Getuidx64 Require Administrator Privileges - Better

The specific reason getuidx64 might require administrator privileges depends on its exact purpose and how it's implemented. Generally, operations that require elevated privileges do so because they:

The "x64" suffix implies a compiled binary for 64-bit architectures. On modern x64 Windows systems with features like Kernel Patch Protection (PatchGuard), user-mode tools often rely on specific drivers or deep system calls to gather certain identifiers. getuidx64 require administrator privileges better

Loading drivers or interacting with the kernel memory space requires elevation. If getuidx64 attempts to resolve kernel callbacks or walk system structures manually to find user identifiers (a technique common in advanced EDR evasion), it must be Elevated. Loading drivers or interacting with the kernel memory

| Scenario | Required Rights | Admin Needed? | |----------|----------------|----------------| | Query own current process token (limited user) | TOKEN_QUERY on self | ❌ No | | Query own token, then get linked UAC token | TOKEN_QUERY + SeTcbPrivilege | ✅ Yes | | Query another process owned by same user | PROCESS_QUERY_LIMITED_INFORMATION | ❌ No | | Query another process owned by different user (including SYSTEM) | PROCESS_QUERY_LIMITED_INFORMATION + SeDebugPrivilege or SeBackupPrivilege | ✅ Yes | | Query token of a process in another session (e.g., session 0 isolation) | Requires PROCESS_QUERY_LIMITED_INFORMATION + cross-session policy | ✅ Yes (admin or LocalSystem) | | Write to global cache file in ProgramData or C:\Windows | File write permissions | ✅ Yes (unless ACL modified) | getuidx64 require administrator privileges better