TOKEN_GROUPS - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTSEAPI_H
//
// Authz
//
// begin_rev
#if (PHNT_MODE == PHNT_MODE_KERNEL)

/**
 * The TOKEN_GROUPS structure contains information about the group security identifiers (SIDs) in an access token.
 * \sa https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-token_groups
 */
typedef struct _TOKEN_GROUPS
{
    ULONG GroupCount;
    SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} TOKEN_GROUPS, *PTOKEN_GROUPS;

#endif
// end_rev
#endif

View code on GitHub
// ntifs.h

typedef struct _TOKEN_GROUPS {
  ULONG              GroupCount;
#if ...
  SID_AND_ATTRIBUTES *Groups[];
#else
  SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
#endif
} TOKEN_GROUPS, *PTOKEN_GROUPS;
View the official Windows Driver Kit DDI reference

NtDoc

No description available.

Edit description on GitHub

Windows Driver Kit DDI reference (ns-ntifs-_token_groups)

TOKEN_GROUPS structure

Description

TOKEN_GROUPS contains information about the group security identifiers (SID) in an access token.

Members

GroupCount

Specifies the number of groups in the access token.

Groups[*]

Specifies an array of SID_AND_ATTRIBUTES structures containing a set of SIDs and corresponding attributes.

Groups[ANYSIZE_ARRAY]

Specifies an array of SID_AND_ATTRIBUTES structures containing a set of SIDs and corresponding attributes.

Remarks

You can use SeFilterToken to designate one or more group SIDs as deny-only SIDs. Note that it is also possible to designate a user SID as a deny-only SID by specifying the user SID as one of the group SIDs in the TOKEN_GROUPS structure passed to SeFilterToken.

See also

SID

SID_AND_ATTRIBUTES

SeFilterToken

SeQueryInformationToken

ZwQueryInformationToken

ZwSetInformationToken

View the official Windows Driver Kit DDI reference

Edit description on GitHub