This function will determine whether or not a thread is running in the user context of the local Administrator account. You need to examine the access token associated with that thread using the GetTokenInformation() API, since this access token represents the user under which the thread is running. By default the token associated with a thread is that of its containing process, but this user context will be superceded by any token attached directly to the thread. So to determine a thread’s user context, first attempt to obtain any token attached directly to the thread with OpenThreadToken(). If this fails, and it reports an ERROR_NO_TOKEN, then obtain the token of the thread’s containing process with OpenProcessToken().
Option ExplicitOption Base 0 ' Important assumption for this code 'Fixed at this size for comfort. Could be bigger or made dynamic.Private Const ANYSIZE_ARRAY As Long = 100 ' Security APIsPrivate Const TokenUser = 1Private Const TokenGroups = 2Private Const TokenPrivileges = 3Private Const TokenOwner = 4Private Const TokenPrimaryGroup = 5Private Const TokenDefaultDacl = 6Private Const TokenSource = 7Private Const TokenType = 8Private Const TokenImpersonationLevel = 9Private Const TokenStatistics = 10 ' Token Specific Access RightsPrivate Const TOKEN_ASSIGN_PRIMARY = &H1Private Const TOKEN_DUPLICATE = &H2Private Const TOKEN_IMPERSONATE = &H4Private Const TOKEN_QUERY = &H8Private Const TOKEN_QUERY_SOURCE = &H10Private Const TOKEN_ADJUST_PRIVILEGES = &H20Private Const TOKEN_ADJUST_GROUPS = &H40Private Const TOKEN_ADJUST_DEFAULT = &H80 ' NT well-known SIDsPrivate Const SECURITY_DIALUP_RID = &H1Private Const SECURITY_NETWORK_RID = &H2Private Const SECURITY_BATCH_RID = &H3Private Const SECURITY_INTERACTIVE_RID = &H4Private Const SECURITY_SERVICE_RID = &H6Private Const SECURITY_ANONYMOUS_LOGON_RID = &H7Private Const SECURITY_LOGON_IDS_RID = &H5Private Const SECURITY_LOCAL_SYSTEM_RID = &H12Private Const SECURITY_NT_NON_UNIQUE = &H15Private Const SECURITY_BUILTIN_DOMAIN_RID = &H20 ' Well-known domain relative sub-authority values (RIDs)Private Const DOMAIN_ALIAS_RID_ADMINS = &H220Private Const DOMAIN_ALIAS_RID_USERS = &H221Private Const DOMAIN_ALIAS_RID_GUESTS = &H222Private Const DOMAIN_ALIAS_RID_POWER_USERS = &H223Private Const DOMAIN_ALIAS_RID_ACCOUNT_OPS = &H224Private Const DOMAIN_ALIAS_RID_SYSTEM_OPS = &H225Private Const DOMAIN_ALIAS_RID_PRINT_OPS = &H226Private Const DOMAIN_ALIAS_RID_BACKUP_OPS = &H227Private Const DOMAIN_ALIAS_RID_REPLICATOR = &H228Private Const SECURITY_NT_AUTHORITY = &H5Private Type SID_AND_ATTRIBUTES Sid As Long Attributes As LongEnd TypePrivate Type TOKEN_GROUPS GroupCount As Long Groups(ANYSIZE_ARRAY) As SID_AND_ATTRIBUTESEnd TypePrivate Type SID_IDENTIFIER_AUTHORITY Value(0 To 5) As ByteEnd TypePrivate Declare Function GetCurrentProcess Lib "Kernel32" () As LongPrivate Declare Function GetCurrentThread Lib "Kernel32" () As LongPrivate Declare Function OpenProcessToken Lib "Advapi32" (ByVal ProcessHandle _ As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As LongPrivate Declare Function OpenThreadToken Lib "Advapi32" (ByVal ThreadHandle As _ Long, ByVal DesiredAccess As Long, ByVal OpenAsSelf As Long, _ TokenHandle As Long) As LongPrivate Declare Function GetTokenInformation Lib "Advapi32" (ByVal TokenHandle _ As Long, TokenInformationClass As Integer, TokenInformation As Any, _ ByVal TokenInformationLength As Long, ReturnLength As Long) As LongPrivate Declare Function AllocateAndInitializeSid Lib "Advapi32" _ (pIdentifierAuthority As SID_IDENTIFIER_AUTHORITY, ByVal nSubAuthorityCount _ As Byte, ByVal nSubAuthority0 As Long, ByVal nSubAuthority1 As Long, _ ByVal nSubAuthority2 As Long, ByVal nSubAuthority3 As Long, _ ByVal nSubAuthority4 As Long, ByVal nSubAuthority5 As Long, _ ByVal nSubAuthority6 As Long, ByVal nSubAuthority7 As Long, _ lpPSid As Long) As LongPrivate Declare Function RtlMoveMemory Lib "Kernel32" (Dest As Any, _ Source As Any, ByVal lSize As Long) As LongPrivate Declare Function IsValidSid Lib "Advapi32" (ByVal pSid As Long) As LongPrivate Declare Function EqualSid Lib "Advapi32" (pSid1 As Any, _ pSid2 As Any) As LongPrivate Declare Sub FreeSid Lib "Advapi32" (pSid As Any)Private Declare Function CloseHandle Lib "Kernel32" (ByVal hObject As Long) As _ Long' Returns True if the thread is running in the' user context of the local Administrator account' Example:' MsgBox "Current user is the Administrator: " & IsAdminPublic Function IsAdmin() As Boolean Dim hProcessToken As Long Dim BufferSize As Long Dim psidAdmin As Long Dim lResult As Long Dim X As Integer Dim tpTokens As TOKEN_GROUPS Dim tpSidAuth As SID_IDENTIFIER_AUTHORITY Dim llRetVal As Long Dim InfoBuffer() As Long Dim sids() As SID_AND_ATTRIBUTES Dim llCount As Long Dim llIdx As Long Dim llMax As Long IsAdmin = False tpSidAuth.Value(5) = SECURITY_NT_AUTHORITY ' Obtain current process token If Not OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, True, _ hProcessToken) Then Call OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, hProcessToken) End If If hProcessToken Then ' Deternine the buffer size required llRetVal = GetTokenInformation(hProcessToken, ByVal TokenGroups, 0, 0, _ BufferSize) ' Determine required buffer size If BufferSize Then ReDim InfoBuffer((BufferSize 4) - 1) As Long ReDim sids(0 To tpTokens.GroupCount) As SID_AND_ATTRIBUTES ' Retrieve your token information lResult = GetTokenInformation(hProcessToken, ByVal TokenGroups, _ InfoBuffer(0), BufferSize, BufferSize) If lResult <> 1 Then Exit Function ' Move it from memory into the token structure Call RtlMoveMemory(tpTokens, InfoBuffer(0), LenB(tpTokens)) ' Retreive the admins sid pointer lResult = AllocateAndInitializeSid(tpSidAuth, 2, _ SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, _ 0, 0, 0, psidAdmin) If lResult <> 1 Then Exit Function If IsValidSid(psidAdmin) Then For X = 0 To tpTokens.GroupCount ' Run through your token sid pointers If IsValidSid(tpTokens.Groups(X).Sid) Then ' Test for a match between the admin sid equalling ' your Sid 's If EqualSid(ByVal tpTokens.Groups(X).Sid, _ ByVal psidAdmin) Then IsAdmin = True Exit For End If End If Next End If If psidAdmin Then Call FreeSid(psidAdmin) End If Call CloseHandle(hProcessToken) End IfEnd Function
##################################
Developed for you by Elvio Serrao ([email protected])
##################################