Citat:
(osim najociglednije metode da pokusas nesto upisati ili promijeniti na C disku... )
Pristupanje C disku nema veze sa admin pravima. Cak i obican 'User' mora imati
pravo da 'nesto' radi. Kad ne bi nista mogao - bio i (l)user :).
Probaj ovako:
Code:
#include <windows.h>
#include <stdio.h>
#define ACCESS_READ 1
#define ACCESS_WRITE 2
bool IsAdmin()
{
HANDLE hToken;
DWORD dwStatus;
DWORD dwAccessMask;
DWORD dwAccessDesired;
DWORD dwACLSize;
DWORD dwStructureSize = sizeof ( PRIVILEGE_SET );
PACL pACL = NULL;
PSID psidAdmin = NULL;
BOOL bReturn = FALSE;
PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;
PSECURITY_DESCRIPTOR psdAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
__try
{
// AccessCheck() requires an impersonation token.
ImpersonateSelf( SecurityImpersonation );
if ( !OpenThreadToken ( GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken ) )
{
if ( GetLastError() != ERROR_NO_TOKEN )
throw; // __leave;
// If the thread does not have an access token, we'll
// examine the access token associated with the process.
if ( !OpenProcessToken ( GetCurrentProcess(), TOKEN_QUERY, &hToken ) )
throw; // __leave;
}
if ( !AllocateAndInitializeSid ( &SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &psidAdmin ) )
throw; // __leave;
psdAdmin = LocalAlloc ( LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH );
if ( psdAdmin == NULL )
throw; // __leave;
if ( !InitializeSecurityDescriptor ( psdAdmin, SECURITY_DESCRIPTOR_REVISION ) )
throw; // __leave;
// Compute size needed for the ACL.
dwACLSize = sizeof ( ACL ) + sizeof ( ACCESS_ALLOWED_ACE ) +
GetLengthSid ( psidAdmin ) - sizeof ( DWORD );
// Allocate memory for ACL.
pACL = (PACL)LocalAlloc( LPTR, dwACLSize );
if (pACL == NULL)
throw; // __leave;
// Initialize the new ACL.
if ( !InitializeAcl( pACL, dwACLSize, ACL_REVISION2 ) )
throw; // __leave;
dwAccessMask = ACCESS_READ | ACCESS_WRITE;
// Add the access-allowed ACE to the DACL.
if ( !AddAccessAllowedAce ( pACL, ACL_REVISION2, dwAccessMask, psidAdmin ) )
throw; // __leave;
// Set our DACL to the SD.
if ( !SetSecurityDescriptorDacl( psdAdmin, TRUE, pACL, FALSE ) )
throw; // __leave;
// AccessCheck is sensitive about what is in the SD; set
// the group and owner.
SetSecurityDescriptorGroup( psdAdmin, psidAdmin, FALSE );
SetSecurityDescriptorOwner( psdAdmin, psidAdmin, FALSE );
if ( !IsValidSecurityDescriptor( psdAdmin ) )
throw; // __leave;
dwAccessDesired = ACCESS_READ;
//
// Initialize GenericMapping structure even though we
// won't be using generic rights.
//
GenericMapping.GenericRead = ACCESS_READ;
GenericMapping.GenericWrite = ACCESS_WRITE;
GenericMapping.GenericExecute = 0;
GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE;
if ( !AccessCheck( psdAdmin, hToken, dwAccessDesired,
&GenericMapping, &ps, &dwStructureSize, &dwStatus,
&bReturn ) )
{
//printf( "AccessCheck() failed with error %lu\n", GetLastError() );
throw; // __leave;
}
RevertToSelf();
}
__finally
{
// Cleanup
if ( pACL ) LocalFree( pACL );
if ( psdAdmin ) LocalFree ( psdAdmin );
if ( psidAdmin ) FreeSid ( psidAdmin );
}
return bReturn;
}
kako saznati da li je korisnik admin??
)
