#ifndef _NTRTL_H
#if (PHNT_VERSION >= PHNT_WINBLUE)
NTSYSAPI
NTSTATUS
NTAPI
RtlQueryPackageIdentityEx(
_In_ HANDLE TokenHandle,
_Out_writes_bytes_to_(*PackageSize, *PackageSize) PWSTR PackageFullName,
_Inout_ PSIZE_T PackageSize,
_Out_writes_bytes_to_opt_(*AppIdSize, *AppIdSize) PWSTR AppId,
_Inout_opt_ PSIZE_T AppIdSize,
_Out_opt_ PGUID DynamicId,
_Out_opt_ PULONG64 Flags
);
View code on GitHub
Queries package identity information for a token. This function is documented in Windows Driver Kit.
TokenHandle
- a handle to a token or one of the supported pseudo-handles (see below). The handle must grant TOKEN_QUERY
access.PackageFullName
- an optional pointer to user-allocated buffer that receives the full name of the package.PackageSize
- an optional pointer to a variable that specifies the size of the PackageFullName
buffer in bytes and receives the number of bytes written.AppId
- an optional pointer to user-allocated buffer that receives the relative application user model ID of the package.AppIdSize
- an optional pointer to a variable that specifies the size of the AppId
buffer in bytes and receives the number of bytes written.DynamicId
- an optional pointer to a variable that receives the dynamic ID of the application.Flags
- an optional pointer to a variable that receives package claim flags. To interpret this value, cast it to PS_PKG_CLAIM
.This function supports the following pseudo-handle values:
NtCurrentProcessToken
- performs the query on the primary token of the calling process.NtCurrentThreadToken
- performs the query on the impersonation token of the calling thread. The function fails if the thread is not impersonating.NtCurrentThreadEffectiveToken
- performs the query on the impersonation token of the calling thread, if present. Otherwise, the function uses the primary token of the calling process.STATUS_NOT_FOUND
- the token doesn't have package identity attributes.This function calls NtQuerySecurityAttributesToken
and reads the values of the WIN://SYSAPPID
and WIN://PKG
attributes.
Alternatively to using NtQuerySecurityAttributesToken
, you can also enumerate all security attributes via NtQueryInformationToken
with TokenSecurityAttributes
and retrieve the values from there.
This function was introduced in Windows 8.1.