#ifndef _NTSEAPI_H

/**
 * The NtCompareTokens routine compares two access tokens to determine whether they are equivalent.
 *
 * \param FirstTokenHandle Handle to the first access token to compare. The handle must have TOKEN_QUERY access.
 * \param SecondTokenHandle Handle to the second access token to compare. The handle must have TOKEN_QUERY access.
 * \param Equal Pointer to a BOOLEAN variable that receives TRUE if the tokens are equivalent, or FALSE otherwise.
 * \return NTSTATUS Successful or errant status.
 * \sa https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-ntcomparetokens
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtCompareTokens(
    _In_ HANDLE FirstTokenHandle,
    _In_ HANDLE SecondTokenHandle,
    _Out_ PBOOLEAN Equal
    );

#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwCompareTokens(
    _In_ HANDLE FirstTokenHandle,
    _In_ HANDLE SecondTokenHandle,
    _Out_ PBOOLEAN Equal
    );

#endif
View code on GitHub

Determines if two tokens are identical for the purpose of access checks. This function is documented in Windows SDK.

Parameters

FirstTokenHandle - a handle to the first token. The handle must grant TOKEN_QUERY access.
SecondTokenHandle - a handle to the second token. The handle must grant TOKEN_QUERY access.
Equal - a pointer to a variable that receives whether the two tokens are equal.

Implementation details

The function compares the user, groups, restricting SIDs, privileges, trust level, mandatory policy, AppContainer SID, capabilities, claims, and security attributes.

Note that this function does not support token pseudo-handles such as NtCurrentProcessToken. If you want to compare the current process/thread token, you need to open it first.

NtCompareTokens - NtDoc

Parameters

Implementation details

See also