0

The TOKEN_USER structure contains a pointer to a Sid structure. How long does this SID live (alternatively, where is the SID stored in memory)? Is the SID stored in the TOKEN_USER structure (so it lives until this structure is dropped)?

Context

To obtain the current user SID, I open the process token using OpenProcessToken().

Then I write the user TOKEN_USER to an allocated buffer using GetTokenInformation() with TokenUser as the token information class.

A pointer to the SID is in the User.Sid field, but the documentation doesn't say where the SID is stored.

Will the SID pointer remain valid when the process token is closed? Or when the TokenUser structure is deallocated?

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
beehive
  • 1
  • 1
  • 4
    Does this answer your question? [GetTokenInformation() first call. What for?](https://stackoverflow.com/questions/3670984/gettokeninformation-first-call-what-for), specifically [this answer](https://stackoverflow.com/a/3671015/902497). The pointer points back into the memory you allocated and passed to GetTokenInformation, so you control the lifetime. – Raymond Chen Sep 06 '22 at 17:47
  • *Or when the TokenUser structure is deallocated?* - you allocate it by self. and only you can (and must at some time) deallocate it. and the sid of token is invariant – RbMm Sep 06 '22 at 21:21
  • *"must at some time deallocate it"* - A statement written by someone that doesn't understand [the purpose of garbage collection](https://devblogs.microsoft.com/oldnewthing/20100809-00/?p=13203). – IInspectable Sep 06 '22 at 23:42
  • @RaymondChen Yes, thanks, that helps. If you post it as an answer, I'll accept it. @RbMm I know. With "is deallocated" I meant when I deallocate it. The point is, the pointer could point e.g. somewhere into the process token instead of into the `TokenUser` allocation. – beehive Sep 07 '22 at 07:35

0 Answers0