The OpenThreadToken function opens the access token associated with a thread.
BOOL WINAPI OpenThreadToken( _In_ HANDLE ThreadHandle, _In_ DWORD DesiredAccess, _In_ BOOL OpenAsSelf, _Out_ PHANDLE TokenHandle );
- ThreadHandle [in]
A handle to the thread whose access token is opened.
- DesiredAccess [in]
Specifies an access mask that specifies the requested types of access to the access token. These requested access types are reconciled against the token's discretionary access control list (DACL) to determine which accesses are granted or denied.
For a list of access rights for access tokens, see Access Rights for Access-Token Objects.
- OpenAsSelf [in]
TRUE if the access check is to be made against the process-level security context.
FALSE if the access check is to be made against the current security context of the thread calling the OpenThreadToken function.
The OpenAsSelf parameter allows the caller of this function to open the access token of a specified thread when the caller is impersonating a token at SecurityIdentification level. Without this parameter, the calling thread cannot open the access token on the specified thread because it is impossible to open executive-level objects by using the SecurityIdentification impersonation level.
- TokenHandle [out]
A pointer to a variable that receives the handle to the newly opened access token.
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError. If the token has the anonymous impersonation level, the token will not be opened and OpenThreadToken sets ERROR_CANT_OPEN_ANONYMOUS as the error.
Tokens with the anonymous impersonation level cannot be opened.
Close the access token handle returned through the TokenHandle parameter by calling CloseHandle.
Minimum supported client
|Windows XP [desktop apps only]|
Minimum supported server
|Windows Server 2003 [desktop apps only]|
- Access Control Overview
- Basic Access Control Functions