Convert kernel handle 'PACCESS_TOKEN' into user-mode HANDLE hToken RRS feed

  • Question

  •  Hello,

    I had research in google about how convert a kernel handle 'PACCESS_TOKEN' into user-mode HANDLE hToken, I did not find anything
    How do i do ?

    i developpe a virtual disk file system and i want check security ACL access in IRP_MJ_CREATE

    In kernel mode :
    I capture PACCESS_TOKEN in SECURITY_SUBJECT_CONTEXT::client token from _IO_STACK_LOCATION::Create::SecurityContext::AccessState::SubjectSecurityContext::ClientToken;

    In user mode hToken :
    HANDLE hImpersonatedToken = NULL;
    if (::DuplicateToken(hToken, SecurityImpersonation, &hImpersonatedToken))
    mapping.GenericRead = FILE_GENERIC_READ;
    mapping.GenericWrite = FILE_GENERIC_WRITE;
    mapping.GenericExecute = FILE_GENERIC_EXECUTE;
    mapping.GenericAll = FILE_ALL_ACCESS;

            ::MapGenericMask(&genericAccessRights, &mapping);
            if (::AccessCheck(pFileSD, hImpersonatedToken, genericAccessRights, &mapping, &privileges, &privilegesLength, &grantedAccess, &result))
                bRet = (result == TRUE);


    Monday, August 19, 2019 10:51 PM

All replies

  • Back up an tell us what you are trying to do with this code.   Whatever it is this is not the way to do it.

    Don Burn Windows Driver Consulting Website:

    Monday, August 19, 2019 11:29 PM

  • The code is used to determine at the user-mode level whether
    the user has the right of access to the file according from the mask.

    For that : also i want retreive hToken from kernel SubjectSecurityContext::ClientToken

    Otherwise I have a method by capture the PID (I know how to do it) and in user-mode I call OpenProcess then OpenProcessToken, but it will take resources system,
    I prefer capture the token handle from the kernel and transfert this handle in user-mode 'hToken' into, it would be faster and more judicious.

    • Edited by Sizy458 Tuesday, August 20, 2019 8:42 AM
    Tuesday, August 20, 2019 8:37 AM