{"id":104667,"date":"2021-01-05T07:00:00","date_gmt":"2021-01-05T15:00:00","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/oldnewthing\/?p=104667"},"modified":"2021-01-05T08:21:53","modified_gmt":"2021-01-05T16:21:53","slug":"20210105-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20210105-00\/?p=104667","title":{"rendered":"Additional helpful pseudo-handles: The process token, the thread token, and the effective token"},"content":{"rendered":"<p>In addition to the pseudo-handles produced by <code>Get\u00adCurrent\u00adProcess()<\/code> and <code>Get\u00adCurrent\u00adThread()<\/code>, there are also pseudo-handles for tokens.<\/p>\n<table class=\"cp3\" style=\"border-collapse: collapse;\" border=\"1\" cellspacing=\"0\" cellpadding=\"3\">\n<tbody>\n<tr>\n<th>Function<\/th>\n<th>Equivalent<\/th>\n<\/tr>\n<tr>\n<td><code>GetCurrentProcessToken<\/code><\/td>\n<td><code>OpenProcessToken(GetCurrentProcess())<\/code><\/td>\n<\/tr>\n<tr>\n<td><code>GetCurrentThreadToken<\/code><\/td>\n<td><code>OpenThreadToken(GetCurrentThread())<\/code><\/td>\n<\/tr>\n<tr>\n<td><code>GetCurrentThreadEffectiveToken<\/code><\/td>\n<td><code>OpenThreadToken(GetCurrentThread())<\/code> +<br \/>\n<code>OpenProcessToken(GetCurrentProcess())<\/code><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>These pseudo-handles are handy because they can be obtained quickly and don&#8217;t need to be closed. You usually use them for quick one-shot queries.<\/p>\n<p>The thread effective token is particularly useful because getting the thread effective token is normally a bit of a hassle. You first try to get the thread token, to see if the thread is impersonating. If that fails, then you fall back to the process token. This is an annoying bit of boilerplate that can be avoided by going straight to <code>GetCurrentThreadEffectiveToken()<\/code>.<\/p>\n<p>Well look at an example next time.<\/p>\n<p><b>Bonus chatter<\/b>: These token pseudo-handles are even more pseudo than your regular pseudo-handles. They basically work only for <code>Get\u00adToken\u00adInformation<\/code>. You can&#8217;t use them with <code>DuplicateHandle<\/code>, for example.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>For quick queries.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-104667","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-code"],"acf":[],"blog_post_summary":"<p>For quick queries.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/104667","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=104667"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/104667\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=104667"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=104667"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=104667"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}