsUser(newToken, appToRun, args, startupFolder, newWindow, hidden)); } }
public static bool IsHighIntegrity() { return(ProcessHelper.GetCurrentIntegrityLevel() >= (int)IntegrityLevel.High); }