Try with TOKEN_READ instead of TOKEN_QUERY in OpenProcessToken.
Hereafter there is a piece of code I am using in a driver:
//
// We start checking THREAD TOKEN to handle impersonization if any
//
status = ZwOpenThreadToken(
NtCurrentThread(), // IN HANDLE ThreadHandle,
TOKEN_READ, // IN ACCESS_MASK DesiredAccess,
TRUE, // TRUE: Use thread context
&hToken); // OUT PHANDLE TokenHandle
if (!NT_SUCCESS(status)) {
if (status == STATUS_NO_TOKEN) {
//
// An attempt was made to reference a token that doesn’t exist.
// This is typically done by referencing the token associated
// with a thread when the thread is not impersonating a client.
// In this case we try to open PROCESS TOKEN
//
status = ZwOpenProcessToken(
NtCurrentProcess(), // IN HANDLE ProcessHandle,
TOKEN_READ, // IN ACCESS_MASK DesiredAccess,
&hToken); // OUT PHANDLE TokenHandle
}
}
//
// Back with error if token handle NOT got,
if (!NT_SUCCESS(status)) {
KdPrint(( “NtOpenThread/ProcessToken error 0x%X\n”, status));
return status;
}
KdPrint(( “Token handle 0x%X\n”, hToken));
//
// Now read the USER ACCESS TOKEN
//
status = ZwQueryInformationToken (
hToken, // IN HANDLE TokenHandle,
TokenUser, // IN TOKEN_INFORMATION_CLASS TokenInformationClass,
acTokenInfo, // OUT PVOID TokenInformation,
sizeof( acTokenInfo), // IN ULONG TokenInformationLength,
&dwInfoLen); // OUT PULONG ReturnLength
if (!NT_SUCCESS(status))
-----Original Message-----
From: xxxxx@emc.com
To: NT Developers Interest List
Date: giovedì 20 luglio 2000 18.52
Subject: [ntdev] NT Security
>
>Trying to get a users SID (Security Identifier) from it’s access token.
>fails on GetTokenInformation() - Any ideas.
>
>
>HANDLE hProcess = GetCurrentProcess();
>HANDLE hToken = NULL
>
>OpenProcessToken(hProcess, TOKEN_QUERY, &hToken); /* completes ok*/
>
>PSID pSidUser = NULL;
>
>unsigned long nSize = sizeof(SID);
>
>GetTokenInformation(hToken, TokenOwner, pSidUser, nSize, &nSize)) /* return
>false*/
>
>
>???
>
>
>—
>You are currently subscribed to ntdev as: xxxxx@tin.it
>To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
>