Returns a set of flags indicating the state of various elevation related features
Syntax
NTSTATUS NTAPI RtlQueryElevationFlags (
DWORD* pFlags
)
Parameters
- pFlags
- A pointer to a variable that receives the elevation state. Cannot be NULL. On exit this can be zero or some of the following:
- ELEVATION_UAC_ENABLED (0x1)
- UAC is enabled
- ELEVATION_VIRTUALIZATION_ENABLED (0x2)
- File and registry virtualization is enabled
- ELEVATION_INSTALLER_DETECTION_ENABLED (0x4)
- Install and setup programs are detected and automatically elevated
Return Value
Currently only STATUS_SUCCESS is returned
Remarks
The function reads directly from the DbgElevationEnabled, DbgVirtEnabled and DbgInstallerDetectEnabled bits from the KUSER_SHARED_DATA struct.
See here for more in depth information on this function.