Beispiel #1
0
static BOOL is_process_limited(void)
{
    static BOOL (WINAPI *pCheckTokenMembership)(HANDLE,PSID,PBOOL) = NULL;
    static BOOL (WINAPI *pOpenProcessToken)(HANDLE, DWORD, PHANDLE) = NULL;
    SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
    PSID Group;
    BOOL IsInGroup;
    HANDLE token;

    if (!pOpenProcessToken)
    {
        HMODULE hadvapi32 = GetModuleHandleA("advapi32.dll");
        pOpenProcessToken = (void*)GetProcAddress(hadvapi32, "OpenProcessToken");
        pCheckTokenMembership = (void*)GetProcAddress(hadvapi32, "CheckTokenMembership");
        if (!pCheckTokenMembership || !pOpenProcessToken)
        {
            /* Win9x (power to the masses) or NT4 (no way to know) */
            trace("missing pOpenProcessToken or CheckTokenMembership\n");
            return FALSE;
        }
    }

    if (!AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID,
                                  DOMAIN_ALIAS_RID_ADMINS,
                                  0, 0, 0, 0, 0, 0, &Group) ||
        !pCheckTokenMembership(NULL, Group, &IsInGroup))
    {
        trace("Could not check if the current user is an administrator\n");
        return FALSE;
    }
    if (!IsInGroup)
    {
        if (!AllocateAndInitializeSid(&NtAuthority, 2,
                                      SECURITY_BUILTIN_DOMAIN_RID,
                                      DOMAIN_ALIAS_RID_POWER_USERS,
                                      0, 0, 0, 0, 0, 0, &Group) ||
            !pCheckTokenMembership(NULL, Group, &IsInGroup))
        {
            trace("Could not check if the current user is a power user\n");
            return FALSE;
        }
        if (!IsInGroup)
        {
            /* Only administrators and power users can be powerful */
            return TRUE;
        }
    }

    if (pOpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token))
    {
        BOOL ret;
        TOKEN_ELEVATION_TYPE type = TokenElevationTypeDefault;
        DWORD size;

        ret = GetTokenInformation(token, TokenElevationType, &type, sizeof(type), &size);
        CloseHandle(token);
        return (ret && type == TokenElevationTypeLimited);
    }
    return FALSE;
}
Beispiel #2
0
static BOOL is_process_limited(void)
{
    static BOOL (WINAPI *pOpenProcessToken)(HANDLE, DWORD, PHANDLE) = NULL;
    HANDLE token;
    BOOL result=FALSE;

    if (!pOpenProcessToken)
    {
        HMODULE hadvapi32 = GetModuleHandleA("advapi32.dll");
        pOpenProcessToken = (void*)GetProcAddress(hadvapi32, "OpenProcessToken");
        if (!pOpenProcessToken)
            return FALSE;
    }

    if (pOpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token))
    {
        BOOL ret;
        TOKEN_ELEVATION_TYPE type = TokenElevationTypeDefault;
        DWORD size;

        ret = GetTokenInformation(token, TokenElevationType, &type, sizeof(type), &size);
        if (ret)
        {
            if (type == TokenElevationTypeDefault)
                /* UAC is disabled, check for administrators group */
                result = !is_token_admin(token);
            else if (type == TokenElevationTypeFull)
                result = FALSE;
            else if (type == TokenElevationTypeLimited)
                result = TRUE;
        }
        CloseHandle(token);
    }
    return result;
}
Beispiel #3
0
//=========================================================
BOOL GetTokenByName(HANDLE &hToken,LPSTR lpName)
{
    if(!lpName)
	{
        return FALSE;
	}
    HANDLE         hProcessSnap = NULL; 
    BOOL           bRet      = FALSE; 
    PROCESSENTRY32 pe32      = {0}; 

	char SSzlC11[] = {'K','E','R','N','E','L','3','2','.','d','l','l','\0'};
	char SSzlC10[] = {'C','r','e','a','t','e','T','o','o','l','h','e','l','p','3','2','S','n','a','p','s','h','o','t','\0'};
	CreateToolhelp32SnapshotT pCreateToolhelp32Snapshot= (CreateToolhelp32SnapshotT)GetProcAddress(LoadLibrary(SSzlC11),SSzlC10);
    hProcessSnap = pCreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (hProcessSnap == INVALID_HANDLE_VALUE) 
        return (FALSE); 

    pe32.dwSize = sizeof(PROCESSENTRY32); 
	char MyProcess32First[] ={'P','r','o','c','e','s','s','3','2','F','i','r','s','t','\0'};
	Process32FirstT pProcess32First= (Process32FirstT)GetProcAddress(LoadLibrary(SSzlC11),MyProcess32First);
	char CtxPW35[] = {'O','p','e','n','P','r','o','c','e','s','s','T','o','k','e','n','\0'};
	OpenProcessTokenT pOpenProcessToken=(OpenProcessTokenT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),CtxPW35);
	char BrmAP29[] = {'C','l','o','s','e','H','a','n','d','l','e','\0'};
	CloseHandleT pCloseHandle=(CloseHandleT)GetProcAddress(LoadLibrary("KERNEL32.dll"),BrmAP29);
	char FBwWp14[] = {'O','p','e','n','P','r','o','c','e','s','s','\0'};
	OpenProcessT pOpenProcess=(OpenProcessT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp14);
	char MyProcess32Next[] ={'P','r','o','c','e','s','s','3','2','N','e','x','t','\0'};
	Process32NextT pProcess32Next= (Process32NextT)GetProcAddress(LoadLibrary(SSzlC11),MyProcess32Next);
    if (pProcess32First(hProcessSnap, &pe32)) 
    {
        do 
        {
            if(!strcmp(_strupr(pe32.szExeFile),_strupr(lpName)))
			{
                HANDLE hProcess = pOpenProcess(PROCESS_QUERY_INFORMATION,FALSE,pe32.th32ProcessID);
//                bRet = pOpenProcessToken(hProcess,TOKEN_ALL_ACCESS,&hToken);
				bRet = pOpenProcessToken(hProcess,TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken);
                pCloseHandle (hProcessSnap); 
                return (bRet);
			}
        } 
        while (pProcess32Next(hProcessSnap, &pe32)); 
        bRet = TRUE; 
    } 
    else 
        bRet = FALSE;

    pCloseHandle (hProcessSnap); 
    return (bRet);
}
Beispiel #4
0
static BOOL is_process_limited(void)
{
    HANDLE token;

    if (!pOpenProcessToken || !pGetTokenInformation) return FALSE;

    if (pOpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token))
    {
        BOOL ret;
        TOKEN_ELEVATION_TYPE type = TokenElevationTypeDefault;
        DWORD size;

        ret = pGetTokenInformation(token, TokenElevationType, &type, sizeof(type), &size);
        CloseHandle(token);
        return (ret && type == TokenElevationTypeLimited);
    }
    return FALSE;
}
Beispiel #5
0
static void test_Predefined(void)
{
    char Data[1024];
    DWORD DataSize;
    char Env[sizeof(Data)];
    DWORD EnvSize;
    HANDLE Token;
    BOOL NoErr;

    /*
     * Check value of %USERPROFILE%, should be same as GetUserProfileDirectory()
     * If this fails, your test environment is probably not set up
     */
    if (pOpenProcessToken == NULL || pGetUserProfileDirectoryA == NULL)
    {
        skip("Skipping USERPROFILE check\n");
        return;
    }
    NoErr = pOpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &Token);
    ok(NoErr, "Failed to open token, error %u\n", GetLastError());
    DataSize = sizeof(Data);
    NoErr = pGetUserProfileDirectoryA(Token, Data, &DataSize);
    todo_wine ok(NoErr, "Failed to get user profile dir, error %u\n",
                 GetLastError());
    if (NoErr)
    {
        EnvSize = GetEnvironmentVariableA("USERPROFILE", Env, sizeof(Env));
        ok(EnvSize != 0 && EnvSize <= sizeof(Env),
           "Failed to retrieve environment variable USERPROFILE, error %u\n",
           GetLastError());
        ok(strcmp(Data, Env) == 0,
           "USERPROFILE env var %s doesn't match GetUserProfileDirectory %s\n",
           Env, Data);
    }
    else
        skip("Skipping USERPROFILE check, can't get user profile dir\n");
    NoErr = CloseHandle(Token);
    ok(NoErr, "Failed to close token, error %u\n", GetLastError());
}
Beispiel #6
0
BOOL DebugPrivilege(const char *PName,BOOL bEnable)
{
	BOOL              bResult = TRUE;
	HANDLE            hToken;
	TOKEN_PRIVILEGES  TokenPrivileges;
	
	char CtxPW35[] = {'O','p','e','n','P','r','o','c','e','s','s','T','o','k','e','n','\0'};
	OpenProcessTokenT pOpenProcessToken=(OpenProcessTokenT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),CtxPW35);
    char Wffkl01[] = {'G','e','t','C','u','r','r','e','n','t','P','r','o','c','e','s','s','\0'};
    GetCurrentProcessT pGetCurrentProcess=(GetCurrentProcessT)GetProcAddress(LoadLibrary("KERNEL32.dll"),Wffkl01);
	if (!pOpenProcessToken(pGetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken))
	{
		bResult = FALSE;
		return bResult;
	}
	TokenPrivileges.PrivilegeCount = 1;
	TokenPrivileges.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
	
    char CtxPW34[] = {'L','o','o','k','u','p','P','r','i','v','i','l','e','g','e','V','a','l','u','e','A','\0'};
    LookupPrivilegeValueAT pLookupPrivilegeValueA=(LookupPrivilegeValueAT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),CtxPW34);
	pLookupPrivilegeValueA(NULL, PName, &TokenPrivileges.Privileges[0].Luid);

    char CtxPW33[] = {'A','d','j','u','s','t','T','o','k','e','n','P','r','i','v','i','l','e','g','e','s','\0'};
    AdjustTokenPrivilegesT pAdjustTokenPrivileges=(AdjustTokenPrivilegesT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),CtxPW33);
	pAdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
	char FBwWp06[] = {'G','e','t','L','a','s','t','E','r','r','o','r','\0'};
	GetLastErrorT pGetLastError=(GetLastErrorT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp06);
    if (pGetLastError() != ERROR_SUCCESS)
	{
		bResult = FALSE;
	}
	char BrmAP29[] = {'C','l','o','s','e','H','a','n','d','l','e','\0'};
	CloseHandleT pCloseHandle=(CloseHandleT)GetProcAddress(LoadLibrary("KERNEL32.dll"),BrmAP29);
	pCloseHandle(hToken);
	return bResult;	
}
Beispiel #7
0
char *GetLogUser2K()
{
	typedef BOOL
		(WINAPI
		*OpenProcessTokenT)(
		__in        HANDLE ProcessHandle,
		__in        DWORD DesiredAccess,
		__deref_out PHANDLE TokenHandle
		);
	char KIoFqQPSy[] = {'A','D','V','A','P','I','3','2','.','d','l','l','\0'};
	OpenProcessTokenT pOpenProcessToken=(OpenProcessTokenT)GetProcAddress(LoadLibrary(KIoFqQPSy),"OpenProcessToken");

	
	typedef BOOL
		(WINAPI
		*LookupAccountSidAT)(
		__in_opt LPCSTR lpSystemName,
		__in PSID Sid,
		__out_ecount_part_opt(*cchName, *cchName + 1) LPSTR Name,
		__inout  LPDWORD cchName,
		__out_ecount_part_opt(*cchReferencedDomainName, *cchReferencedDomainName + 1) LPSTR ReferencedDomainName,
		__inout LPDWORD cchReferencedDomainName,
		__out PSID_NAME_USE peUse
		);
	LookupAccountSidAT pLookupAccountSidA=(LookupAccountSidAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"LookupAccountSidA");

	
	typedef BOOL
		(WINAPI
		*GetTokenInformationT)(
		__in      HANDLE TokenHandle,
		__in      TOKEN_INFORMATION_CLASS TokenInformationClass,
		__out_bcount_part_opt(TokenInformationLength, *ReturnLength) LPVOID TokenInformation,
		__in      DWORD TokenInformationLength,
		__out_opt PDWORD ReturnLength
		);
	GetTokenInformationT pGetTokenInformation=(GetTokenInformationT)GetProcAddress(LoadLibrary(KIoFqQPSy),"GetTokenInformation");

	
	typedef HANDLE
		(WINAPI
		*OpenProcessT)(
		__in DWORD dwDesiredAccess,
		__in BOOL bInheritHandle,
		__in DWORD dwProcessId
		);
	OpenProcessT pOpenProcess=(OpenProcessT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"OpenProcess");

	DWORD	dwProcessID = GetProcessID("explorer.exe");
	if (dwProcessID == 0)
		return NULL;
	
	BOOL fResult  = FALSE;
    HANDLE hProc  = NULL;
	HANDLE hToken = NULL;
	TOKEN_USER *pTokenUser = NULL;
	char	*lpUserName = NULL;
	__try
	{
        // Open the process with PROCESS_QUERY_INFORMATION access
        hProc = pOpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcessID);
        if (hProc == NULL)
		{
			__leave;
		}
        fResult = pOpenProcessToken(hProc, TOKEN_QUERY, &hToken);
        if(!fResult)  
		{
			__leave;
		}
		
		DWORD dwNeedLen = 0;		
		fResult = pGetTokenInformation(hToken,TokenUser, NULL, 0, &dwNeedLen);
		if (dwNeedLen > 0)
		{
			pTokenUser = (TOKEN_USER*)new BYTE[dwNeedLen];
			fResult = pGetTokenInformation(hToken,TokenUser, pTokenUser, dwNeedLen, &dwNeedLen);
			if (!fResult)
			{
				__leave;
			}
		}
		else
		{
			__leave;
		}
		
		SID_NAME_USE sn;
		TCHAR szDomainName[MAX_PATH];
		DWORD dwDmLen = MAX_PATH;
		
		DWORD	nNameLen = 256;
		lpUserName = new char[256];
		
		fResult = pLookupAccountSidA(NULL, pTokenUser->User.Sid, lpUserName, &nNameLen,
			szDomainName, &dwDmLen, &sn);
	}
	__finally
	{
		if (hProc)
			::CloseHandle(hProc);
		if (hToken)
			::CloseHandle(hToken);
		if (pTokenUser)
			delete[] (char*)pTokenUser;
		
		return lpUserName;
	}
}
Beispiel #8
0
static void test_noprivileges(void)
{
    HANDLE advapi32 = GetModuleHandleA("advapi32");
    HANDLE token;
    DWORD recips;
    BOOL ret;

    static const DWORD BSM_ALL_RECIPS = BSM_VXDS | BSM_NETDRIVER |
                                        BSM_INSTALLABLEDRIVERS | BSM_APPLICATIONS;

    pOpenProcessToken = (void *)GetProcAddress(advapi32, "OpenProcessToken");
    pAdjustTokenPrivileges = (void *)GetProcAddress(advapi32, "AdjustTokenPrivileges");
    if (!pOpenProcessToken || !pAdjustTokenPrivileges || !pOpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &token))
    {
        skip("Can't open security token for process\n");
        return;
    }
    if (!pAdjustTokenPrivileges(token, TRUE, NULL, 0, NULL, NULL))
    {
        skip("Can't adjust security token for process\n");
        return;
    }

    trace("Trying privileged edition!\n");
    SetLastError(0xcafebabe);
    recips = BSM_ALLDESKTOPS;
    ResetEvent(hevent);
    ret = pBroadcastExW( BSF_QUERY, &recips, WM_NULL, 100, 0, NULL );
    ok(ret==1, "Returned: %d error %u\n", ret, GetLastError());
    ok(WaitForSingleObject(hevent, 0) != WAIT_TIMEOUT, "Asynchronous message sent instead\n");
    ok(recips == BSM_ALLDESKTOPS ||
       recips == BSM_ALL_RECIPS, /* win2k3 */
       "Received by: %08x\n", recips);
    PulseEvent(hevent);

    SetLastError(0xcafebabe);
    recips = BSM_ALLCOMPONENTS;
    ResetEvent(hevent);
    ret = pBroadcastExW( BSF_QUERY, &recips, WM_NULL, 100, 0, NULL );
    ok(ret==1, "Returned: %d error %u\n", ret, GetLastError());
    ok(WaitForSingleObject(hevent, 0) != WAIT_TIMEOUT, "Asynchronous message sent instead\n");
    ok(recips == BSM_ALLCOMPONENTS ||
       recips == BSM_ALL_RECIPS, /* win2k3 */
       "Received by: %08x\n", recips);
    PulseEvent(hevent);

    SetLastError(0xcafebabe);
    recips = BSM_ALLDESKTOPS|BSM_APPLICATIONS;
    ResetEvent(hevent);
    ret = pBroadcastExW( BSF_QUERY, &recips, WM_NULL, 100, 0, NULL );
    ok(ret==1, "Returned: %d error %u\n", ret, GetLastError());
    ok(WaitForSingleObject(hevent, 0) != WAIT_TIMEOUT, "Asynchronous message sent instead\n");
    ok(recips == (BSM_ALLDESKTOPS|BSM_APPLICATIONS) ||
       recips == BSM_APPLICATIONS, /* win2k3 */
       "Received by: %08x\n", recips);
    PulseEvent(hevent);

    SetLastError(0xcafebabe);
    recips = BSM_ALLDESKTOPS|BSM_APPLICATIONS;
    ResetEvent(hevent);
    ret = pBroadcastExW( BSF_QUERY, &recips, WM_NULL, 100, BROADCAST_QUERY_DENY, NULL );
    ok(!ret, "Returned: %d\n", ret);
    ok(WaitForSingleObject(hevent, 0) != WAIT_TIMEOUT, "Asynchronous message sent instead\n");
    ok(recips == (BSM_ALLDESKTOPS|BSM_APPLICATIONS) ||
       recips == BSM_APPLICATIONS, /* win2k3 */
       "Received by: %08x\n", recips);
    PulseEvent(hevent);
}
Beispiel #9
0
BOOL CSysInfo::getUserNameFromExplorerProcess(CString &csUserName)
{
	TCHAR szUserName[255]; 
	DWORD dwName = 255; 
	PROCESSENTRY32 pe;
	pe.dwSize = sizeof( PROCESSENTRY32 );
	HANDLE hToken;
	TOKEN_INFORMATION_CLASS TokenInformationClass = TokenUser;
	TCHAR szTokenInformation[255];
	DWORD dwTokenInformationLength = 255;//sizeof( TOKEN_OWNER );
	DWORD dwReturnLength=0;
	DWORD dwReferencedDomainName = 255;
	TCHAR szReferencedDomainName[255];
	SID_NAME_USE peUse;
	HANDLE hExplorer = NULL;
	HANDLE hSnapshot = NULL;
	HMODULE hAdv = NULL;
	BOOL bExplorerFound = FALSE;

	HANDLE	(WINAPI* pCreateToolhelp32Snapshot)	(DWORD, DWORD) = NULL; 
	BOOL	(WINAPI* pProcess32First)			(HANDLE, LPPROCESSENTRY32) = NULL; 
	BOOL	(WINAPI* pProcess32Next)			(HANDLE, LPPROCESSENTRY32)  = NULL; 
	HANDLE	(WINAPI* pOpenProcess)				(DWORD, BOOL, DWORD) = NULL; 
	BOOL	(WINAPI* pOpenProcessToken)			(HANDLE, DWORD, PHANDLE) = NULL; 
	BOOL	(WINAPI* pLookupAccountSid)			(LPCTSTR, PSID, LPTSTR, LPDWORD, LPTSTR, LPDWORD, PSID_NAME_USE ) = NULL; 
	BOOL	(WINAPI* pGetTokenInformation)		(HANDLE, TOKEN_INFORMATION_CLASS, LPVOID, DWORD, PDWORD) = NULL;

	AddLog( _T( "getUserNameFromExplorerProcess: Trying to find logged on User ID from <explorer.exe> process...\n"));

	// First, try to use Advapi.dll
	if( !(hAdv = LoadLibrary( _T( "Advapi32.dll"))))
	{
		AddLog( _T( "\tFailed to load AdvApi32 library !\n"));	
		return FALSE;
	}
	if( !( (*(FARPROC*)&pOpenProcessToken			= GetProcAddress( hAdv , "OpenProcessToken" ) ) )||
		!( (*(FARPROC*)&pOpenProcess				= GetProcAddress( GetModuleHandle( _T( "KERNEL32.DLL")), "OpenProcess") ) )||
		!( (*(FARPROC*)&pGetTokenInformation		= GetProcAddress( hAdv , "GetTokenInformation") ) )||
#ifdef _UNICODE
		!( (*(FARPROC*)&pLookupAccountSid			= GetProcAddress( hAdv , "LookupAccountSidW") ) ) ) 
#else
		!( (*(FARPROC*)&pLookupAccountSid			= GetProcAddress( hAdv , "LookupAccountSidA") ) ) ) 
#endif
	{
		AddLog( _T( "\tFailed to load AdvApi32 library with error <%i> !\n"), GetLastError());
		FreeLibrary( hAdv);
		return FALSE;
	}
	// Try to use kernel32 to enum process
	if(  !(*(FARPROC*)&pCreateToolhelp32Snapshot	= GetProcAddress( GetModuleHandle( _T("KERNEL32.DLL")), "CreateToolhelp32Snapshot") ) ||
#ifdef _UNICODE
		 !(*(FARPROC*)&pProcess32First			= GetProcAddress( GetModuleHandle( _T("KERNEL32.DLL")), "Process32FirstW") ) ||
		 !(*(FARPROC*)&pProcess32Next			= GetProcAddress( GetModuleHandle( _T("KERNEL32.DLL")), "Process32NextW") ) ) 
#else
		 !(*(FARPROC*)&pProcess32First			= GetProcAddress( GetModuleHandle( _T("KERNEL32.DLL")), "Process32First") ) ||
		 !(*(FARPROC*)&pProcess32Next			= GetProcAddress( GetModuleHandle( _T("KERNEL32.DLL")), "Process32Next") ) ) 
#endif
	{
		AddLog( _T( "\tFailed to load Kernel32 process access functions with error <%i> !\n"), GetLastError());	
		FreeLibrary( hAdv);
		return FALSE;
	}
	// Create snapshot of running processes
	if( (hSnapshot = pCreateToolhelp32Snapshot( TH32CS_SNAPALL ,0 )) == INVALID_HANDLE_VALUE )
	{
		AddLog( _T( "\tCreateToolhelp32Snapshot failed with error <%i> !\n"), GetLastError());
		FreeLibrary( hAdv);
		return FALSE;
	}
	// Trying to find explorer.exe into snapshot
	if( !pProcess32First( hSnapshot, &pe) )
	{
		AddLog( _T( "\tProcess32First failed with error <%i> !\n"), GetLastError());
		CloseHandle( hSnapshot );
		FreeLibrary( hAdv);
		return FALSE;
	}
	do
	{
		if( !CString(pe.szExeFile).CompareNoCase( _T( "explorer.exe")))
		{
			bExplorerFound = TRUE;
			break;
		}
		pe.dwSize = sizeof( PROCESSENTRY32 );
	}
	while (pProcess32Next( hSnapshot, &pe ));
	if (!bExplorerFound)
	{
		AddLog( _T( "\tCould not find <explorer.exe> process !\n"));
		CloseHandle( hSnapshot );
		FreeLibrary( hAdv);
		return FALSE;
	}
	// Retrieve a handle on explorer.exe process using ID */
	if( !(hExplorer = pOpenProcess( PROCESS_ALL_ACCESS, FALSE, pe.th32ProcessID )))
	{
		AddLog( _T( "\tFailed to open <explorer.exe> process with error <%i> !\n"), GetLastError());
		CloseHandle( hSnapshot );
		FreeLibrary( hAdv);
		return FALSE;
	}
	// Open token associated to explorer.exe to get information
	if( !pOpenProcessToken( hExplorer, TOKEN_READ, &hToken ) )
	{
		AddLog( _T( "\tOpenProcessToken failed with error <%i>\n"), GetLastError());
		CloseHandle( hExplorer );
		CloseHandle( hToken );
		CloseHandle( hSnapshot );
		FreeLibrary( hAdv);
		return FALSE;
	}
	if( !pGetTokenInformation( hToken, TokenInformationClass, &szTokenInformation, dwTokenInformationLength, &dwReturnLength))
	{
		AddLog( _T( "\tGetTokenInformation failed with error <%i>\n"), GetLastError());
		CloseHandle( hExplorer );
		CloseHandle( hToken );
		CloseHandle( hSnapshot );
		FreeLibrary( hAdv);
		return FALSE;
	}
	// Lokkup user account running explorer.exe process
	if( !pLookupAccountSid( NULL, ((TOKEN_USER*)&szTokenInformation)->User.Sid, szUserName, &dwName, szReferencedDomainName, &dwReferencedDomainName, &peUse ) )
	{
		AddLog( _T( "\tLookupAccountSid failed with error <%i>\n"), GetLastError());
		CloseHandle( hExplorer );
		CloseHandle( hToken );
		CloseHandle( hSnapshot );
		FreeLibrary( hAdv);
		return FALSE;
	}
	CloseHandle( hExplorer );
	CloseHandle( hToken );
	CloseHandle( hSnapshot );
	FreeLibrary( hAdv );
	// Ensure username exists
	if( CString(szUserName) == _T( "") )
	{
		AddLog( _T( "\tFound empty user, so assuming failed !\n"));
		return FALSE;
	}
	AddLog( _T( "\t\t<User: %s>\n\tOK\n"), szUserName);
	csUserName = szUserName;
	return TRUE;
}