PsReferenceImpersonationToken - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers
// ntifs.h

PACCESS_TOKEN PsReferenceImpersonationToken(
  [in, out] PETHREAD                      Thread,
  [out]     PBOOLEAN                      CopyOnOpen,
  [out]     PBOOLEAN                      EffectiveOnly,
  [out]     PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
);

View the official Windows Driver Kit DDI reference

NtDoc

No description available.

Windows Driver Kit DDI reference (nf-ntifs-psreferenceimpersonationtoken)

PsReferenceImpersonationToken function

Description

The PsReferenceImpersonationToken routine increments the reference count of the impersonation token for the specified thread.

Parameters

Thread [in, out]

Address of the thread whose impersonation token's reference count is to be incremented.

CopyOnOpen [out]

Pointer to a caller-allocated Boolean variable. On return, this parameter receives TRUE if the token cannot be opened directly. In this case, the token must be duplicated, and the duplicate token must be used instead. If the token can be opened directly, this parameter receives FALSE.

EffectiveOnly [out]

Pointer to a caller-allocated Boolean variable. On return, this parameter receives FALSE if the thread is allowed to enable groups and privileges that are currently disabled in the client security context, TRUE otherwise.

ImpersonationLevel [out]

Pointer to a caller-allocated SECURITY_IMPERSONATION_LEVEL variable. On return, this parameter receives a value that specifies the impersonation level at which the thread is allowed to access the token.

Return value

PsReferenceImpersonationToken returns a pointer to the impersonation token for the given thread. If the thread is not currently impersonating a client, a NULL pointer is returned.

Remarks

If the thread is currently impersonating a client, PsReferenceImpersonationToken increments the reference count of the impersonation token and returns a pointer to the token. If the returned pointer is non-NULL, the impersonation token's reference count must be decremented by calling one of the following functions:

For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK.

See also

ObDereferenceObject

PsDereferenceImpersonationToken

PsImpersonateClient

SECURITY_IMPERSONATION_LEVEL