The main code is as follows:
Bool isadmin ()
{
Handle htokeen;
DWORD DWSTATUS;
DWORD DWACCESSMASK;
DWORD DWACCESSIRED;
DWORD DWACLSIZE;
DWORD DWSTRUCTURESIZE = SIZEOF (Privilege_set);
PACL PACL = NULL;
PSID psidadmin = null;
Bool Breturn = FALSE;
PRIVILEGE_SET PS;
Generic_mapping genericmapping;
Psecurity_descriptor psdadmin = null;
SID_IDENTIFIER_AUTHORITY SystemsidAuthority = security_nt_authority;
__Try {
// AccessCheck () Requires an Impersonation Token.
ImpersonateSelf (Securityimpersonation);
If (! OpenThreadToken (GetCurrentThread (), Token_Query, False,
& htokeen) {
IF (getLastError ()! = error_no_token)
__leave;
// if the thread does not has an access token, we'll
// Examine the access token associated with the process.
If (! openprocess ", token_query,
& htokeen))
__leave;
}
IF (! AllocateandInitializesid (& SystemsidAuthority, 2,
Security_builtin_domain_rid, domain_alias_rid_admins,
0, 0, 0, 0, 0, 0, & psidadmin))
__leave;
Psdadmin = LOCALLOC (LPTR, Security_DEScriptor_min_length);
IF (psdadmin == null)
__leave;
IF (! InitializeSecurityDescriptor (psdadmin,
Security_Descriptor_revision))))))))
__leave;
// compute size needed for the ACL.
DWACLSIZE = SIZEOF (ACL) SIZEOF (Access_Allowed_Ace)
GetLengthsid (psidadmin) - SIZEOF (DWORD);
// Allocate Memory for ACL.
PACL = (PACL) Localalloc (LPTR, DWACLSIZE);
IF (PACL == NULL)
__leave;
// Initialize the New ACL.
IF (! Initialize))
__leave;
DWACCESSMASK = Access_Read | Access_Write;
// Add the access-allowed ace to the dacl.
IF (! addaccessallowedace (PACL, ACL_REVISISION2, DWACCESSMASK, PSIDADMIN)
__leave;
// setur dacl to the sd.
IF (! SetSecurityDescriptOracl (Psdadmin, True, PACL, FALSE)
__leave;
// AccessCheck is Sensitive About what is in the sd; set
// The group and ooner.
SetSecurityDescriptorgroup (Psdadmin, Psidadmin, False);
SetSecurityDescriptorowner (Psdadmin, Psidadmin, False);
IF (! isvalidsecurityDescriptor (psdadmin))
__leave;
DWACCESSDESIRED = Access_Read;
//
// Initialize GenericMapping Structure Even Though WE
// Won't be using generic rights.
//
GenericMapping.GenericRead = Access_read;
GenericMapping.GenericWrite = Access_write
GenericMapping.Genericexecute = 0;
Genericmapping.GEnericAll = Access_read | Access_Write;
IF (! accesscheck (psdadmin, htokeen, dwaccessdesired,
& Genermapping, & ps, & dwstructure, & dwstatus,
& breturn)) {
Printf ("AccessCheck () failed with error% lu / n", getLastError ());
__leave;
}
REVERTTOSELF ();
} __finally {
// cleanup
IF (PACL) Localfree (PACL);
IF (psdadmin) localfree (psdadmin);
IF (psidadmin) FreesId (psidadmin);
}
Return Breturn;
}
Test environment: Win2K Adv VC6.0 VSP5.0
