WKL-Sec · February 19, 2024 19:28
diff --git a/SystemUserVerification.cpp b/SystemUserVerification.cpp
 #include <windows.h>
 #include <sddl.h>
 #include <tchar.h>
 #include <iostream>
 #include <algorithm> 
 #include <cctype>    

 // Link with the Advapi32.lib to use Windows Security functions
 #pragma comment(lib, "advapi32.lib")

 // Retrieves the username associated with the given process handle
 std::string GetUsernameFromProcess(HANDLE processHandle) {
    HANDLE tokenHandle = NULL;
    // Attempt to open the process token with query access
    if (!OpenProcessToken(processHandle, TOKEN_QUERY, &tokenHandle)) {
        std::cerr << "Failed to open process token. Error: " << GetLastError() << std::endl;
        return "";
    }

    DWORD tokenUserInfoLength = 0;
    // First call to GetTokenInformation gets the size needed for the token information
    GetTokenInformation(tokenHandle, TokenUser, NULL, 0, &tokenUserInfoLength);
    PTOKEN_USER tokenUser = (PTOKEN_USER)new BYTE[tokenUserInfoLength];
    // Retrieve the token information, specifically the user SID
    if (!GetTokenInformation(tokenHandle, TokenUser, tokenUser, tokenUserInfoLength, &tokenUserInfoLength)) {
        std::cerr << "Failed to get token information. Error: " << GetLastError() << std::endl;
        CloseHandle(tokenHandle);
        delete[] tokenUser;
        return "";
    }

    SID_NAME_USE sidType;
    char userName[256] = {0};
    char domainName[256] = {0};
    DWORD userNameLength = sizeof(userName);
    DWORD domainNameLength = sizeof(domainName);

    // Convert the SID to a username
    if (!LookupAccountSidA(NULL, tokenUser->User.Sid, userName, &userNameLength, domainName, &domainNameLength, &sidType)) {
        std::cerr << "Failed to lookup account SID. Error: " << GetLastError() << std::endl;
        CloseHandle(tokenHandle);
        delete[] tokenUser;
        return "";
    }

    // Cleanup
    CloseHandle(tokenHandle);
    delete[] tokenUser;

    // Return the username associated with the process
    return std::string(userName);
 }

 int main() {
    // Obtain a handle to the current process
    HANDLE currentProcessHandle = GetCurrentProcess(); 
    // Get the username of the process's owner
    std::string username = GetUsernameFromProcess(currentProcessHandle);
    // Convert username to uppercase for case-insensitive comparison
    std::transform(username.begin(), username.end(), username.begin(), ::toupper);

    // Check if the process is running under the SYSTEM account
    if (username.compare("SYSTEM") != 0) {
        std::cerr << "This process is not running under the SYSTEM account. Exiting..." << std::endl;
        // Exit the program if not running as SYSTEM
        return -1; 
    } else {
        std::cout << "Process is running under SYSTEM account." << std::endl;
        // The process is running under SYSTEM, continue with the program
    }

    return 0;
 }
	#include <windows.h>
	#include <sddl.h>
	#include <tchar.h>
	#include <iostream>
	#include <algorithm>
	#include <cctype>

	// Link with the Advapi32.lib to use Windows Security functions
	#pragma comment(lib, "advapi32.lib")

	// Retrieves the username associated with the given process handle
	std::string GetUsernameFromProcess(HANDLE processHandle) {
	HANDLE tokenHandle = NULL;
	// Attempt to open the process token with query access
	if (!OpenProcessToken(processHandle, TOKEN_QUERY, &tokenHandle)) {
	std::cerr << "Failed to open process token. Error: " << GetLastError() << std::endl;
	return "";
	}

	DWORD tokenUserInfoLength = 0;
	// First call to GetTokenInformation gets the size needed for the token information
	GetTokenInformation(tokenHandle, TokenUser, NULL, 0, &tokenUserInfoLength);
	PTOKEN_USER tokenUser = (PTOKEN_USER)new BYTE[tokenUserInfoLength];
	// Retrieve the token information, specifically the user SID
	if (!GetTokenInformation(tokenHandle, TokenUser, tokenUser, tokenUserInfoLength, &tokenUserInfoLength)) {
	std::cerr << "Failed to get token information. Error: " << GetLastError() << std::endl;
	CloseHandle(tokenHandle);
	delete[] tokenUser;
	return "";
	}

	SID_NAME_USE sidType;
	char userName[256] = {0};
	char domainName[256] = {0};
	DWORD userNameLength = sizeof(userName);
	DWORD domainNameLength = sizeof(domainName);

	// Convert the SID to a username
	if (!LookupAccountSidA(NULL, tokenUser->User.Sid, userName, &userNameLength, domainName, &domainNameLength, &sidType)) {
	std::cerr << "Failed to lookup account SID. Error: " << GetLastError() << std::endl;
	CloseHandle(tokenHandle);
	delete[] tokenUser;
	return "";
	}

	// Cleanup
	CloseHandle(tokenHandle);
	delete[] tokenUser;

	// Return the username associated with the process
	return std::string(userName);
	}

	int main() {
	// Obtain a handle to the current process
	HANDLE currentProcessHandle = GetCurrentProcess();
	// Get the username of the process's owner
	std::string username = GetUsernameFromProcess(currentProcessHandle);
	// Convert username to uppercase for case-insensitive comparison
	std::transform(username.begin(), username.end(), username.begin(), ::toupper);

	// Check if the process is running under the SYSTEM account
	if (username.compare("SYSTEM") != 0) {
	std::cerr << "This process is not running under the SYSTEM account. Exiting..." << std::endl;
	// Exit the program if not running as SYSTEM
	return -1;
	} else {
	std::cout << "Process is running under SYSTEM account." << std::endl;
	// The process is running under SYSTEM, continue with the program
	}

	return 0;
	}