Additional helpful pseudo-handles: The process token, the thread token, and the effective token

Raymond Chen

January 5th, 20211 0

In addition to the pseudo-handles produced by Get­Current­Process() and Get­Current­Thread(), there are also pseudo-handles for tokens.

Function Equivalent
GetCurrentProcessToken OpenProcessToken(GetCurrentProcess())
GetCurrentThreadToken OpenThreadToken(GetCurrentThread())
GetCurrentThreadEffectiveToken OpenThreadToken(GetCurrentThread()) +
OpenProcessToken(GetCurrentProcess())

These pseudo-handles are handy because they can be obtained quickly and don’t need to be closed. You usually use them for quick one-shot queries.

The thread effective token is particularly useful because getting the thread effective token is normally a bit of a hassle. You first try to get the thread token, to see if the thread is impersonating. If that fails, then you fall back to the process token. This is an annoying bit of boilerplate that can be avoided by going straight to GetCurrentThreadEffectiveToken().

Well look at an example next time.

Bonus chatter: These token pseudo-handles are even more pseudo than your regular pseudo-handles. They basically work only for Get­Token­Information. You can’t use them with DuplicateHandle, for example.

Raymond Chen

Read next

1 comment

Discussion is closed. Login to edit/delete existing comments.

  • Henke37 0

    So much for simplifying the privilege enabling code everyone uses then.

Feedback usabilla icon