; Function: Demo the way to determine if you have administrator privileges
; Author: Purple Endurer
; Dev: Win XP SP2 + MASM32 v8
;
; log
; ---------
; 2006-12-06 Passed!
; 2006-12-05 Created!
.486
.model flat, stdcall
option casemap: none ;case sensitive
include /masm32/ include/windows.inc
include /masm32/ include/kernel32.inc
includelib /masm32/ lib/kernel32.lib
include /masm32/ include/user32.inc
includelib /masm32/ lib/user32.lib
include /masm32/ include/advapi32.inc
includelib /masm32/ lib/advapi32.lib
IsAdmin PROTO
d_UseGlobeVar equ 0
.data
g_szAppName db "IsAdmin", 0
g_szHaveAdminPriv db "You have Admin privileges!", 0
g_szNoAdminPriv db "You don't have Admin privileges!", 0
if d_UseGlobeVar eq 1
g_stSiaNtAuthority SID_IDENTIFIER_AUTHORITY <SECURITY_NT_AUTHORITY>
endif
.code
Start:
invoke IsAdmin
.if eax == TRUE
mov eax, offset g_szHaveAdminPriv
.else
mov eax, offset g_szNoAdminPriv
.endif
invoke MessageBox, NULL, eax, offset g_szAppName, MB_OK
invoke ExitProcess, 0
IsAdmin proc
local hCurrentThread, hAccessToken, hCurrentProcess: HANDLE
local dwInfoBufferSize, pInfoBuffer, dwSuccess, psidAdministrators: dword
if d_UseGlobeVar eq 0
local stSiaNtAuthority: SID_IDENTIFIER_AUTHORITY
endif
invoke GetCurrentThread
mov hCurrentThread, eax
invoke OpenThreadToken, hCurrentThread, TOKEN_QUERY, TRUE, ADDR hAccessToken
.if eax == 0
invoke GetLastError
cmp eax, ERROR_NO_TOKEN
je @F
mov eax, FALSE
jmp @IsAdminRet
@@:
invoke GetCurrentProcess
mov hCurrentProcess, eax
invoke OpenProcessToken, hCurrentProcess, TOKEN_QUERY, ADDR hAccessToken
or eax, eax
jnz @F
mov eax, FALSE
jmp @IsAdminRet
.endif
@@:
invoke GetTokenInformation, hAccessToken, TokenGroups, NULL, NULL, ADDR dwInfoBufferSize
.if dwInfoBufferSize > 0
invoke GlobalAlloc, GMEM_FIXED, dwInfoBufferSize
mov pInfoBuffer, eax
invoke GetTokenInformation, hAccessToken, TokenGroups, pInfoBuffer, dwInfoBufferSize, ADDR dwInfoBufferSize
.endif
mov dwSuccess, eax
invoke CloseHandle, hAccessToken
cmp dwSuccess, 0
jne @F
mov eax, FALSE
jmp @IsAdminRet
@@:
if d_UseGlobeVar eq 1
invoke AllocateAndInitializeSid, offset g_stSiaNtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, ADDR psidAdministrators
else
invoke RtlZeroMemory, addr stSiaNtAuthority, sizeof stSiaNtAuthority
mov byte ptr [stSiaNtAuthority+5], 5 ;SECURITY_NT_AUTHORITY equ {0,0,0,0,0,5}
invoke AllocateAndInitializeSid, addr stSiaNtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, ADDR psidAdministrators
endif
or eax, eax
jnz @F
mov eax, FALSE
jmp @IsAdminRet
@@:
mov dwSuccess, FALSE
mov ebx, pInfoBuffer
mov ecx, TOKEN_GROUPS.GroupCount[ ebx]
xor esi, esi
.while esi < ecx
push esi
push ecx
mov ecx, TOKEN_GROUPS.Groups.Sid[ ebx]
mov eax, sizeof TOKEN_GROUPS.Groups
xor edx, edx
mul esi ;eax * esi -> eax
add ecx, eax
invoke EqualSid, psidAdministrators, ecx
pop ecx
pop esi
.if eax != 0
mov dwSuccess, TRUE
.break
.endif
inc esi
.endw
invoke FreeSid, psidAdministrators
invoke GlobalFree, pInfoBuffer
mov eax, dwSuccess
@IsAdminRet:
ret
IsAdmin endp
end