RtlQueryTokenHostIdAsUlong64 - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTRTL_H
#if (PHNT_VERSION >= PHNT_WINDOWS_10_RS4)
// rev
NTSYSAPI
NTSTATUS
NTAPI
RtlQueryTokenHostIdAsUlong64(
_In_ HANDLE TokenHandle,
_Out_ PULONG64 HostId // (WIN://PKGHOSTID)
);
View code on GitHubQueries package host ID for a token.
TokenHandle - a handle to a token or one of the supported pseudo-handles (see below). The handle must grant TOKEN_QUERY access.HostId - a pointer to a variable that receives package host ID.This function supports the following pseudo-handle values:
NtCurrentProcessToken - performs the query on the primary token of the calling process.NtCurrentThreadToken - performs the query on the impersonation token of the calling thread. The function fails if the thread is not impersonating.NtCurrentThreadEffectiveToken - performs the query on the impersonation token of the calling thread, if present. Otherwise, the function uses the primary token of the calling process.STATUS_NOT_FOUND - the token doesn't have a package host ID attribute.This function calls NtQuerySecurityAttributesToken and reads the value of the WIN://PKGHOSTID security attribute.
Alternatively to using NtQuerySecurityAttributesToken, you can also enumerate all security attributes via NtQueryInformationToken with TokenSecurityAttributes and retrieve the value from there.
This function was introduced in Windows 10 RS4 (1803).