如何检测我的进程是否正在运行 UAC 提升？

Question

我的 Vista 应用程序需要知道用户是以“管理员”身份（提升）还是以标准用户（非提升）启动它。如何在运行时检测到它？

Answer 1

这是一个检查（当前）进程是否被提升的 VB6 实现

Option Explicit

'--- for OpenProcessToken
Private Const TOKEN_QUERY                   As Long = &H8
Private Const TokenElevation                As Long = 20

Private Declare Function GetCurrentProcess Lib "kernel32" () As Long
Private Declare Function OpenProcessToken Lib "advapi32" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function GetTokenInformation Lib "advapi32" (ByVal TokenHandle As Long, ByVal TokenInformationClass As Long, TokenInformation As Any, ByVal TokenInformationLength As Long, ReturnLength As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long


Public Function IsElevated(Optional ByVal hProcess As Long) As Boolean
    Dim hToken          As Long
    Dim dwIsElevated    As Long
    Dim dwLength        As Long

    If hProcess = 0 Then
        hProcess = GetCurrentProcess()
    End If
    If OpenProcessToken(hProcess, TOKEN_QUERY, hToken) <> 0 Then
        If GetTokenInformation(hToken, TokenElevation, dwIsElevated, 4, dwLength) <> 0 Then
            IsElevated = (dwIsElevated <> 0)
        End If
        Call CloseHandle(hToken)
    End If
End Function

Answer 2

我不认为海拔类型是您想要的答案。您只想知道它是否升高。调用 GetTokenInformation 时使用 TokenElevation 而不是 TokenElevationType。如果结构返回正值，则用户是管理员。如果为零，则用户是正常海拔。

这是一个 Delphi 解决方案：

function TMyAppInfo.RunningAsAdmin: boolean;
var
  hToken, hProcess: THandle;
  pTokenInformation: pointer;
  ReturnLength: DWord;
  TokenInformation: TTokenElevation;
begin
  hProcess := GetCurrentProcess;
  try
    if OpenProcessToken(hProcess, TOKEN_QUERY, hToken) then try
      TokenInformation.TokenIsElevated := 0;
      pTokenInformation := @TokenInformation;
      GetTokenInformation(hToken, TokenElevation, pTokenInformation, sizeof(TokenInformation), ReturnLength);
      result := (TokenInformation.TokenIsElevated > 0);
    finally
      CloseHandle(hToken);
    end;
  except
   result := false;
  end;
end;

Answer 3

以下 C++ 函数可以做到这一点：

HRESULT GetElevationType( __out TOKEN_ELEVATION_TYPE * ptet );

/*
Parameters:

ptet
    [out] Pointer to a variable that receives the elevation type of the current process.

    The possible values are:

    TokenElevationTypeDefault - This value indicates that either UAC is disabled, 
        or the process is started by a standard user (not a member of the Administrators group).

    The following two values can be returned only if both the UAC is enabled
    and the user is a member of the Administrator's group:

    TokenElevationTypeFull - the process is running elevated. 

    TokenElevationTypeLimited - the process is not running elevated.

Return Values:

    If the function succeeds, the return value is S_OK. 
    If the function fails, the return value is E_FAIL. To get extended error information, call GetLastError().

Implementation:
*/

HRESULT GetElevationType( __out TOKEN_ELEVATION_TYPE * ptet )
{
    if ( !IsVista() )
        return E_FAIL;

    HRESULT hResult = E_FAIL; // assume an error occurred
    HANDLE hToken   = NULL;

    if ( !::OpenProcessToken( 
                ::GetCurrentProcess(), 
                TOKEN_QUERY, 
                &hToken ) )
    {
        return hResult;
    }

    DWORD dwReturnLength = 0;

    if ( ::GetTokenInformation(
                hToken,
                TokenElevationType,
                ptet,
                sizeof( *ptet ),
                &dwReturnLength ) )
    {
            ASSERT( dwReturnLength == sizeof( *ptet ) );
            hResult = S_OK;
    }

    ::CloseHandle( hToken );

    return hResult;
}

Answer 4

对于我们这些使用 C# 的人，在 Windows SDK 中有一个“UACDemo”应用程序作为“交叉技术示例”的一部分。他们使用这种方法查找当前用户是否是管理员：

private bool IsAdministrator
{
    get
    {
        WindowsIdentity wi = WindowsIdentity.GetCurrent();
        WindowsPrincipal wp = new WindowsPrincipal(wi);

        return wp.IsInRole(WindowsBuiltInRole.Administrator);
    }
}

（注意：我将原始代码重构为属性，而不是“if”语句）