Jump to content
nacerbaaziz

check if any process run as administrator

Recommended Posts

hello autoit team
is there any wey to check if any process run as admin or no?
i mean e.g if i want to restart any process, now i have the ability to get the process path and commands line
what i need is a wey to check if the process was runing as admin or no to restart it with the same state.
here is the part that am using it to restart the process

func _processRestart($i_pid, $s_ProcessPath)
if not (ProcessExists($i_ProcessPid)) then return SetError(1, 0, -1)
local $s_ProcessWorkDir = _WinAPI_GetProcessWorkingDirectory($i_ProcessPid)
ProcessClose($i_ProcessPid)
ProcessWaitClose($i_ProcessPid)
ProcessWait(ShellExecute($i_pid,"", $s_ProcessWorkDir))
ProcessesGetList()
return true
endFunc

thanks in advance

Share this post


Link to post
Share on other sites

Do you want to know whether the User running the process has Admin rights or do you want to know whether the process is running elevated (_WinAPI_IsElevated())?  

Jos


SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
Posted (edited)

@Jos

thanks for the speed on answer

am asking about the externel process, e.g check if notepad.exe is runing as admin

inedition to if the user is admin to ask it to enter the password if it isn't admin

thx in advence

Edited by nacerbaaziz

Share this post


Link to post
Share on other sites

So have you looked at and tested with the UDF  I pointed you to if that is what you want as your answer is still not conclusive?

Jos


SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

Your last post is a statement which doesn't make much sense to me, unless it was meant as some sort of question? 😕
So Yes, did you try the _WinAPI_IsElevated() UDF to see if that does what you want?

Jos


SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
Posted (edited)

@Jos
I'm sorry if I bothered you.
yes i read the UDF
_WinAPI_IsElevated ( )
is not have params to select the pid or name of process
so, what i need to is a function that give me if any process is runing as admin or not, e.g Notepad.exe or Chrome.exe ....eetc
i hope that i can find that.
thx

Edited by nacerbaaziz

Share this post


Link to post
Share on other sites

Indeed it is about the current process elevation level. 
I couldn't find an already made UDF so made a copy of the UDF and added the option for a PID. Just have a try with this _WinAPI_IsElevated_pid($iPID) version:

#RequireAdmin
#include <WinAPIProc.au3>

ConsoleWrite('Current process = ' & _WinAPI_IsElevated_pid() & '   >Error code: ' & @error & @CRLF) ;### Debug Console
; Display a list of Notepad processes returned by ProcessList.
Local $aProcessList = ProcessList()
For $i = 1 To $aProcessList[0][0]
    ConsoleWrite($aProcessList[$i][0] & ' = ' & _WinAPI_IsElevated_pid($aProcessList[$i][1]) & '   >Error code: ' & @error & @CRLF) ;### Debug Console
Next

; #FUNCTION# ====================================================================================================================
; Author.........: Yashied
; Modified.......: jpm. Jos
; ===============================================================================================================================
Func _WinAPI_IsElevated_pid($iPID=0)
    Local $aAdjust, $hToken, $iElev, $aRet, $iError = 0
    ; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes
    Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
    _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)

    If $iPID <> 0 then
        Local $hProcess = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'dword', (($__WINVER < 0x0600) ? 0x00000400 : 0x00001000), _
                'bool', 0, 'dword', $iPID)
        If @error Or Not $hProcess[0] Then Return SetError(@error + 20, @extended, 0)
        $hToken = _WinAPI_OpenProcessToken(0x0008, $hProcess[0])
    Else
        $hToken = _WinAPI_OpenProcessToken(0x0008)
    EndIf
    If Not $hToken Then Return SetError(@error + 10, @extended, False)

    Do
        $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 20, 'uint*', 0, 'dword', 4, _
                'dword*', 0) ; TOKEN_ELEVATION
        If @error Or Not $aRet[0] Then
            $iError = @error + 10
            ExitLoop
        EndIf
        $iElev = $aRet[3]
        $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 18, 'uint*', 0, 'dword', 4, _
                'dword*', 0) ; TOKEN_ELEVATION_TYPE
        If @error Or Not $aRet[0] Then
            $iError = @error + 20
            ExitLoop
        EndIf
    Until 1
    DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hToken)
    If $iError Then Return SetError($iError, 0, False)

    Return SetExtended($aRet[0] - 1, $iElev)
EndFunc   ;==>_WinAPI_IsElevated_pid

EDIT: Updated the code after some more testing. Obviously you need to run this elevated to get info from elevated processes. 

Jos


SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

@Jos

that exact what i need to

but it have a small problem the function always return 1

here is what i tried

#RequireAdmin
#include <WinAPIProc.au3>
$list = ProcessList("CMD.exe")
if not @Error then
for $i = 1 to $list[0][0]
if _WinAPI_IsElevated_pid($list[$i][1]) then
MSGBox(64, "", 1)
else
MSGBox(64, "", 0)
endIf
next
endIf



; #FUNCTION# ====================================================================================================================
; Author.........: Yashied
; Modified.......: jpm. Jos
; ===============================================================================================================================
Func _WinAPI_IsElevated_pid($iPID)
    Local $iElev, $aRet, $iError = 0

    Local $hProcess = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'dword', (($__WINVER < 0x0600) ? 0x00000400 : 0x00001000), _
            'bool', 0, 'dword', $iPID)
    If @error Or Not $hProcess[0] Then Return SetError(@error + 20, @extended, 0)

    Local $hToken = _WinAPI_OpenProcessToken(0x0008, $hProcess)
    If Not $hToken Then Return SetError(@error + 10, @extended, False)

    Do
        $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 20, 'uint*', 0, 'dword', 4, _
                'dword*', 0) ; TOKEN_ELEVATION
        If @error Or Not $aRet[0] Then
            $iError = @error + 10
            ExitLoop
        EndIf
        $iElev = $aRet[3]
        $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 18, 'uint*', 0, 'dword', 4, _
                'dword*', 0) ; TOKEN_ELEVATION_TYPE
        If @error Or Not $aRet[0] Then
            $iError = @error + 20
            ExitLoop
        EndIf
    Until 1
    DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hToken)
    If $iError Then Return SetError($iError, 0, False)

    Return SetExtended($aRet[0] - 1, $iElev)
EndFunc   ;==>_WinAPI_IsElevated_pid

 

i hope you can help me

Share this post


Link to post
Share on other sites
Posted (edited)
8 minutes ago, nacerbaaziz said:

but it have a small problem the function always return 1

Have you tried my last example?   that should show also many non elevated processes (0). 

EDIT: Also started a cmd.exe and ran my script which returned 

cmd.exe = 0   >Error code: 0

So all looks correct to me. :) 

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

@Jos
thank you very much
the last example is working successFully
Merci beaucoup

#RequireAdmin
#include <WinAPIProc.au3>
$list = ProcessList("CMD.exe")
if not @Error then
for $i = 1 to $list[0][0]
if _WinAPI_IsElevated_pid($list[$i][1]) then
MSGBox(64, "", 1)
else
MSGBox(64, "", 0)
endIf
next
endIf



; #FUNCTION# ====================================================================================================================
; Author.........: Yashied
; Modified.......: jpm. Jos
; ===============================================================================================================================
Func _WinAPI_IsElevated_pid($iPID=0)
    Local $aAdjust, $hToken, $iElev, $aRet, $iError = 0
    ; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes
    Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
    _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)

    If $iPID <> 0 then
        Local $hProcess = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'dword', (($__WINVER < 0x0600) ? 0x00000400 : 0x00001000), _
                'bool', 0, 'dword', $iPID)
        If @error Or Not $hProcess[0] Then Return SetError(@error + 20, @extended, 0)
        $hToken = _WinAPI_OpenProcessToken(0x0008, $hProcess[0])
    Else
        $hToken = _WinAPI_OpenProcessToken(0x0008)
    EndIf
    If Not $hToken Then Return SetError(@error + 10, @extended, False)

    Do
        $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 20, 'uint*', 0, 'dword', 4, _
                'dword*', 0) ; TOKEN_ELEVATION
        If @error Or Not $aRet[0] Then
            $iError = @error + 10
            ExitLoop
        EndIf
        $iElev = $aRet[3]
        $aRet = DllCall('advapi32.dll', 'bool', 'GetTokenInformation', 'handle', $hToken, 'uint', 18, 'uint*', 0, 'dword', 4, _
                'dword*', 0) ; TOKEN_ELEVATION_TYPE
        If @error Or Not $aRet[0] Then
            $iError = @error + 20
            ExitLoop
        EndIf
    Until 1
    DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hToken)
    If $iError Then Return SetError($iError, 0, False)

    Return SetExtended($aRet[0] - 1, $iElev)
EndFunc   ;==>_WinAPI_IsElevated_pid

 

Share this post


Link to post
Share on other sites

@nacerbaaziz....  great :) 

 

@jpm,

Would it be an idea to update the current _WinAPI_IsElevated() with the above version as it is compatible with the option to supply the process PID?

Jos 


SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

@Jos it would be useful only if run in admin mode some doc have to be updated

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By DesireDenied
      Hey guys,
      I having some hard times getting false-positive, probably because I am trying to execute my AutoUpdater.
      Here is my code:
       
      Global $iUpdateTimer = 0 While 1 checkUpdates(10) WEnd Func checkUpdates($iDelay = 10) $iDelay = $iDelay * 1000 * 60 If TimerDiff($iUpdateTimer) > $iDelay Then ConsoleWrite('checking for updates...' & @CRLF) $iUpdateTimer = TimerInit() If FileExists('AutoUpdater.exe') Then ShellExecuteWait('AutoUpdater.exe') ; this is the line which cause my problem EndIf EndFunc And AutoUpdater code:
      #include <MsgBoxConstants.au3> #include <FileConstants.au3> Global $sExecName = 'test.exe' Global $sUpdatePath = @UserProfileDir &'\desktop\AnyAppName\update\'& $sExecName Global $sUserPath = @UserProfileDir &'\desktop\AnyAppName\'& $sExecName Global $sCopyright = 'someUniqueStringHere' If Not FileExists($sUpdatePath) Then Exit 0 If FileGetVersion($sUpdatePath, $FV_LEGALCOPYRIGHT) <> $sCopyright Then Exit 0 ; checking if we really want to update and execute the file If FileGetVersion($sUpdatePath) > FileGetVersion($sUserPath) Then $iResponse = MsgBox(BitOR($MB_YESNO, $MB_ICONQUESTION),'AnyAppName', 'There is an update available, would you like to update?') If $iResponse == $IDYES Then If ProcessExists($sExecName) Then ProcessClose($sExecName) Sleep(500) EndIf FileCopy($sUpdatePath, $sUserPath, $FC_OVERWRITE) Sleep(3000) ShellExecute($sUserPath) Exit 1 EndIf EndIf Exit 0 I am not trying to ask, why is my code is getting recognized as false-positive, because this is quite obvious, but is there any other way to get things done without running external process?
       

    • By WoodGrain
      Hi All,
      Trying to open windows explorer to a WebDav location and it's not working quite how I want, on the computers it is setup as a "network location" (as opposed to a "mapped drive", and this unfortunately can't be changed), the "Data" WebDav folder sits directly under "This PC" if that's an easier way to get to it. any suggestions as to what I can correct to get the 2nd example to work?
      ; This works, but I'm trying to avoid this as users normally see the URL style in the 2nd example below $folderToOpen = "\\mycompany.sharepoint.com@SSL\DavWWWRoot\Data" Run("Explorer.exe " & $folderToOpen) ; This does not work, it tries to open the WebDav url in the default web browser $folderToOpen = "https://mycompany.sharepoint.com/Data" Run("Explorer.exe " & $folderToOpen) ShellExecute also opens it in the default browser.
      Saw _WinAPI_ShellOpenFolderAndSelectItems but couldn't get the 2nd example to work.
      If I manually open Windows Explorer and paste in https://mycompany.sharepoint.com/Data it loads the WebDav directory without issue.
      If I have to use the pathing from the first example it is fine, just trying to give users a familiar experience.
      Thanks!
    • By Psyllex
      I'm trying to install some setup stuff on Win10. 
       
      One part of the script requires just regular user privileges but the other requires admin privileges.  When I run it from the Autoit Editor it works like a champ.  When I build it, Windows slaps the admin stamp on it and then when I attempt to run the part that only requires regular users....it gets all hosed up. 
      Is there a way to remove #RequireAdmin? 

      I've tried RunAs(username, "", myPassword, "", "cmd.exe", "") but that never seems to work.
      Can someone help me out?
    • By Miliardsto
      I want to detect if exact process or window uses directx or opengl or maybe something else library used in applications.
      Thats becouse there could be many windows with same names and different names and the same with process. I got so much process names I want to my script works with all, so i want standardize.
      All of this processes uses DirectX or OpenGL so then If I check this window/process uses these libraries I will be sure thats the right process
    • By TryWare90Days
      I'm trying to kill a malware process, that I can't remove with my www.sophus.com/hom antivirus.

      The malware is known as coinminer,config and my Sophus only creates popups of blocking the malware.

      I know that the malware is constantly launching a svchost *32.exe processes, where the svchost.exe processes are from my Windows 7 operating system.
      I have with no luck tried to do this:
      Global $_bStatus = False
      While $_bStatus = False
                 Global $_iPid
                 Global $_sActiveTitleNew = "svchost *32.exe"
                 $_iPid = WinGetProcess($_sActiveTitleNew)
                 If $_iPid <> -1 Then $_bStatus = ProcessClose($_iPid)   
      Wend
      EXIT
       
      But the $_iPid doesn't ever show anything else than  -1, even if I can see the svchost *32.exe process in my TaskManager
       
      YES - I know I shouldn't EXIT after killing the first malware detection, but it is easier to explain the above for you, so I can get a solution.
×
×
  • Create New...