Geoff Chappell - Software Analyst
Determines if the current process executes with elevated access rights.
BOOL IsElevatedProcess (VOID);
The function returns TRUE or FALSE according to whether the current process is or is not elevated.
If the function already has determined from an earlier execution that the current process is elevanted, it returns TRUE. Otherwise, the function opens the process token (with MAXIMUM_ALLOWED access rights) and queries for the TokenElevationType information class. If this succeeds, then there are two ways that the process may be determined as elevated. One is simply that the elevation type is TokenElevationTypeFull. The other is that the elevation type is TokenElevationDefault and then a query for the TokenElevation information class succeeds and reports that the token is elevated. In all other cases, the function returns FALSE.
The IsElevatedProcess function is exported from IERTUTIL as ordinal 44 in version 7.0 and higher.