Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Use the GetTokenInformation API to retrieve the access token integrity level from the access token. GetTokenInformation has a parameter to indicate what access token information class to retrieve. The TOKEN_INFORMATION_CLASS parameter has a defined value for the integrity level, TokenIntegrityLevel. GetTokenInformation returns a TOKEN_MANDATORY_LABEL data structure.
To determine the integrity level of a process
Open a handle to the access token of the current process.
Get the integrity level of the access token.
Compare the integrity level SID to the system-defined integrity level RIDs.
The following code sample shows how to do this.
void ShowProcessIntegrityLevel()
{
HANDLE hToken;
HANDLE hProcess;
DWORD dwLengthNeeded;
DWORD dwError = ERROR_SUCCESS;
PTOKEN_MANDATORY_LABEL pTIL = NULL;
LPWSTR pStringSid;
DWORD dwIntegrityLevel;
hProcess = GetCurrentProcess();
if (OpenProcessToken(hProcess, TOKEN_QUERY, &hToken))
{
// Get the Integrity level.
if (!GetTokenInformation(hToken, TokenIntegrityLevel,
NULL, 0, &dwLengthNeeded))
{
dwError = GetLastError();
if (dwError == ERROR_INSUFFICIENT_BUFFER)
{
pTIL = (PTOKEN_MANDATORY_LABEL)LocalAlloc(0,
dwLengthNeeded);
if (pTIL != NULL)
{
if (GetTokenInformation(hToken, TokenIntegrityLevel,
pTIL, dwLengthNeeded, &dwLengthNeeded))
{
dwIntegrityLevel = *GetSidSubAuthority(pTIL->Label.Sid,
(DWORD)(UCHAR)(*GetSidSubAuthorityCount(pTIL->Label.Sid)-1));
if (dwIntegrityLevel == SECURITY_MANDATORY_LOW_RID)
{
// Low Integrity
wprintf(L"Low Process");
}
else if (dwIntegrityLevel >= SECURITY_MANDATORY_MEDIUM_RID &&
dwIntegrityLevel < SECURITY_MANDATORY_HIGH_RID)
{
// Medium Integrity
wprintf(L"Medium Process");
}
else if (dwIntegrityLevel >= SECURITY_MANDATORY_HIGH_RID &&
dwIntegrityLevel < SECURITY_MANDATORY_SYSTEM_RID)
{
// High Integrity
wprintf(L"High Integrity Process");
}
else if (dwIntegrityLevel >= SECURITY_MANDATORY_SYSTEM_RID)
{
// System Integrity
wprintf(L"System Integrity Process");
}
}
LocalFree(pTIL);
}
}
}
CloseHandle(hToken);
}
}