- Good call re. 0x400 v. 0x1000, qwerty12, cheers. My non-admin script now correctly returns 1, when it queries RegEdit, instead of -1, meaning error.
- This is the function I have been using in the past, with the exception that I have just changed 0x400 (PROCESS_QUERY_INFORMATION) to 0x1000 (PROCESS_QUERY_LIMITED_INFORMATION).
- I would welcome any suggestions, there may be other improvements possible.
Code: Select all
q:: ;is process admin
WinGet, vPID, PID, ahk_class RegEdit_RegEdit
MsgBox, % JEE_ProcessIsElevated(vPID)
WinGet, vPID, PID, ahk_class Notepad
MsgBox, % JEE_ProcessIsElevated(vPID)
return
;1/0/-1: elevated/not elevated/error (probably elevated)
;JEE_ProcessIsAdmin
JEE_ProcessIsElevated(vPID)
{
;PROCESS_QUERY_LIMITED_INFORMATION := 0x1000
if !(hProc := DllCall("kernel32\OpenProcess", "UInt",0x1000, "Int",0, "UInt",vPID, "Ptr"))
return -1
;TOKEN_QUERY := 0x8
hToken := 0
if !(DllCall("advapi32\OpenProcessToken", "Ptr",hProc, "UInt",0x8, "Ptr*",hToken))
{
DllCall("kernel32\CloseHandle", "Ptr",hProc)
return -1
}
;TokenElevation := 20
vIsElevated := vSize := 0
vRet := (DllCall("advapi32\GetTokenInformation", "Ptr",hToken, "Int",20, "UInt*",vIsElevated, "UInt",4, "UInt*",vSize))
DllCall("kernel32\CloseHandle", "Ptr",hToken)
DllCall("kernel32\CloseHandle", "Ptr",hProc)
return vRet ? vIsElevated : -1
}
[EDIT: hToken/vIsElevated/vSize defined in advance, to prevent #Warn notifications. And DllCall parameter types now use double quotes (to be more forwards compatible).]