nacerbaaziz Posted June 13, 2020 Posted June 13, 2020 hello autoit team is there any wey to check if any process run as admin or no? i mean e.g if i want to restart any process, now i have the ability to get the process path and commands line what i need is a wey to check if the process was runing as admin or no to restart it with the same state. here is the part that am using it to restart the process func _processRestart($i_pid, $s_ProcessPath) if not (ProcessExists($i_ProcessPid)) then return SetError(1, 0, -1) local $s_ProcessWorkDir = _WinAPI_GetProcessWorkingDirectory($i_ProcessPid) ProcessClose($i_ProcessPid) ProcessWaitClose($i_ProcessPid) ProcessWait(ShellExecute($i_pid,"", $s_ProcessWorkDir)) ProcessesGetList() return true endFunc thanks in advance mLipok 1
Developers Jos Posted June 13, 2020 Developers Posted June 13, 2020 Do you want to know whether the User running the process has Admin rights or do you want to know whether the process is running elevated (_WinAPI_IsElevated())? Jos nacerbaaziz 1 SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
nacerbaaziz Posted June 13, 2020 Author Posted June 13, 2020 (edited) @Jos thanks for the speed on answer am asking about the externel process, e.g check if notepad.exe is runing as admin inedition to if the user is admin to ask it to enter the password if it isn't admin thx in advence Edited June 13, 2020 by nacerbaaziz
Developers Jos Posted June 13, 2020 Developers Posted June 13, 2020 So have you looked at and tested with the UDF I pointed you to if that is what you want as your answer is still not conclusive? Jos nacerbaaziz 1 SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
nacerbaaziz Posted June 13, 2020 Author Posted June 13, 2020 (edited) @Jos _WinAPI_IsElevated() this to get the if the current process run as admin or no. Edited June 13, 2020 by nacerbaaziz
Developers Jos Posted June 13, 2020 Developers Posted June 13, 2020 Your last post is a statement which doesn't make much sense to me, unless it was meant as some sort of question? 😕 So Yes, did you try the _WinAPI_IsElevated() UDF to see if that does what you want? Jos nacerbaaziz 1 SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
nacerbaaziz Posted June 13, 2020 Author Posted June 13, 2020 (edited) @Jos I'm sorry if I bothered you. yes i read the UDF _WinAPI_IsElevated ( ) is not have params to select the pid or name of process so, what i need to is a function that give me if any process is runing as admin or not, e.g Notepad.exe or Chrome.exe ....eetc i hope that i can find that. thx Edited June 13, 2020 by nacerbaaziz
Developers Jos Posted June 13, 2020 Developers Posted June 13, 2020 Indeed it is about the current process elevation level. I couldn't find an already made UDF so made a copy of the UDF and added the option for a PID. Just have a try with this _WinAPI_IsElevated_pid($iPID) version: expandcollapse popup#RequireAdmin #include <WinAPIProc.au3> ConsoleWrite('Current process = ' & _WinAPI_IsElevated_pid() & ' >Error code: ' & @error & @CRLF) ;### Debug Console ; Display a list of Notepad processes returned by ProcessList. Local $aProcessList = ProcessList() For $i = 1 To $aProcessList[0][0] ConsoleWrite($aProcessList[$i][0] & ' = ' & _WinAPI_IsElevated_pid($aProcessList[$i][1]) & ' >Error code: ' & @error & @CRLF) ;### Debug Console Next ; #FUNCTION# ==================================================================================================================== ; Author.........: Yashied ; Modified.......: jpm. Jos ; =============================================================================================================================== Func _WinAPI_IsElevated_pid($iPID=0) Local $aAdjust, $hToken, $iElev, $aRet, $iError = 0 ; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY)) _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust) If $iPID <> 0 then Local $hProcess = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'dword', (($__WINVER < 0x0600) ? 0x00000400 : 0x00001000), _ 'bool', 0, 'dword', $iPID) If @error Or Not $hProcess[0] Then Return SetError(@error + 20, @extended, 0) $hToken = _WinAPI_OpenProcessToken(0x0008, $hProcess[0]) Else $hToken = _WinAPI_OpenProcessToken(0x0008) EndIf If Not $hToken Then Return SetError(@error + 10, @extended, False) Do $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 20, 'uint*', 0, 'dword', 4, _ 'dword*', 0) ; TOKEN_ELEVATION If @error Or Not $aRet[0] Then $iError = @error + 10 ExitLoop EndIf $iElev = $aRet[3] $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 18, 'uint*', 0, 'dword', 4, _ 'dword*', 0) ; TOKEN_ELEVATION_TYPE If @error Or Not $aRet[0] Then $iError = @error + 20 ExitLoop EndIf Until 1 DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hToken) If $iError Then Return SetError($iError, 0, False) Return SetExtended($aRet[0] - 1, $iElev) EndFunc ;==>_WinAPI_IsElevated_pid EDIT: Updated the code after some more testing. Obviously you need to run this elevated to get info from elevated processes. Jos nacerbaaziz and mLipok 2 SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
nacerbaaziz Posted June 13, 2020 Author Posted June 13, 2020 @Jos that exact what i need to but it have a small problem the function always return 1 here is what i tried expandcollapse popup#RequireAdmin #include <WinAPIProc.au3> $list = ProcessList("CMD.exe") if not @Error then for $i = 1 to $list[0][0] if _WinAPI_IsElevated_pid($list[$i][1]) then MSGBox(64, "", 1) else MSGBox(64, "", 0) endIf next endIf ; #FUNCTION# ==================================================================================================================== ; Author.........: Yashied ; Modified.......: jpm. Jos ; =============================================================================================================================== Func _WinAPI_IsElevated_pid($iPID) Local $iElev, $aRet, $iError = 0 Local $hProcess = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'dword', (($__WINVER < 0x0600) ? 0x00000400 : 0x00001000), _ 'bool', 0, 'dword', $iPID) If @error Or Not $hProcess[0] Then Return SetError(@error + 20, @extended, 0) Local $hToken = _WinAPI_OpenProcessToken(0x0008, $hProcess) If Not $hToken Then Return SetError(@error + 10, @extended, False) Do $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 20, 'uint*', 0, 'dword', 4, _ 'dword*', 0) ; TOKEN_ELEVATION If @error Or Not $aRet[0] Then $iError = @error + 10 ExitLoop EndIf $iElev = $aRet[3] $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 18, 'uint*', 0, 'dword', 4, _ 'dword*', 0) ; TOKEN_ELEVATION_TYPE If @error Or Not $aRet[0] Then $iError = @error + 20 ExitLoop EndIf Until 1 DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hToken) If $iError Then Return SetError($iError, 0, False) Return SetExtended($aRet[0] - 1, $iElev) EndFunc ;==>_WinAPI_IsElevated_pid i hope you can help me
Developers Jos Posted June 13, 2020 Developers Posted June 13, 2020 (edited) 8 minutes ago, nacerbaaziz said: but it have a small problem the function always return 1 Have you tried my last example? that should show also many non elevated processes (0). EDIT: Also started a cmd.exe and ran my script which returned cmd.exe = 0 >Error code: 0 So all looks correct to me. Edited June 13, 2020 by Jos nacerbaaziz 1 SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
nacerbaaziz Posted June 13, 2020 Author Posted June 13, 2020 @Jos thank you very much the last example is working successFully Merci beaucoup expandcollapse popup#RequireAdmin #include <WinAPIProc.au3> $list = ProcessList("CMD.exe") if not @Error then for $i = 1 to $list[0][0] if _WinAPI_IsElevated_pid($list[$i][1]) then MSGBox(64, "", 1) else MSGBox(64, "", 0) endIf next endIf ; #FUNCTION# ==================================================================================================================== ; Author.........: Yashied ; Modified.......: jpm. Jos ; =============================================================================================================================== Func _WinAPI_IsElevated_pid($iPID=0) Local $aAdjust, $hToken, $iElev, $aRet, $iError = 0 ; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY)) _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust) If $iPID <> 0 then Local $hProcess = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'dword', (($__WINVER < 0x0600) ? 0x00000400 : 0x00001000), _ 'bool', 0, 'dword', $iPID) If @error Or Not $hProcess[0] Then Return SetError(@error + 20, @extended, 0) $hToken = _WinAPI_OpenProcessToken(0x0008, $hProcess[0]) Else $hToken = _WinAPI_OpenProcessToken(0x0008) EndIf If Not $hToken Then Return SetError(@error + 10, @extended, False) Do $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 20, 'uint*', 0, 'dword', 4, _ 'dword*', 0) ; TOKEN_ELEVATION If @error Or Not $aRet[0] Then $iError = @error + 10 ExitLoop EndIf $iElev = $aRet[3] $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 18, 'uint*', 0, 'dword', 4, _ 'dword*', 0) ; TOKEN_ELEVATION_TYPE If @error Or Not $aRet[0] Then $iError = @error + 20 ExitLoop EndIf Until 1 DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hToken) If $iError Then Return SetError($iError, 0, False) Return SetExtended($aRet[0] - 1, $iElev) EndFunc ;==>_WinAPI_IsElevated_pid mLipok 1
Developers Jos Posted June 13, 2020 Developers Posted June 13, 2020 @nacerbaaziz.... great @jpm, Would it be an idea to update the current _WinAPI_IsElevated() with the above version as it is compatible with the option to supply the process PID? Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
jpm Posted June 13, 2020 Posted June 13, 2020 @Jos it would be useful only if run in admin mode some doc have to be updated
argumentum Posted December 12, 2024 Posted December 12, 2024 (edited) _WinAPI_IsElevated_pid() do not close all handles Spoiler expandcollapse popup#RequireAdmin #include <WinAPIProc.au3> ConsoleWrite("ProcessHandleCount: " & _WinAPI_GetProcessHandleCount() & @CRLF) ConsoleWrite('Current process = ' & _WinAPI_IsElevated_pid() & ' >Error code: ' & @error & @CRLF) ;### Debug Console ; Display a list of Notepad processes returned by ProcessList. Local $aProcessList = ProcessList() For $i = 1 To $aProcessList[0][0] _WinAPI_IsElevated_pid($aProcessList[$i][1]) ;~ ConsoleWrite($aProcessList[$i][0] & ' = ' & _WinAPI_IsElevated_pid($aProcessList[$i][1]) & ' >Error code: ' & @error & @CRLF) ;### Debug Console Next ConsoleWrite("ProcessHandleCount: " & _WinAPI_GetProcessHandleCount() & @CRLF) ; #FUNCTION# ==================================================================================================================== ; Author.........: Yashied ; Modified.......: jpm. Jos ; =============================================================================================================================== Func _WinAPI_IsElevated_pid($iPID=0) Local $aAdjust, $hToken, $iElev, $aRet, $iError = 0 ; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY)) _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust) If $iPID <> 0 then Local $hProcess = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'dword', 0x00001000, _ 'bool', 0, 'dword', $iPID) If @error Or Not $hProcess[0] Then Return SetError(@error + 20, @extended, 0) $hToken = _WinAPI_OpenProcessToken(0x0008, $hProcess[0]) Else $hToken = _WinAPI_OpenProcessToken(0x0008) EndIf If Not $hToken Then Return SetError(@error + 10, @extended, False) Do $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 20, 'uint*', 0, 'dword', 4, _ 'dword*', 0) ; TOKEN_ELEVATION If @error Or Not $aRet[0] Then $iError = @error + 10 ExitLoop EndIf $iElev = $aRet[3] $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 18, 'uint*', 0, 'dword', 4, _ 'dword*', 0) ; TOKEN_ELEVATION_TYPE If @error Or Not $aRet[0] Then $iError = @error + 20 ExitLoop EndIf Until 1 DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hToken) If $iError Then Return SetError($iError, 0, False) Return SetExtended($aRet[0] - 1, $iElev) EndFunc ;==>_WinAPI_IsElevated_pid @Jos, can you fix it ? Edited December 12, 2024 by argumentum used you code Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting.
Nine Posted December 12, 2024 Posted December 12, 2024 There is a small bug in _WinAPI_IsElevated(). The successful return should be : Return SetExtended($aCall[3] - 1, $iElev) not Return SetExtended($aCall[0] - 1, $iElev) “They did not know it was impossible, so they did it” ― Mark Twain Spoiler Block all input without UAC Save/Retrieve Images to/from Text Monitor Management (VCP commands) Tool to search in text (au3) files Date Range Picker Virtual Desktop Manager Sudoku Game 2020 Overlapped Named Pipe IPC HotString 2.0 - Hot keys with string x64 Bitwise Operations Multi-keyboards HotKeySet Recursive Array Display Fast and simple WCD IPC Multiple Folders Selector Printer Manager GIF Animation (cached) Debug Messages Monitor UDF Screen Scraping Round Corner GUI UDF Multi-Threading Made Easy Interface Object based on Tag
Developers Jos Posted December 12, 2024 Developers Posted December 12, 2024 This is a change to the func to close all $hToken handles properly: expandcollapse popup; #FUNCTION# ==================================================================================================================== ; Author.........: Yashied ; Modified.......: jpm. Jos ; =============================================================================================================================== Func _WinAPI_IsElevated_pid($iPID=0) Local $aAdjust, $hToken, $iElev, $aRet, $iError = 0 ; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY)) _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust) _WinAPI_CloseHandle($hToken) If $iPID <> 0 then Local $hProcess = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'dword', 0x00001000, _ 'bool', 0, 'dword', $iPID) If @error Or Not $hProcess[0] Then Return SetError(@error + 20, @extended, 0) $hToken = _WinAPI_OpenProcessToken(0x0008, $hProcess[0]) Else $hToken = _WinAPI_OpenProcessToken(0x0008) EndIf If Not $hToken Then Return SetError(@error + 10, @extended, False) Do $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 20, 'uint*', 0, 'dword', 4, _ 'dword*', 0) ; TOKEN_ELEVATION If @error Or Not $aRet[0] Then $iError = @error + 10 ExitLoop EndIf $iElev = $aRet[3] $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 18, 'uint*', 0, 'dword', 4, _ 'dword*', 0) ; TOKEN_ELEVATION_TYPE If @error Or Not $aRet[0] Then $iError = @error + 20 ExitLoop EndIf Until 1 _WinAPI_CloseHandle($hToken) If $iError Then Return SetError($iError, 0, False) Return SetExtended($aRet[0] - 1, $iElev) EndFunc ;==>_WinAPI_IsElevated_pid SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
jpm Posted December 12, 2024 Posted December 12, 2024 Ok but still the @extended must be set to $aRet[3] - 1
Nine Posted December 12, 2024 Posted December 12, 2024 ... and $hProcess[0] should also be closed “They did not know it was impossible, so they did it” ― Mark Twain Spoiler Block all input without UAC Save/Retrieve Images to/from Text Monitor Management (VCP commands) Tool to search in text (au3) files Date Range Picker Virtual Desktop Manager Sudoku Game 2020 Overlapped Named Pipe IPC HotString 2.0 - Hot keys with string x64 Bitwise Operations Multi-keyboards HotKeySet Recursive Array Display Fast and simple WCD IPC Multiple Folders Selector Printer Manager GIF Animation (cached) Debug Messages Monitor UDF Screen Scraping Round Corner GUI UDF Multi-Threading Made Easy Interface Object based on Tag
ioa747 Posted December 12, 2024 Posted December 12, 2024 @Nine I've been trying it since yesterday, and I always have a leak. I've never come out with a Handle Count equal to the ones I entered. Apparently, in some failure it comes out before closing the Handle expandcollapse popup#RequireAdmin #include <WinAPIProc.au3> ConsoleWrite("ProcessHandleCount: " & _WinAPI_GetProcessHandleCount() & @CRLF) ; Display a list of Notepad processes returned by ProcessList. Local $aProcessList = ProcessList() For $i = 1 To $aProcessList[0][0] ConsoleWrite(" " & $i & ") ") ConsoleWrite($aProcessList[$i][0]) Local $iElev = _WinAPI_IsElevated_pid($aProcessList[$i][1]) Local $err = @error Local $ext = @extended ConsoleWrite($err <> 0 ? " *** @error:" & $err : "") ConsoleWrite($ext <> 0 ? " * @extended:" & $ext : "") ConsoleWrite(" (" & $iElev & ")" & @CRLF) Next ConsoleWrite("ProcessHandleCount: " & _WinAPI_GetProcessHandleCount() & @CRLF) ; #FUNCTION# ==================================================================================================================== ; Author.........: Yashied ; Modified.......: jpm. Jos ; =============================================================================================================================== Func _WinAPI_IsElevated_pid($iPID = 0) Local $aAdjust, $hToken, $iElev, $aRet, $iError = 0 Local $hProcess = 0 ; Enable "SeDebugPrivilege" privilege for obtaining full access rights to other processes $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY)) If Not $hToken Then Return SetError(@error + 10, @extended, False) _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust) DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hToken) ; Close the token handle used for privilege adjustment If $iPID <> 0 Then $hProcess = DllCall("kernel32.dll", "handle", "OpenProcess", "dword", 0x00001000, _ "bool", 0, "dword", $iPID) If @error Or Not $hProcess[0] Then Return SetError(@error + 20, @extended, 0) $hToken = _WinAPI_OpenProcessToken(0x0008, $hProcess[0]) If Not $hToken Then DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess[0]) ; Close the process handle Return SetError(@error + 10, @extended, False) EndIf DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess[0]) ; Close the process handle Else $hToken = _WinAPI_OpenProcessToken(0x0008) If Not $hToken Then Return SetError(@error + 10, @extended, False) EndIf Do $aRet = DllCall("advapi32.dll", "bool", "GetTokenInformation", "handle", $hToken, "uint", 20, "uint*", 0, "dword", 4, _ "dword*", 0) ; TOKEN_ELEVATION If @error Or Not $aRet[0] Then $iError = @error + 10 ExitLoop EndIf $iElev = $aRet[3] $aRet = DllCall("advapi32.dll", "bool", "GetTokenInformation", "handle", $hToken, "uint", 18, "uint*", 0, "dword", 4, _ "dword*", 0) ; TOKEN_ELEVATION_TYPE If @error Or Not $aRet[0] Then $iError = @error + 20 ExitLoop EndIf Until 1 DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hToken) If $iError Then Return SetError($iError, 0, False) Return SetExtended($aRet[3] - 1, $iElev) EndFunc ;==>_WinAPI_IsElevated_pid I know that I know nothing
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now