本篇文章属于《518抽奖软件开发日志》系列文章的一部分。 我在开发《518抽奖软件》(www.518cj.net)的时候,有时候需要判断,进程是否以管理员身份权限运行。网上找了一些代码,很多不能用或不全面,现整理代码如下。 - BOOL Tfuns::is_userAdmin()
- {
- return is_admin(FALSE);
- }
- BOOL Tfuns::is_runasAdmin()
- {
- return is_admin(TRUE);
- }
- static BOOL is_admin(BOOL CheckTokenForGroupDeny)
- {
- WCHAR *pGroup = NULL;
- HANDLE hToken = NULL;
- struct group
- {
- DWORD auth_id;
- WCHAR *name;
- };
- struct group groups[] =
- {
- { DOMAIN_ALIAS_RID_USERS, L"User" },
- { DOMAIN_ALIAS_RID_GUESTS, L"Guest" },
- { DOMAIN_ALIAS_RID_POWER_USERS, L"Power" },
- { DOMAIN_ALIAS_RID_ADMINS, L"Admin" }
- };
- if (GetVersion() & 0x80000000) return TRUE; //Not NT
- if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken) ||
- OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
- {
- SID_IDENTIFIER_AUTHORITY SystemSidAuthority = { SECURITY_NT_AUTHORITY };
- TOKEN_GROUPS* ptg = NULL;
- BOOL ValidTokenGroups = FALSE;
- DWORD cbTokenGroups;
- DWORD i, j;
- if (CheckTokenForGroupDeny)
- pCheckTokenMembership = (CHECKTOKENMEMBERSHIP)GetProcAddress(GetModuleHandle(L"ADVAPI32"), "CheckTokenMembership");
- if (!CheckTokenForGroupDeny || pCheckTokenMembership == NULL)
- {
- if (!GetTokenInformation(hToken, TokenGroups, NULL, 0, &cbTokenGroups) &&
- GetLastError() == ERROR_INSUFFICIENT_BUFFER)
- {
- if ((ptg = (TOKEN_GROUPS*)GlobalAlloc(GPTR, cbTokenGroups)) &&
- GetTokenInformation(hToken, TokenGroups, ptg, cbTokenGroups, &cbTokenGroups))
- {
- ValidTokenGroups = TRUE;
- }
- }
- }
- if (ValidTokenGroups || (CheckTokenForGroupDeny && pCheckTokenMembership))
- {
- PSID psid;
- for (i = 0; i < sizeof(groups) / sizeof(struct group); i++)
- {
- if (AllocateAndInitializeSid(&SystemSidAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID,
- groups[i].auth_id, 0, 0, 0, 0, 0, 0, &psid))
- {
- BOOL IsMember = FALSE;
- if (CheckTokenForGroupDeny && pCheckTokenMembership)
- pCheckTokenMembership(0, psid, &IsMember);
- else if (ValidTokenGroups)
- {
- for (j = 0; j < ptg->GroupCount; j++)
- {
- if (EqualSid(ptg->Groups[j].Sid, psid)) IsMember = TRUE;
- }
- }
- if (IsMember) pGroup = groups[i].name;
- FreeSid(psid);
- }
- }//for groups
- }
- if (ptg) GlobalFree(ptg);
- CloseHandle(hToken);
- if (pGroup && _wcsicmp(pGroup, L"Admin") == 0) return TRUE;
- else return FALSE;
- }
- return FALSE;
- }
复制代码
|