RtlQueryElevationFlags

Go to Home Page

Returns a set of flags indicating the state of various elevation related features

Syntax

NTSTATUS NTAPI RtlQueryElevationFlags (
    DWORD* pFlags
)

Parameters

pFlags
A pointer to a variable that receives the elevation state. Cannot be NULL. On exit this can be zero or some of the following:
ELEVATION_UAC_ENABLED (0x1)
UAC is enabled
ELEVATION_VIRTUALIZATION_ENABLED (0x2)
File and registry virtualization is enabled
ELEVATION_INSTALLER_DETECTION_ENABLED (0x4)
Install and setup programs are detected and automatically elevated

Return Value

Currently only STATUS_SUCCESS is returned

Remarks

The function reads directly from the DbgElevationEnabled, DbgVirtEnabled and DbgInstallerDetectEnabled bits from the KUSER_SHARED_DATA struct.

See here for more in depth information on this function.