Class Elevation

Inheritance

System.Object

Elevation

Inherited Members

System.Object.Equals(System.Object)

System.Object.Equals(System.Object, System.Object)

System.Object.GetHashCode()

System.Object.GetType()

System.Object.MemberwiseClone()

System.Object.ReferenceEquals(System.Object, System.Object)

System.Object.ToString()

Namespace: AttackSurfaceAnalyzer.Utils

Assembly: AsaLib.dll

Syntax

public static class Elevation

Methods

| Improve this Doc View Source

GetProcessIntegrityLevel()

The function gets the integrity level of the current process. Integrity level is only available on Windows Vista and newer operating systems, thus GetProcessIntegrityLevel throws a C++ exception if it is called on systems prior to Windows Vista.

Declaration

public static int GetProcessIntegrityLevel()

Returns

Type	Description
System.Int32	Returns the integrity level of the current process. It is usually one of these values: SECURITY_MANDATORY_UNTRUSTED_RID - means untrusted level. It is used by processes started by the Anonymous group. Blocks most write access. (SID: S-1-16-0x0) SECURITY_MANDATORY_LOW_RID - means low integrity level. It is used by Protected Mode Internet Explorer. Blocks write acess to most objects (such as files and registry keys) on the system. (SID: S-1-16-0x1000) SECURITY_MANDATORY_MEDIUM_RID - means medium integrity level. It is used by normal applications being launched while UAC is enabled. (SID: S-1-16-0x2000) SECURITY_MANDATORY_HIGH_RID - means high integrity level. It is used by administrative applications launched through elevation when UAC is enabled, or normal applications if UAC is disabled and the user is an administrator. (SID: S-1-16-0x3000) SECURITY_MANDATORY_SYSTEM_RID - means system integrity level. It is used by services and other system-level applications (such as Wininit, Winlogon, Smss, etc.) (SID: S-1-16-0x4000)

Exceptions

Type	Condition
System.ComponentModel.Win32Exception	When any native Windows API call fails, the function throws a Win32Exception with the last error code.

| Improve this Doc View Source

IsAdministrator()

Declaration

public static bool IsAdministrator()

Returns

Type	Description
System.Boolean

| Improve this Doc View Source

IsRunAsAdmin()

The function checks whether the current process is run as administrator. In other words, it dictates whether the primary access token of the process belongs to user account that is a member of the local Administrators group and it is elevated.

Declaration

public static bool IsRunAsAdmin()

Returns

Type	Description
System.Boolean	Returns true if the primary access token of the process belongs to user account that is a member of the local Administrators group and it is elevated. Returns false if the token does not.

| Improve this Doc View Source

IsRunningAsRoot()

Declaration

public static bool IsRunningAsRoot()

Returns

Type	Description
System.Boolean

| Improve this Doc View Source

QueryElevation()

Declaration

public static bool QueryElevation()

Returns

Type	Description
System.Boolean