#if (PHNT_VERSION >= PHNT_WIN8)
_In_opt_ HANDLE TokenHandle,
_In_ PSID CapabilitySidToCheck,
_Out_ PBOOLEAN HasCapability
Determines if a token can pass access checks that require the specified capability SID.
TokenHandle - an optional handle to the token or one of the supported pseudo-handles (see below). The handle must grant
TOKEN_QUERY access. The function uses (opens) the current thread's effective token if the caller passes
NULL in this parameter.
CapabilitySidToCheck - a capability SID to check. The SID must satisfy the
HasCapability - a pointer to a variable that receives a boolean indicating whether the token has the capability.
This function supports the following pseudo-handle values:
NtCurrentProcessToken - performs the query on the primary token of the calling process.
NtCurrentThreadToken - performs the query on the impersonation token of the calling thread. The function fails if the thread is not impersonating.
NtCurrentThreadEffectiveToken - performs the query on the impersonation token of the calling thread, if present. Otherwise, the function uses the primary token of the calling process.
This function creates a security descriptor with a DACL that grants access to the user SID and the capability SID and performs an access checks against it via
NtAccessCheck. Therefore, unsandboxed tokens are considered to have any capability.
This function was introduced in Windows 8.