The SeQueryInformationToken routine retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information.
NTSTATUS SeQueryInformationToken( PACCESS_TOKEN Token, TOKEN_INFORMATION_CLASS TokenInformationClass, PVOID *TokenInformation );
A pointer to an access token from which information is to be retrieved. If TokenInformationClass is set to TokenSource, the handle must have TOKEN_QUERY_SOURCE access. For all other TokenInformationClass values, the handle must have TOKEN_QUERY access.
A value from the TOKEN_INFORMATION_CLASS enumerated type that identifies the type of information to be retrieved.
If STATUS_SUCCESS is returned, TokenInformation receives a pointer to a location that contains the address of a buffer that holds the requested information. The format of this information buffer depends upon the value of TokenInformationClass, as shown in the following table. Be aware that the buffer is allocated by SeQueryInformationToken from paged pool. This buffer must eventually be freed by the caller by using ExFreePool.
|TokenDefaultDacl||The buffer receives a TOKEN_DEFAULT_DACL structure that contains the default DACL for newly created objects.|
|TokenGroups||The buffer receives a TOKEN_GROUPS structure that contains the group accounts associated with the token.|
|TokenImpersonationLevel||The buffer receives a SECURITY_IMPERSONATION_LEVEL value which indicates the impersonation level of the token. If the access token is not an impersonation token, the call to SeQueryInformationToken fails.|
|TokenOwner||The buffer receives a TOKEN_OWNER structure that contains the default owner security identifier (SID) for newly created objects.|
|TokenPrimaryGroup||The buffer receives a TOKEN_PRIMARY_GROUP structure that contains the default primary group SID for newly created objects.|
|TokenPrivileges||The buffer receives a TOKEN_PRIVILEGES structure that contains the token's privileges.|
|TokenSessionId||The buffer receives a DWORD value (not a pointer to it) that indicates the Terminal Services session identifier that is associated with the token. If the token is associated with the Terminal Server console session, the session identifier is zero. A nonzero session identifier indicates a Terminal Services client session. In a non-Terminal Services environment, the session identifier is zero.|
|TokenSource||The buffer receives a TOKEN_SOURCE structure that contains the source of the token. TOKEN_QUERY_SOURCE access is needed to retrieve this information.|
|TokenStatistics||The buffer receives a TOKEN_STATISTICS structure that contains various token statistics.|
|TokenType||The buffer receives a TOKEN_TYPE value that indicates whether the token is a primary or impersonation token.|
|TokenUser||The buffer receives a TOKEN_USER structure that contains the token's user account.|
|TokenIntegrityLevel||The buffer receives a DWORD value (not a pointer to it) that specifies the token’s integrity level.|
||The call to SeQueryInformationToken succeeded.|
||An invalid value was supplied for TokenInformationClass.|
For more information about security and access control, see the documentation about these topics in the Microsoft Windows SDK.
|Minimum supported client||This routine is available on Microsoft Windows 2000 and later versions of the operating system.|
|Header||ntifs.h (include Ntifs.h)|
We'd love to hear your thoughts. Choose the type you'd like to provide:
Our feedback system is built on GitHub Issues. Read more on our blog.