NtCurrentThreadEffectiveToken - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTPSAPI_H
// Processes
#if (PHNT_MODE != PHNT_MODE_KERNEL)

#define NtCurrentThreadEffectiveToken() ((HANDLE)(LONG_PTR)-6) // NtOpenThreadToken(NtCurrentThread()) + NtOpenProcessToken(NtCurrentProcess())

#endif
#endif

View code on GitHub

This macro defines a pseudo-handle that allows querying information about the effective token token of the calling thread without explicitly opening it. The effective token is the thread token when the thread is impersonating or the process token otherwise.

Applicable to

Remarks

Note that as opposed to NtCurrentProcess and NtCurrentThread, the system does not accept token pseudo-handles outside of the token-querying function.

Required OS version

This macro was introduced in Windows 8.

See also

Edit description on GitHub