In addition to the pseudo-handles produced by GetÂCurrentÂProcess()
and GetÂCurrentÂThread()
, there are also pseudo-handles for tokens.
Function | Equivalent |
---|---|
GetCurrentProcessToken |
OpenProcessToken(GetCurrentProcess()) |
GetCurrentThreadToken |
OpenThreadToken(GetCurrentThread()) |
GetCurrentThreadEffectiveToken |
OpenThreadToken(GetCurrentThread()) +OpenProcessToken(GetCurrentProcess()) |
These pseudo-handles are handy because they can be obtained quickly and don’t need to be closed. You usually use them for quick one-shot queries.
The thread effective token is particularly useful because getting the thread effective token is normally a bit of a hassle. You first try to get the thread token, to see if the thread is impersonating. If that fails, then you fall back to the process token. This is an annoying bit of boilerplate that can be avoided by going straight to GetCurrentThreadEffectiveToken()
.
Well look at an example next time.
Bonus chatter: These token pseudo-handles are even more pseudo than your regular pseudo-handles. They basically work only for GetÂTokenÂInformation
. You can’t use them with DuplicateHandle
, for example.
So much for simplifying the privilege enabling code everyone uses then.