@msdn=http://search.microsoft.com/search/results.aspx?qu=$$$ @pinvoke=http://pinvoke.net/$$$.htm Summary: SECURITY MANDATORY constants to identify Integrity Level !!!!C# Constants: const int SECURITY_MANDATORY_UNTRUSTED_RID = (0x00000000); const int SECURITY_MANDATORY_LOW_RID = (0x00001000); const int SECURITY_MANDATORY_MEDIUM_RID = (0x00002000); const int SECURITY_MANDATORY_HIGH_RID = (0x00003000); const int SECURITY_MANDATORY_SYSTEM_RID = (0x00004000); const int SECURITY_MANDATORY_PROTECTED_PROCESS_RID = (0x00005000); !!!!VB Constants: TODO !!!!Sample Code (C#): How to use: try { UtIL.IntegrityLevel level = UtIL.GetIntegrityLevel(); } catch (NotSupportedException) { // 2003 svr, XP, 2000, etc ... } Integrity Level is: public enum IntegrityLevel { Low, Medium, High, System, None, } Code: using System; using System.Runtime.InteropServices; using System.Diagnostics; using System.ComponentModel; namespace ConsoleApplication1 { public class UtIL { [DllImport("advapi32.dll", SetLastError = true)] static extern IntPtr GetSidSubAuthority(IntPtr sid, UInt32 subAuthorityIndex); [DllImport("advapi32.dll", SetLastError = true)] static extern IntPtr GetSidSubAuthorityCount(IntPtr sid); // winnt.h, Windows SDK v6.1 const int SECURITY_MANDATORY_UNTRUSTED_RID = (0x00000000); const int SECURITY_MANDATORY_LOW_RID = (0x00001000); const int SECURITY_MANDATORY_MEDIUM_RID = (0x00002000); const int SECURITY_MANDATORY_HIGH_RID = (0x00003000); const int SECURITY_MANDATORY_SYSTEM_RID = (0x00004000); const int SECURITY_MANDATORY_PROTECTED_PROCESS_RID = (0x00005000); [DllImport("advapi32.dll", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] static extern bool OpenProcessToken( IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle ); const UInt32 TOKEN_QUERY = 0x0008; [DllImport("advapi32.dll", SetLastError = true)] static extern bool GetTokenInformation( IntPtr TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, IntPtr TokenInformation, uint TokenInformationLength, out uint ReturnLength ); enum TOKEN_INFORMATION_CLASS { TokenUser = 1, TokenGroups, TokenPrivileges, TokenOwner, TokenPrimaryGroup, TokenDefaultDacl, TokenSource, TokenType, TokenImpersonationLevel, TokenStatistics, TokenRestrictedSids, TokenSessionId, TokenGroupsAndPrivileges, TokenSessionReference, TokenSandBoxInert, TokenAuditPolicy, TokenOrigin, TokenElevationType, TokenLinkedToken, TokenElevation, TokenHasRestrictions, TokenAccessInformation, TokenVirtualizationAllowed, TokenVirtualizationEnabled, /// <summary> /// The buffer receives a TOKEN_MANDATORY_LABEL structure that specifies the token's integrity level. /// </summary> TokenIntegrityLevel, TokenUIAccess, TokenMandatoryPolicy, TokenLogonSid, MaxTokenInfoClass } // http://d.hatena.ne.jp/espresso3389/20100413/1271152244 // http://msdn.microsoft.com/en-us/library/bb625966.aspx const int ERROR_INVALID_PARAMETER = 87; [DllImport("kernel32.dll", SetLastError = true)] static extern bool CloseHandle(IntPtr hHandle); public enum IntegrityLevel { Low, Medium, High, System, None, } public static IntegrityLevel GetIntegrityLevel() { IntPtr pId = (Process.GetCurrentProcess().Handle); IntPtr hToken = IntPtr.Zero; if (OpenProcessToken(pId, TOKEN_QUERY, out hToken)) { try { IntPtr pb = Marshal.AllocCoTaskMem(1000); try { uint cb = 1000; if (GetTokenInformation(hToken, TOKEN_INFORMATION_CLASS.TokenIntegrityLevel, pb, cb, out cb)) { IntPtr pSid = Marshal.ReadIntPtr(pb); int dwIntegrityLevel = Marshal.ReadInt32(GetSidSubAuthority(pSid, (Marshal.ReadByte(GetSidSubAuthorityCount(pSid)) - 1U))); if (dwIntegrityLevel == SECURITY_MANDATORY_LOW_RID) { return IntegrityLevel.Low; } else if (dwIntegrityLevel >= SECURITY_MANDATORY_MEDIUM_RID && dwIntegrityLevel < SECURITY_MANDATORY_HIGH_RID) { // Medium Integrity return IntegrityLevel.Medium; } else if (dwIntegrityLevel >= SECURITY_MANDATORY_HIGH_RID) { // High Integrity return IntegrityLevel.High; } else if (dwIntegrityLevel >= SECURITY_MANDATORY_SYSTEM_RID) { // System Integrity return IntegrityLevel.System; } return IntegrityLevel.None; } else { int errno = Marshal.GetLastWin32Error(); if (errno == ERROR_INVALID_PARAMETER) { throw new NotSupportedException(); } throw new Win32Exception(errno); } } finally { Marshal.FreeCoTaskMem(pb); } } finally { CloseHandle(hToken); } } { int errno = Marshal.GetLastWin32Error(); throw new Win32Exception(errno); } } static void Main(string[] args) { try { // Output candidates: // Not supported! // Medium // High Console.WriteLine(UtIL.GetIntegrityLevel()); } catch (Exception) { Console.WriteLine("Not supported!"); } } } } !!!!Notes: It is useful to implement ShowProcessIntegrityLevel method coded in following page. Appendix D: Getting the Integrity Level for an Access Token http://msdn.microsoft.com/en-us/library/bb625966.aspx
Edit Constants.SECURIT...
You do not have permission to change this page. If you feel this is in error, please send feedback with the contact link on the main page.