GetTokenInformation
Namespace: Windows → Security → Authentication
Header: winbase.h
Library: Advapi32.lib
Synopsis
BOOL GetTokenInformation(
HANDLE TokenHandle,
TOKEN_INFORMATION_CLASS TokenInformationClass,
LPVOID TokenInformation,
DWORD TokenInformationLength,
PDWORD ReturnLength
);Parameters
| Parameter | Description |
|---|---|
TokenHandle | Handle to an access token. The handle must have TOKEN_QUERY access. |
TokenInformationClass | Specifies the type of information being requested. See TokenInformationClass. |
TokenInformation | Pointer to a buffer that receives the requested information. |
TokenInformationLength | Size of the TokenInformation buffer, in bytes. |
ReturnLength | Receives the number of bytes placed in TokenInformation. If the buffer is too small, the required size is returned here. |
Return value
Returns TRUE on success. On failure, returns FALSE. Call GetLastError for extended error information.
Remarks
- The function can retrieve a variety of token details, such as user SID, groups, privileges, and more.
- To determine the required buffer size, call the function with
TokenInformationset toNULLandTokenInformationLengthset to 0. - When requesting variable‑length data (e.g.,
TokenGroups), allocate the returned size fromReturnLength.
Example (C++)
#include <windows.h>
#include <stdio.h>
int main()
{
HANDLE token;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token)) {
printf("OpenProcessToken failed: %lu\n", GetLastError());
return 1;
}
DWORD len = 0;
GetTokenInformation(token, TokenUser, NULL, 0, &len);
PTOKEN_USER user = (PTOKEN_USER)malloc(len);
if (GetTokenInformation(token, TokenUser, user, len, &len)) {
LPTSTR sidString = NULL;
ConvertSidToStringSid(user->User.Sid, &sidString);
wprintf(L"User SID: %s\n", sidString);
LocalFree(sidString);
} else {
printf("GetTokenInformation failed: %lu\n", GetLastError());
}
free(user);
CloseHandle(token);
return 0;
}