NtAdjustPrivilegesToken - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTSEAPI_H
/**
* The NtAdjustPrivilegesToken routine enables or disables privileges in the specified access token.
*
* @param TokenHandle Handle to the token that contains the privileges to be modified. The handle must have TOKEN_ADJUST_PRIVILEGES access.
* @param DisableAllPrivileges Specifies whether the function disables all of the token's privileges. If this value is TRUE, the function disables all privileges and ignores the NewState parameter.
* If it is FALSE, the function modifies privileges based on the information pointed to by the NewState parameter.
* @param NewState A pointer to a TOKEN_PRIVILEGES structure that specifies an array of privileges and their attributes. If DisableAllPrivileges is TRUE, the function ignores this parameter.
* @param BufferLength Specifies the size, in bytes, of the buffer pointed to by the PreviousState parameter. This parameter can be zero if the PreviousState parameter is NULL.
* @param PreviousState A pointer to a buffer that the function fills with a TOKEN_PRIVILEGES structure that contains the previous state of any privileges that the function modifies.
* @param ReturnLength A pointer to a variable that receives the required size, in bytes, of the buffer pointed to by the PreviousState parameter. This parameter can be NULL if PreviousState is NULL.
* @return NTSTATUS Successful or errant status.
* @remarks https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-adjusttokenprivileges
*/
NTSYSCALLAPI
NTSTATUS
NTAPI
NtAdjustPrivilegesToken(
_In_ HANDLE TokenHandle,
_In_ BOOLEAN DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES NewState,
_In_ ULONG BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
_Out_opt_ PULONG ReturnLength
);
View code on GitHub#ifndef _NTZWAPI_H
NTSYSCALLAPI
NTSTATUS
NTAPI
ZwAdjustPrivilegesToken(
_In_ HANDLE TokenHandle,
_In_ BOOLEAN DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES NewState,
_In_ ULONG BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
_Out_opt_ PULONG ReturnLength
);
View code on GitHubEnables, disables, or removes privileges from the token.
TokenHandle - a handle to the token. The handle must grant TOKEN_ADJUST_PRIVILEGES access. Additionally, the handle must grant TOKEN_QUERY when the caller provides the PreviousState buffer.DisableAllPrivileges - a boolean indicating if the function should disable all privileges present in the token.NewState - an optional pointer to a collection of privilege LUIDs with their desired states, such as SE_PRIVILEGE_DISABLED (0), SE_PRIVILEGE_ENABLED, or SE_PRIVILEGE_REMOVED.BufferLength - the size of the PreviousState buffer in bytes.PreviousState - an optional pointer to a user-allocated buffer that receives the state of token privileges prior to adjustment.ReturnLength - an optional pointer to a variable that receives the number of bytes written to the PreviousState buffer when the function succeeds or the number of bytes requires when the buffer is too small.STATUS_NOT_ALL_ASSIGNED - this successful status indicates that not all of the requested privileges were adjusted, such as when they are not present or cannot be enabled.STATUS_BUFFER_TOO_SMALL - the previous state data does not fit into the provided buffer.Disabled privileges are not taken into account during access checks. Some privileges cannot be enabled when token integrity level is too low. Removing privileges in an irreversible operation because this function can only enable privileges that are already present in the token.
Note that this function does not support token pseudo-handles such as NtCurrentProcessToken. If you want to adjust the current process/thread token, you need to open it first.