win32api/advapi32.go

package win32api

import (
	"syscall"
	"unsafe"

	"golang.org/x/sys/windows"
)

func DuplicateTokenEx(hExistingToken HANDLE, dwDesiredAccess DWORD,
	lpTokenAttributes uintptr, ImpersonationLevel int,
	TokenType TOKEN_TYPE, phNewToken *TOKEN) error {

	Dup, err := getProcAddr("advapi32.dll", "DuplicateTokenEx")
	if err != nil {
		return err
	}
	r, _, errno := syscall.Syscall6(Dup, 6, uintptr(hExistingToken), uintptr(dwDesiredAccess), lpTokenAttributes, uintptr(ImpersonationLevel),
		uintptr(TokenType), uintptr(unsafe.Pointer(phNewToken)))
	if r == 0 {
		return error(errno)
	}
	return nil
}

func CreateProcessAsUser(hToken TOKEN, lpApplicationName, lpCommandLine string,
	lpProcessAttributes, lpThreadAttributes, bInheritHandles uintptr,
	dwCreationFlags DWORD, lpEnvironment HANDLE, lpCurrentDirectory string,
	lpStartupInfo *StartupInfo, lpProcessInformation *ProcessInformation) error {
	var (
		applicationName uintptr
		commandLine     uintptr
		workingDir      uintptr
	)
	CPAU, err := getProcAddr("advapi32.dll", "CreateProcessAsUserW")
	if err != nil {
		return err
	}
	if len(lpApplicationName) > 0 {
		applicationName = uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(lpApplicationName)))
	}
	if len(lpCommandLine) > 0 {
		commandLine = uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(lpCommandLine)))
	}
	if len(lpCurrentDirectory) > 0 {
		workingDir = uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(lpCurrentDirectory)))
	}
	r, _, errno := syscall.Syscall12(CPAU, 11, uintptr(hToken), applicationName,
		commandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, uintptr(dwCreationFlags), uintptr(lpEnvironment),
		workingDir, uintptr(unsafe.Pointer(lpStartupInfo)), uintptr(unsafe.Pointer(lpProcessInformation)), 0)
	if r == 0 {
		return error(errno)
	}
	return nil
}
func GetTokenInformation(TokenHandle HANDLE, TokenInformationClass, TokenInformation,
	TokenInformationLength uintptr, ReturnLength *uintptr) error {
	GTI, err := getProcAddr("advapi32.dll", "GetTokenInformation")
	if err != nil {
		return err
	}
	if r, _, errno := syscall.Syscall6(GTI, 5, uintptr(TokenHandle), TokenInformationClass,
		TokenInformation, TokenInformationLength, uintptr(unsafe.Pointer(ReturnLength)), 0); r == 0 {
		return error(errno)
	}
	return nil
}

func GetUserName() (string, error) {
	gun, err := getProcAddr("advapi32.dll", "GetUserNameW")
	if err != nil {
		return "", err
	}

	size := uint32(64)
	for {
		buf := make([]uint16, size)
		n := uint32(len(buf))
		r, _, errno := syscall.Syscall(gun, 2, uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&n)), 0)
		if r != 0 {
			return syscall.UTF16ToString(buf), nil
		}
		if errno == syscall.ERROR_INSUFFICIENT_BUFFER {
			if n > size {
				size = n
			} else {
				size *= 2
			}
			continue
		}
		if errno != 0 {
			return "", error(errno)
		}
		return "", syscall.EINVAL
	}
}

func OpenProcessToken(ProcessHandle HANDLE, DesiredAccess DWORD, TokenHandle *TOKEN) error {
	if TokenHandle == nil {
		return syscall.EINVAL
	}
	proc, err := getProcAddr("advapi32.dll", "OpenProcessToken")
	if err != nil {
		return err
	}
	r, _, errno := syscall.Syscall(proc, 3, uintptr(ProcessHandle), uintptr(DesiredAccess), uintptr(unsafe.Pointer(TokenHandle)))
	if r == 0 {
		if errno != 0 {
			return error(errno)
		}
		return syscall.EINVAL
	}
	return nil
}

func CheckTokenMembership(tokenHandle HANDLE, sidToCheck unsafe.Pointer) (bool, error) {
	if sidToCheck == nil {
		return false, syscall.EINVAL
	}
	proc, err := getProcAddr("advapi32.dll", "CheckTokenMembership")
	if err != nil {
		return false, err
	}
	var isMember int32
	r, _, errno := syscall.Syscall(proc, 3,
		uintptr(tokenHandle),
		uintptr(sidToCheck),
		uintptr(unsafe.Pointer(&isMember)),
	)
	if r == 0 {
		if errno != 0 {
			return false, error(errno)
		}
		return false, syscall.EINVAL
	}
	return isMember != 0, nil
}

func LookupPrivilegeValue(lpSystemName, lpName string, lpLuid *LUID) error {
	if lpLuid == nil {
		return syscall.EINVAL
	}
	proc, err := getProcAddr("advapi32.dll", "LookupPrivilegeValueW")
	if err != nil {
		return err
	}

	var systemNamePtr uintptr
	if len(lpSystemName) > 0 {
		systemNamePtr = uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(lpSystemName)))
	}
	r, _, errno := syscall.Syscall(proc, 3,
		systemNamePtr,
		uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(lpName))),
		uintptr(unsafe.Pointer(lpLuid)),
	)
	if r == 0 {
		if errno != 0 {
			return error(errno)
		}
		return syscall.EINVAL
	}
	return nil
}

func AdjustTokenPrivileges(TokenHandle TOKEN, DisableAllPrivileges bool, NewState *TOKEN_PRIVILEGES, BufferLength DWORD,
	PreviousState *TOKEN_PRIVILEGES, ReturnLength *DWORD) error {
	proc, err := getProcAddr("advapi32.dll", "AdjustTokenPrivileges")
	if err != nil {
		return err
	}

	disableAll := uintptr(0)
	if DisableAllPrivileges {
		disableAll = 1
	}
	r, _, errno := syscall.Syscall6(proc, 6,
		uintptr(TokenHandle),
		disableAll,
		uintptr(unsafe.Pointer(NewState)),
		uintptr(BufferLength),
		uintptr(unsafe.Pointer(PreviousState)),
		uintptr(unsafe.Pointer(ReturnLength)),
	)
	if r == 0 {
		if errno != 0 {
			return error(errno)
		}
		return syscall.EINVAL
	}
	if errno == windows.ERROR_NOT_ALL_ASSIGNED {
		return error(errno)
	}
	return nil
}

func RevertToSelf() error {
	proc, err := getProcAddr("advapi32.dll", "RevertToSelf")
	if err != nil {
		return err
	}
	r, _, errno := syscall.Syscall(proc, 0, 0, 0, 0)
	if r == 0 {
		if errno != 0 {
			return error(errno)
		}
		return syscall.EINVAL
	}
	return nil
}

func CreateProcessWithToken(hToken TOKEN, dwLogonFlags DWORD, lpApplicationName, lpCommandLine string,
	dwCreationFlags DWORD, lpEnvironment HANDLE, lpCurrentDirectory string,
	lpStartupInfo *StartupInfo, lpProcessInformation *ProcessInformation) error {
	var (
		applicationName uintptr
		commandLine     uintptr
		currentDir      uintptr
	)
	if len(lpApplicationName) > 0 {
		applicationName = uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(lpApplicationName)))
	}
	if len(lpCommandLine) > 0 {
		commandLine = uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(lpCommandLine)))
	}
	if len(lpCurrentDirectory) > 0 {
		currentDir = uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(lpCurrentDirectory)))
	}

	proc, err := getProcAddr("advapi32.dll", "CreateProcessWithTokenW")
	if err != nil {
		return err
	}
	r, _, errno := syscall.Syscall12(proc, 9,
		uintptr(hToken),
		uintptr(dwLogonFlags),
		applicationName,
		commandLine,
		uintptr(dwCreationFlags),
		uintptr(lpEnvironment),
		currentDir,
		uintptr(unsafe.Pointer(lpStartupInfo)),
		uintptr(unsafe.Pointer(lpProcessInformation)),
		0,
		0,
		0,
	)
	if r == 0 {
		if errno != 0 {
			return error(errno)
		}
		return syscall.EINVAL
	}
	return nil
}

func IsTokenElevated(token TOKEN) (bool, error) {
	var elevation TOKEN_ELEVATION
	var retLen uintptr
	if err := GetTokenInformation(
		HANDLE(token),
		TokenElevation,
		uintptr(unsafe.Pointer(&elevation)),
		uintptr(unsafe.Sizeof(elevation)),
		&retLen,
	); err != nil {
		return false, err
	}
	return elevation.TokenIsElevated != 0, nil
}

func IsCurrentProcessElevated() (bool, error) {
	processHandle, err := syscall.GetCurrentProcess()
	if err != nil {
		return false, err
	}
	var token TOKEN
	if err := OpenProcessToken(HANDLE(processHandle), TOKEN_QUERY, &token); err != nil {
		return false, err
	}
	defer func() {
		_ = CloseHandle(HANDLE(token))
	}()
	return IsTokenElevated(token)
}

func IsCurrentUserInAdminGroup() (bool, error) {
	adminSID, err := windows.CreateWellKnownSid(windows.WinBuiltinAdministratorsSid)
	if err != nil {
		return false, err
	}

	// Passing tokenHandle=0 lets Windows use the calling thread/process effective token.
	return CheckTokenMembership(0, unsafe.Pointer(adminSID))
}
add more api 2019-03-07 11:39:54 +08:00			`package win32api`

			`import (`
			`"syscall"`
			`"unsafe"`

			`"golang.org/x/sys/windows"`
			`)`

			`func DuplicateTokenEx(hExistingToken HANDLE, dwDesiredAccess DWORD,`
			`lpTokenAttributes uintptr, ImpersonationLevel int,`
			`TokenType TOKEN_TYPE, phNewToken *TOKEN) error {`

修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`Dup, err := getProcAddr("advapi32.dll", "DuplicateTokenEx")`
add more api 2019-03-07 11:39:54 +08:00			`if err != nil {`
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`return err`
add more api 2019-03-07 11:39:54 +08:00			`}`
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`r, _, errno := syscall.Syscall6(Dup, 6, uintptr(hExistingToken), uintptr(dwDesiredAccess), lpTokenAttributes, uintptr(ImpersonationLevel),`
add more api 2019-03-07 11:39:54 +08:00			`uintptr(TokenType), uintptr(unsafe.Pointer(phNewToken)))`
			`if r == 0 {`
new function add 2021-09-01 11:03:37 +08:00			`return error(errno)`
add more api 2019-03-07 11:39:54 +08:00			`}`
			`return nil`
			`}`

			`func CreateProcessAsUser(hToken TOKEN, lpApplicationName, lpCommandLine string,`
			`lpProcessAttributes, lpThreadAttributes, bInheritHandles uintptr,`
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`dwCreationFlags DWORD, lpEnvironment HANDLE, lpCurrentDirectory string,`
add more api 2019-03-07 11:39:54 +08:00			`lpStartupInfo StartupInfo, lpProcessInformation ProcessInformation) error {`
			`var (`
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`applicationName uintptr`
			`commandLine uintptr`
			`workingDir uintptr`
add more api 2019-03-07 11:39:54 +08:00			`)`
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`CPAU, err := getProcAddr("advapi32.dll", "CreateProcessAsUserW")`
add more api 2019-03-07 11:39:54 +08:00			`if err != nil {`
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`return err`
add more api 2019-03-07 11:39:54 +08:00			`}`
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`if len(lpApplicationName) > 0 {`
			`applicationName = uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(lpApplicationName)))`
add more api 2019-03-07 11:39:54 +08:00			`}`
			`if len(lpCommandLine) > 0 {`
			`commandLine = uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(lpCommandLine)))`
			`}`
			`if len(lpCurrentDirectory) > 0 {`
			`workingDir = uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(lpCurrentDirectory)))`
			`}`
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`r, _, errno := syscall.Syscall12(CPAU, 11, uintptr(hToken), applicationName,`
add more api 2019-03-07 11:39:54 +08:00			`commandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, uintptr(dwCreationFlags), uintptr(lpEnvironment),`
			`workingDir, uintptr(unsafe.Pointer(lpStartupInfo)), uintptr(unsafe.Pointer(lpProcessInformation)), 0)`
			`if r == 0 {`
new function add 2021-09-01 11:03:37 +08:00			`return error(errno)`
add more api 2019-03-07 11:39:54 +08:00			`}`
			`return nil`
			`}`
			`func GetTokenInformation(TokenHandle HANDLE, TokenInformationClass, TokenInformation,`
			`TokenInformationLength uintptr, ReturnLength *uintptr) error {`
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`GTI, err := getProcAddr("advapi32.dll", "GetTokenInformation")`
add more api 2019-03-07 11:39:54 +08:00			`if err != nil {`
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`return err`
			`}`
			`if r, _, errno := syscall.Syscall6(GTI, 5, uintptr(TokenHandle), TokenInformationClass,`
			`TokenInformation, TokenInformationLength, uintptr(unsafe.Pointer(ReturnLength)), 0); r == 0 {`
			`return error(errno)`
add more api 2019-03-07 11:39:54 +08:00			`}`
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`return nil`
			`}`

			`func GetUserName() (string, error) {`
			`gun, err := getProcAddr("advapi32.dll", "GetUserNameW")`
add more api 2019-03-07 11:39:54 +08:00			`if err != nil {`
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00			`return "", err`
add more api 2019-03-07 11:39:54 +08:00			`}`
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00
			`size := uint32(64)`
			`for {`
			`buf := make([]uint16, size)`
			`n := uint32(len(buf))`
			`r, _, errno := syscall.Syscall(gun, 2, uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&n)), 0)`
			`if r != 0 {`
			`return syscall.UTF16ToString(buf), nil`
			`}`
			`if errno == syscall.ERROR_INSUFFICIENT_BUFFER {`
			`if n > size {`
			`size = n`
			`} else {`
			`size *= 2`
			`}`
			`continue`
			`}`
			`if errno != 0 {`
			`return "", error(errno)`
			`}`
			`return "", syscall.EINVAL`
			`}`
			`}`

			`func OpenProcessToken(ProcessHandle HANDLE, DesiredAccess DWORD, TokenHandle *TOKEN) error {`
			`if TokenHandle == nil {`
			`return syscall.EINVAL`
			`}`
			`proc, err := getProcAddr("advapi32.dll", "OpenProcessToken")`
			`if err != nil {`
			`return err`
			`}`
			`r, _, errno := syscall.Syscall(proc, 3, uintptr(ProcessHandle), uintptr(DesiredAccess), uintptr(unsafe.Pointer(TokenHandle)))`
			`if r == 0 {`
			`if errno != 0 {`
			`return error(errno)`
			`}`
			`return syscall.EINVAL`
			`}`
			`return nil`
			`}`

			`func CheckTokenMembership(tokenHandle HANDLE, sidToCheck unsafe.Pointer) (bool, error) {`
			`if sidToCheck == nil {`
			`return false, syscall.EINVAL`
			`}`
			`proc, err := getProcAddr("advapi32.dll", "CheckTokenMembership")`
			`if err != nil {`
			`return false, err`
			`}`
			`var isMember int32`
			`r, _, errno := syscall.Syscall(proc, 3,`
			`uintptr(tokenHandle),`
			`uintptr(sidToCheck),`
			`uintptr(unsafe.Pointer(&isMember)),`
			`)`
			`if r == 0 {`
			`if errno != 0 {`
			`return false, error(errno)`
			`}`
			`return false, syscall.EINVAL`
			`}`
			`return isMember != 0, nil`
			`}`

			`func LookupPrivilegeValue(lpSystemName, lpName string, lpLuid *LUID) error {`
			`if lpLuid == nil {`
			`return syscall.EINVAL`
			`}`
			`proc, err := getProcAddr("advapi32.dll", "LookupPrivilegeValueW")`
			`if err != nil {`
			`return err`
			`}`

			`var systemNamePtr uintptr`
			`if len(lpSystemName) > 0 {`
			`systemNamePtr = uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(lpSystemName)))`
			`}`
			`r, _, errno := syscall.Syscall(proc, 3,`
			`systemNamePtr,`
			`uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(lpName))),`
			`uintptr(unsafe.Pointer(lpLuid)),`
			`)`
			`if r == 0 {`
			`if errno != 0 {`
			`return error(errno)`
			`}`
			`return syscall.EINVAL`
			`}`
			`return nil`
			`}`

			`func AdjustTokenPrivileges(TokenHandle TOKEN, DisableAllPrivileges bool, NewState *TOKEN_PRIVILEGES, BufferLength DWORD,`
			`PreviousState TOKEN_PRIVILEGES, ReturnLength DWORD) error {`
			`proc, err := getProcAddr("advapi32.dll", "AdjustTokenPrivileges")`
			`if err != nil {`
			`return err`
			`}`

			`disableAll := uintptr(0)`
			`if DisableAllPrivileges {`
			`disableAll = 1`
			`}`
			`r, _, errno := syscall.Syscall6(proc, 6,`
			`uintptr(TokenHandle),`
			`disableAll,`
			`uintptr(unsafe.Pointer(NewState)),`
			`uintptr(BufferLength),`
			`uintptr(unsafe.Pointer(PreviousState)),`
			`uintptr(unsafe.Pointer(ReturnLength)),`
			`)`
			`if r == 0 {`
			`if errno != 0 {`
			`return error(errno)`
			`}`
			`return syscall.EINVAL`
			`}`
			`if errno == windows.ERROR_NOT_ALL_ASSIGNED {`
new function add 2021-09-01 11:03:37 +08:00			`return error(errno)`
add more api 2019-03-07 11:39:54 +08:00			`}`
			`return nil`
			`}`
修正 Win32 封装语义并补齐关键结构体/进程测试覆盖 - 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义，修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程，并保留显式开启的 cmd.exe 集成覆盖 2026-06-06 17:46:02 +08:00
			`func RevertToSelf() error {`
			`proc, err := getProcAddr("advapi32.dll", "RevertToSelf")`
			`if err != nil {`
			`return err`
			`}`
			`r, _, errno := syscall.Syscall(proc, 0, 0, 0, 0)`
			`if r == 0 {`
			`if errno != 0 {`
			`return error(errno)`
			`}`
			`return syscall.EINVAL`
			`}`
			`return nil`
			`}`

			`func CreateProcessWithToken(hToken TOKEN, dwLogonFlags DWORD, lpApplicationName, lpCommandLine string,`
			`dwCreationFlags DWORD, lpEnvironment HANDLE, lpCurrentDirectory string,`
			`lpStartupInfo StartupInfo, lpProcessInformation ProcessInformation) error {`
			`var (`
			`applicationName uintptr`
			`commandLine uintptr`
			`currentDir uintptr`
			`)`
			`if len(lpApplicationName) > 0 {`
			`applicationName = uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(lpApplicationName)))`
			`}`
			`if len(lpCommandLine) > 0 {`
			`commandLine = uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(lpCommandLine)))`
			`}`
			`if len(lpCurrentDirectory) > 0 {`
			`currentDir = uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(lpCurrentDirectory)))`
			`}`

			`proc, err := getProcAddr("advapi32.dll", "CreateProcessWithTokenW")`
			`if err != nil {`
			`return err`
			`}`
			`r, _, errno := syscall.Syscall12(proc, 9,`
			`uintptr(hToken),`
			`uintptr(dwLogonFlags),`
			`applicationName,`
			`commandLine,`
			`uintptr(dwCreationFlags),`
			`uintptr(lpEnvironment),`
			`currentDir,`
			`uintptr(unsafe.Pointer(lpStartupInfo)),`
			`uintptr(unsafe.Pointer(lpProcessInformation)),`
			`0,`
			`0,`
			`0,`
			`)`
			`if r == 0 {`
			`if errno != 0 {`
			`return error(errno)`
			`}`
			`return syscall.EINVAL`
			`}`
			`return nil`
			`}`

			`func IsTokenElevated(token TOKEN) (bool, error) {`
			`var elevation TOKEN_ELEVATION`
			`var retLen uintptr`
			`if err := GetTokenInformation(`
			`HANDLE(token),`
			`TokenElevation,`
			`uintptr(unsafe.Pointer(&elevation)),`
			`uintptr(unsafe.Sizeof(elevation)),`
			`&retLen,`
			`); err != nil {`
			`return false, err`
			`}`
			`return elevation.TokenIsElevated != 0, nil`
			`}`

			`func IsCurrentProcessElevated() (bool, error) {`
			`processHandle, err := syscall.GetCurrentProcess()`
			`if err != nil {`
			`return false, err`
			`}`
			`var token TOKEN`
			`if err := OpenProcessToken(HANDLE(processHandle), TOKEN_QUERY, &token); err != nil {`
			`return false, err`
			`}`
			`defer func() {`
			`_ = CloseHandle(HANDLE(token))`
			`}()`
			`return IsTokenElevated(token)`
			`}`

			`func IsCurrentUserInAdminGroup() (bool, error) {`
			`adminSID, err := windows.CreateWellKnownSid(windows.WinBuiltinAdministratorsSid)`
			`if err != nil {`
			`return false, err`
			`}`

			`// Passing tokenHandle=0 lets Windows use the calling thread/process effective token.`
			`return CheckTokenMembership(0, unsafe.Pointer(adminSID))`
			`}`