NtPrivilegeCheck - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTSEAPI_H
/**
* The NtPrivilegeCheck routine determines whether a specified set of privileges are enabled in the access token of a client.
*
* \param ClientToken Handle to the access token of the client whose privileges are to be checked. The handle must have TOKEN_QUERY access.
* \param RequiredPrivileges Pointer to a PRIVILEGE_SET structure that specifies the set of privileges to be checked. On input, this structure contains the privileges to check.
* \param Result Pointer to a BOOLEAN variable that receives TRUE if all specified privileges are enabled, or FALSE otherwise.
* \return NTSTATUS Successful or errant status.
* \sa https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-privilegecheck
*/
NTSYSCALLAPI
NTSTATUS
NTAPI
NtPrivilegeCheck(
_In_ HANDLE ClientToken,
_Inout_ PPRIVILEGE_SET RequiredPrivileges,
_Out_ PBOOLEAN Result
);
View code on GitHub#ifndef _NTZWAPI_H
NTSYSCALLAPI
NTSTATUS
NTAPI
ZwPrivilegeCheck(
_In_ HANDLE ClientToken,
_Inout_ PPRIVILEGE_SET RequiredPrivileges,
_Out_ PBOOLEAN Result
);
View code on GitHub// ntifs.h
__kernel_entry NTSYSCALLAPI NTSTATUS NtPrivilegeCheck(
[in] HANDLE ClientToken,
[in, out] PPRIVILEGE_SET RequiredPrivileges,
[out] PBOOLEAN Result
);
View the official Windows Driver Kit DDI referenceNo description available.
NtPrivilegeCheck is reserved for system use.
ClientToken [in]A handle to a token object representing a client attempting access. This handle must be obtained from a communication session layer, such as from an LPC Port or Local Named Pipe, to prevent possible security policy violations.
RequiredPrivileges [in, out]Pointer to a PRIVILEGE_SET structure. The Privilege member of this structure is an array of LUID_AND_ATTRIBUTES structures. Before calling SePrivilegeCheck, use the Privilege array to indicate the set of privileges to check. Set the Control member to PRIVILEGE_SET_ALL_NECESSARY if all of the privileges must be enabled; or set it to zero if it is sufficient that any one of the privileges be enabled.
Result [out]Receives a boolean flag indicating whether the client has all the specified privileges. A value of TRUE indicates the client has all the specified privileges; otherwise a value of FALSE is returned.
NtPrivilegeCheck returns STATUS_SUCCESS on successful completion. Otherwise, it returns an error code, such as the following.
| Return code | Description |
|---|---|
| STATUS_PRIVILEGE_NOT_HELD | The caller does not have sufficient privilege to use this privileged system service. |
An access token contains a list of the privileges held by the account associated with the token. These privileges can be enabled or disabled; most are disabled by default. NtPrivilegeCheck checks only for enabled privileges. To get a list of all the enabled and disabled privileges held by an access token, call SeQueryInformationToken.
For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK.
This function is documented in Windows Driver Kit.
Function NtPrivilegeCheck is used to check state of any privileges in Token Object. It's also described in Microsoft SDK as PrivilegeCheck.
HANDLE to Token Object opened with TOKEN_QUERY access.
Pointer to PRIVILEGE_SET structure contains definitions of privileges to check.
Result of call - pointer to BOOLEAN value containing TRUE is all asked privileges are enabled.