January 5th, 2021

Additional helpful pseudo-handles: The process token, the thread token, and the effective token

Raymond Chen
Raymond Chen

In addition to the pseudo-handles produced by Get­Current­Process() and Get­Current­Thread(), there are also pseudo-handles for tokens.

Function Equivalent
GetCurrentProcessToken OpenProcessToken(GetCurrentProcess())
GetCurrentThreadToken OpenThreadToken(GetCurrentThread())
GetCurrentThreadEffectiveToken OpenThreadToken(GetCurrentThread()) +
OpenProcessToken(GetCurrentProcess())

These pseudo-handles are handy because they can be obtained quickly and don’t need to be closed. You usually use them for quick one-shot queries.

The thread effective token is particularly useful because getting the thread effective token is normally a bit of a hassle. You first try to get the thread token, to see if the thread is impersonating. If that fails, then you fall back to the process token. This is an annoying bit of boilerplate that can be avoided by going straight to GetCurrentThreadEffectiveToken().

Well look at an example next time.

Bonus chatter: These token pseudo-handles are even more pseudo than your regular pseudo-handles. They basically work only for Get­Token­Information. You can’t use them with DuplicateHandle, for example.

Category
Old New Thing
Topics
Code

Author

Raymond Chen

Raymond has been involved in the evolution of Windows for more than 30 years. In 2003, he began a Web site known as The Old New Thing which has grown in popularity far beyond his wildest imagination, a development which still gives him the heebie-jeebies. The Web site spawned a book, coincidentally also titled The Old New Thing (Addison Wesley 2007). He occasionally appears on the Windows Dev Docs Twitter account to tell stories which convey no useful information.

1 comment

Discussion is closed. Login to edit/delete existing comments.

Newest
Newest Popular Oldest
  • Henke37

    So much for simplifying the privilege enabling code everyone uses then.

Read next