NtQueryInformationToken - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTSEAPI_H
/**
* The NtQueryInformationToken routine retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information.
*
* @param TokenHandle A handle to an existing access token from which information is to be retrieved. If TokenInformationClass is set to TokenSource, the handle must have TOKEN_QUERY_SOURCE access.
* For all other TokenInformationClass values, the handle must have TOKEN_QUERY access.
* @param TokenInformationClass A value from the TOKEN_INFORMATION_CLASS enumerated type identifying the type of information to be retrieved.
* @param TokenInformation Pointer to a caller-allocated buffer that receives the requested information about the token.
* @param TokenInformationLength Length, in bytes, of the caller-allocated TokenInformation buffer.
* @param ReturnLength Pointer to a caller-allocated variable that receives the actual length, in bytes, of the information returned in the TokenInformation buffer.
* @return NTSTATUS Successful or errant status.
* @remarks https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-ntqueryinformationtoken
*/
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryInformationToken(
_In_ HANDLE TokenHandle,
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation,
_In_ ULONG TokenInformationLength,
_Out_ PULONG ReturnLength
);
View code on GitHub#ifndef _NTZWAPI_H
NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQueryInformationToken(
_In_ HANDLE TokenHandle,
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation,
_In_ ULONG TokenInformationLength,
_Out_ PULONG ReturnLength
);
View code on GitHubQueries various information about the specified token. This function is partially documented in Windows Driver Kit here and here.
TokenHandle - a handle to the token or one of the supported pseudo-handles (see below). For most information classes, the handle must grant TOKEN_QUERY access.TokenInformationClass - the type of information to retrieve.TokenInformation - a pointer to a user-allocated buffer that receives the requested information.TokenInformationLength - the size of the provided buffer in bytes.ReturnLength - an optional pointer to a variable that receives the number of bytes written when the function succeeds or the number of bytes requires when the buffer is too small.For the list of supported info classes and required token access, see TOKEN_INFORMATION_CLASS.
This function supports the following pseudo-handle values on Windows 8 and above:
NtCurrentProcessToken - performs the query on the primary token of the calling process.NtCurrentThreadToken - performs the query on the impersonation token of the calling thread. The function fails if the thread is not impersonating.NtCurrentThreadEffectiveToken - performs the query on the impersonation token of the calling thread, if present. Otherwise, the function uses the primary token of the calling process.STATUS_BUFFER_TOO_SMALL and STATUS_INFO_LENGTH_MISMATCH indicate that the requested information does not fit into the provided buffer.STATUS_CANT_OPEN_ANONYMOUS indicates that the caller attempted to query information about the current thread token while impersonating an anonymous token.