Hi, all
I recently need to get the integrity level of a process, and I found help from MSDN. The sample code looks like this:
if (GetTokenInformation(hToken, TokenIntegrityLevel,
pTIL, dwLengthNeeded, &dwLengthNeeded))
{
dwIntegrityLevel = *GetSidSubAuthority(pTIL->Label.Sid,
(DWORD)(UCHAR)(*GetSidSubAuthorityCount(pTIL->Label.Sid)-1));
if (dwIntegrityLevel == SECURITY_MANDATORY_LOW_RID)
{
wprintf(L"Low Process");
}
else if (dwIntegrityLevel >= SECURITY_MANDATORY_MEDIUM_RID &&
dwIntegrityLevel < SECURITY_MANDATORY_HIGH_RID)
{
wprintf(L"Medium Process");
}
else if (dwIntegrityLevel >= SECURITY_MANDATORY_HIGH_RID)
{
wprintf(L"High Integrity Process");
}
else if (dwIntegrityLevel >= SECURITY_MANDATORY_SYSTEM_RID)
{
wprintf(L"System Integrity Process");
}
}
As you all know, SECURITY_MANDATORY_LOW_RID == 0x00001000L, SECURITY_MANDATORY_MEDIUM_RID == 0x00002000L, SECURITY_MANDATORY_HIGH_RID == 0x00003000L, and SECURITY_MANDATORY_SYSTEM_RID == 0x00004000L.
Here is my question:
If this sample code is correct, then what integrity level does process A have if it has the dwIntegrityLevel of 0x00004100L? SECURITY_MANDATORY_HIGH_RID and SECURITY_MANDATORY_SYSTEM_RID? Does it mean that a process have SECURITY_MANDATORY_SYSTEM_RID level also have a SECURITY_MANDATORY_HIGH_RID?
If the sample code is wrong, then what is the right way to determine the integrity level of a process?
Thanks for any of your suggestion.