Hi,
I'm trying to see if the user has the SeLoadDriver privilege. I've got the PLUID :
PLUID pld;
LookupPrivilegeValue(NULL, SE_LOAD_DRIVER_NAME, pld);
But now i'm not sure how to get a bool from the PLUID stating that the user has, or not, the privilege. I've read the related methods but it think that it might be an easy way of getting this directly from the PLUID value.
Thanks
It's a little more involved than that.
First you need to obtain the process token's privilege set (by calling GetTokenInformation()) then you scan the buffer that you've got from that (which is an array of LUID_AND_ATTRIBUTES structures) for the LUID that you get from LookupPrivilegeValue(). You can then use the LUID_AND_ATTRIBUTES that you've located and check to see if the Attributes contain the required flag (SE_PRIVILEGE_ENABLED in your case).
Be aware that when you are checking for an enabled privilege you should also check that SE_PRIVILEGE_REMOVED is NOT set in the Attributes that you are checking; a privilege that has both SE_PRIVILEGE_REMOVED and SE_PRIVILEGE_ENABLED has been removed and is NOT enabled...