Added method to test protected access.

Author: tyranid

NtApiDotNet/NtProcess.cs

@@ -488,6 +488,17 @@ public static NtProcess OpenCurrent()
             return Current.Duplicate();
         }
 
+        /// <summary>
+        /// Test whether a process can access another protected process.
+        /// </summary>
+        /// <param name="current">The current process.</param>
+        /// <param name="target">The target process.</param>
+        /// <returns>True if the process can be accessed.</returns>
+        public static bool TestProtectedAccess(NtProcess current, NtProcess target)
+        {
+            return NtRtl.RtlTestProtectedAccess(current.Protection.Level, target.Protection.Level);
+        }
+
         #endregion
 
         #region Public Methods
@@ -1869,6 +1880,16 @@ public NtResult<int> GetSessionId(bool throw_on_error)
                 default, throw_on_error).Map(s => s.SessionId);
         }
 
+        /// <summary>
+        /// Test whether the current process can access another protected process.
+        /// </summary>
+        /// <param name="target">The target process.</param>
+        /// <returns>True if the process can be accessed.</returns>
+        public bool TestProtectedAccess(NtProcess target)
+        {
+            return TestProtectedAccess(this, target);
+        }
+
         /// <summary>
         /// Method to query information for this object type.
         /// </summary>

NtApiDotNet/NtProcessNative.cs

@@ -758,6 +758,10 @@ public static extern NtStatus RtlCreateProcessParametersEx(
 
         [DllImport("ntdll.dll")]
         public static extern void RtlDestroyProcessParameters(IntPtr pProcessParameters);
+
+        [DllImport("ntdll.dll")]
+        [return: MarshalAs(UnmanagedType.U1)]
+        public static extern bool RtlTestProtectedAccess(byte request_level, byte target_level);
     }
 
     [Flags]