Integrity levels capture the sense of “running as a regular Win32 process”, “running elevated”, “running in a sandbox process”, that sort of thing. They describe what degree of security enforcement is applied to the process and how protected the process is from other processes.<\/p>\n
You can inspect a process’s integrity level by calling To get the integrity level, we obtain the The integrity level is encoded in the SID as the relative identifier (the final subauthority). So we ask how many subauthorities there are and ask for the last one.<\/p>\n All that’s left is mapping that integer to a semantic range.<\/p>\n Alternatively, we can check from low to high, but the tests look weird because we’re testing the upper boundary of the range, which is named after the next<\/i> range.<\/p>\n Note the importance of using range checks rather than direct equality checks. That way, you will successfully handle new integrity levels that are created inside an existing range, such as Get\u00adToken\u00adInformation<\/code> and asking for Token\u00adIntegrity\u00adLevel<\/code>. For this trick, I’m going to use the magic Get\u00adCurrent\u00adProcess\u00adToken()<\/code> function to save me the trouble of hunting down the process token (and then closing it when done). And I’ll use the wil::Get\u00adToken\u00adInformation<\/code> twice, once to get the buffer size, and again to fill it.<\/p>\n#include <wil\/token_helpers.h>\r\n\r\nDWORD GetCurrentProcessIntegrityLevel()\r\n{\r\n auto info = wil::get_token_information<TokenIntegrityLevel>(\r\n GetCurrentProcessToken());\r\n auto sid = info->Label.Sid;\r\n return *GetSidSubAuthority(sid, \r\n *GetSidSubAuthorityCount(sid)-1);\r\n}\r\n<\/pre>\nToken\u00adIntegrity\u00adLevel<\/code> information, which takes the form of a TOKEN_Label<\/code>, and in the Label<\/code> is a Sid<\/code>. That’s where the integrity level is.<\/p>\nauto integrityLevel = GetCurrentProcessIntegrityLevel();\r\nif (integrityLevel >= SECURITY_MANDATORY_SYSTEM_RID) {\r\n print(\"System integrity\");\r\n} else if (integrityLevel >= SECURITY_MANDATORY_HIGH_RID) {\r\n print(\"High integrity\");\r\n} else if (integrityLevel >= SECURITY_MANDATORY_MEDIUM_RID) {\r\n print(\"Medium integrity\");\r\n} else if (integrityLevel >= SECURITY_MANDATORY_LOW_RID) {\r\n print(\"Low integrity\");\r\n} else {\r\n print(\"Below low integrity?\");\r\n}\r\n<\/pre>\nauto integrityLevel = GetCurrentProcessIntegrityLevel();\r\nif (integrityLevel < SECURITY_MANDATORY_LOW_RID) {\r\n print(\"Below low integrity?\");\r\n} else if (integrityLevel < SECURITY_MANDATORY_MEDIUM_RID) {\r\n print(\"Low integrity\");\r\n} else if (integrityLevel < SECURITY_MANDATORY_HIGH_RID) {\r\n print(\"Medium integrity\");\r\n} else if (integrityLevel < SECURITY_MANDATORY_SYSTEM_RID) {\r\n print(\"High integrity\");\r\n} else {\r\n print(\"System integrity\");\r\n}\r\n<\/pre>\nSECURITY_SECURITY_SECURITY_0x10<\/code> which is assigned to medium integrity applications with UIAccess rights<\/a>.<\/p>\n