Search
Module:
Directory

   Desktop Functions:

   Smart Device Functions:


Show Recent Changes
Subscribe (RSS)
Misc. Pages
Comments
FAQ
Helpful Tools
Playground
Suggested Reading
Website TODO List
Support Forum
Download Visual Studio Add-In

Terms of Use
Privacy Policy
OpenProcessToken (advapi32)
 
.
Summary
The OpenProcessToken function opens the access token associated with a process, using this function we can get a handle to the access token assosiated to the process, if needed we can use this hanle with GetTokenInformation Api function to get SID and other informations inside that token - for more information feel free to contact me at jacobabraham2001@yahoo.com

C# Signature:

[DllImport("advapi32.dll", SetLastError=true)]
static extern bool OpenProcessToken(IntPtr ProcessHandle,
   UInt32 DesiredAccess, out IntPtr TokenHandle);

VB Signature:

Declare Function OpenProcessToken Lib "advapi32.dll" (ProcessHandle As IntPtr, _
   DesiredAccess As Integer, ByRef TokenHandle As IntPtr) As Boolean

Notes:

None.

Tips & Tricks:

Use these for DesiredAccess

    static uint STANDARD_RIGHTS_REQUIRED = 0x000F0000;
    static uint STANDARD_RIGHTS_READ = 0x00020000;
    static uint TOKEN_ASSIGN_PRIMARY = 0x0001;
    static uint TOKEN_DUPLICATE = 0x0002;
    static uint TOKEN_IMPERSONATE = 0x0004;
    static uint TOKEN_QUERY = 0x0008;
    static uint TOKEN_QUERY_SOURCE = 0x0010;
    static uint TOKEN_ADJUST_PRIVILEGES = 0x0020;
    static uint TOKEN_ADJUST_GROUPS = 0x0040;
    static uint TOKEN_ADJUST_DEFAULT = 0x0080;
    static uint TOKEN_ADJUST_SESSIONID = 0x0100;
    static uint TOKEN_READ = (STANDARD_RIGHTS_READ | TOKEN_QUERY);
    static uint TOKEN_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY |
        TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_QUERY_SOURCE |
        TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT |
        TOKEN_ADJUST_SESSIONID);

Source

Sample Code:

    [DllImport("advapi32.dll", SetLastError = true)]
    public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle);
    private static uint STANDARD_RIGHTS_REQUIRED = 0x000F0000;
    private static uint STANDARD_RIGHTS_READ = 0x00020000;
    private static uint TOKEN_ASSIGN_PRIMARY = 0x0001;
    private static uint TOKEN_DUPLICATE = 0x0002;
    private static uint TOKEN_IMPERSONATE = 0x0004;
    private static uint TOKEN_QUERY = 0x0008;
    private static uint TOKEN_QUERY_SOURCE = 0x0010;
    private static uint TOKEN_ADJUST_PRIVILEGES = 0x0020;
    private static uint TOKEN_ADJUST_GROUPS = 0x0040;
    private static uint TOKEN_ADJUST_DEFAULT = 0x0080;
    private static uint TOKEN_ADJUST_SESSIONID = 0x0100;
    private static uint TOKEN_READ = (STANDARD_RIGHTS_READ | TOKEN_QUERY);
    private static uint TOKEN_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY |
        TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_QUERY_SOURCE |
        TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT |
        TOKEN_ADJUST_SESSIONID);

     [DllImport("advapi32.dll", SetLastError = true)]
    public static extern bool GetTokenInformation(IntPtr TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, IntPtr TokenInformation, uint TokenInformationLength, out uint ReturnLength);
    public enum TOKEN_INFORMATION_CLASS
    {
        TokenUser = 1,
        TokenGroups,
        TokenPrivileges,
        TokenOwner,
        TokenPrimaryGroup,
        TokenDefaultDacl,
        TokenSource,
        TokenType,
        TokenImpersonationLevel,
        TokenStatistics,
        TokenRestrictedSids,
        TokenSessionId,
        TokenGroupsAndPrivileges,
        TokenSessionReference,
        TokenSandBoxInert,
        TokenAuditPolicy,
        TokenOrigin
    }

    public static byte[] GetSIDByteArr(IntPtr processHandle)
    {
        int MAX_INTPTR_BYTE_ARR_SIZE = 512;
        IntPtr tokenHandle;
        byte[] sidBytes;

        // Get the Process Token
        if (!OpenProcessToken(processHandle, TOKEN_READ, out tokenHandle))
        throw new ApplicationException("Could not get process token.  Win32 Error Code: " + Marshal.GetLastWin32Error());

        uint tokenInfoLength = 0;
        bool result;
        result = GetTokenInformation(tokenHandle, TOKEN_INFORMATION_CLASS.TokenUser, IntPtr.Zero, tokenInfoLength, out tokenInfoLength);  // get the token info length
        IntPtr tokenInfo = Marshal.AllocHGlobal((int)tokenInfoLength);
        result = GetTokenInformation(tokenHandle, TOKEN_INFORMATION_CLASS.TokenUser, tokenInfo, tokenInfoLength, out tokenInfoLength);  // get the token info

        // Get the User SID
        if (result)
        {
        TOKEN_USER tokenUser = (TOKEN_USER)Marshal.PtrToStructure(tokenInfo, typeof(TOKEN_USER));
        sidBytes = new byte[MAX_INTPTR_BYTE_ARR_SIZE];  // Since I don't yet know how to be more precise w/ the size of the byte arr, it is being set to 512
        Marshal.Copy(tokenUser.User.Sid, sidBytes, 0, MAX_INTPTR_BYTE_ARR_SIZE);  // get a byte[] representation of the SID
        }
        else throw new ApplicationException("Could not get process token.  Win32 Error Code: " + Marshal.GetLastWin32Error());

        return sidBytes;
    }

    // ******** Example: Call GetSIDByteArr() *************//
    Process[] myProcesses = Process.GetProcesses();
    foreach (Process myProcess in myProcesses)
    {
        byte[] sidBytes = Utility.GetSIDByteArr(myProcess.Handle);
    }
    // ****************************************************//

Alternative Managed API:

Do you know one? Please contribute it!

Documentation

Please edit this page!

Do you have...

  • helpful tips or sample code to share for using this API in managed code?
  • corrections to the existing content?
  • variations of the signature you want to share?
  • additional languages you want to include?

Select "Edit This Page" on the right hand toolbar and edit it! Or add new pages containing supporting types needed for this API (structures, delegates, and more).

 
Access PInvoke.net directly from VS:
Terms of Use
Find References
Show Printable Version
Revisions