RtlQueryPackageIdentityEx - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers
#ifndef _NTRTL_H
#if (PHNT_VERSION >= PHNT_WINBLUE)

NTSYSAPI
NTSTATUS
NTAPI
RtlQueryPackageIdentityEx(
    _In_ HANDLE TokenHandle,
    _Out_writes_bytes_to_(*PackageSize, *PackageSize) PWSTR PackageFullName,
    _Inout_ PSIZE_T PackageSize,
    _Out_writes_bytes_to_opt_(*AppIdSize, *AppIdSize) PWSTR AppId,
    _Inout_opt_ PSIZE_T AppIdSize,
    _Out_opt_ PGUID DynamicId,
    _Out_opt_ PULONG64 Flags
    );

#endif
#endif

View code on GitHub

Queries package identity information for a token. This function is documented in Windows Driver Kit.

Parameters

Pseudo-handles

This function supports the following pseudo-handle values:

Notable return values

Implementation details

This function calls NtQuerySecurityAttributesToken and reads the values of the WIN://SYSAPPID and WIN://PKG attributes.

Remarks

Alternatively to using NtQuerySecurityAttributesToken, you can also enumerate all security attributes via NtQueryInformationToken with TokenSecurityAttributes and retrieve the values from there.

Required OS version

This function was introduced in Windows 8.1.

See also