ZwOpenThreadToken

OSR_Community_User · February 13, 2011, 9:52pm

this function returns a handle to the token. If I donot close the handle with ZwClose will there be a leak in TOKE paged memory pool? I am trouble shooting this behaviour and have found a piece of code that uses ZwOpenThreadToken and doesnot close the handle. I added ZwClose to close the handle after adding this code the system hangs.

The code using ZwOpenThreadToken is trying to get the user name and domain of the thread accessing a file. Is there a better way to do this ?

BR
niladri

Doron_Holan-2 · February 13, 2011, 11:03pm

What does the stack look like when it hangs? Are you closing the handle at passive_level ?

d

dent from a phine with no keynoard

-----Original Message-----
From: xxxxx@napier.ac.uk
Sent: Sunday, February 13, 2011 6:52 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] ZwOpenThreadToken

this function returns a handle to the token. If I donot close the handle with ZwClose will there be a leak in TOKE paged memory pool? I am trouble shooting this behaviour and have found a piece of code that uses ZwOpenThreadToken and doesnot close the handle. I added ZwClose to close the handle after adding this code the system hangs.

The code using ZwOpenThreadToken is trying to get the user name and domain of the thread accessing a file. Is there a better way to do this ?

BR
niladri

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Volodymyr_M_Shcherbyna-2 · February 14, 2011, 3:45am

Yes, if you don’t call ZwClose(…) it will leak a handle. And closing it has to be done in passive level as Doron mentioned.

I have more or less same piece of code (ZwOpenThreadToken/ZwClose) and it is working for years (of course, under passive level).

Volodymyr_M_Shcherbyna-2 · February 14, 2011, 3:51am

>>The code using ZwOpenThreadToken is trying to get the user name and domain of the thread accessing a file. Is there a better way to do this ? <<

Depends on how code is doing this.

If your code checks in user SID for subsid of Domain SID (i.e., a typical use case scenarion when one uses RtlEqualPrefixSid(…)) then I guess it can have a problem when user of domain A from machine joined domain A perform login into domain B - user sid would not be a part of domain sid B, but A.