ホーム › Security › DuplicateTokenEx

DuplicateTokenEx

関数

アクセス権と種別を指定してアクセストークンを複製する。

DLLADVAPI32.dll呼出規約winapiSetLastErrorあり対応OSWindows XP 以降

シグネチャ

// ADVAPI32.dll
#include <windows.h>

BOOL DuplicateTokenEx(
    HANDLE hExistingToken,
    TOKEN_ACCESS_MASK dwDesiredAccess,
    SECURITY_ATTRIBUTES* lpTokenAttributes,   // optional
    SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
    TOKEN_TYPE TokenType,
    HANDLE* phNewToken
);

パラメーター

名前	型	方向
hExistingToken	HANDLE	in
dwDesiredAccess	TOKEN_ACCESS_MASK	in
lpTokenAttributes	SECURITY_ATTRIBUTES*	inoptional
ImpersonationLevel	SECURITY_IMPERSONATION_LEVEL	in
TokenType	TOKEN_TYPE	in
phNewToken	HANDLE*	out

戻り値の型: BOOL

各言語での呼び出し定義

// ADVAPI32.dll
#include <windows.h>

BOOL DuplicateTokenEx(
    HANDLE hExistingToken,
    TOKEN_ACCESS_MASK dwDesiredAccess,
    SECURITY_ATTRIBUTES* lpTokenAttributes,   // optional
    SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
    TOKEN_TYPE TokenType,
    HANDLE* phNewToken
);

[return: MarshalAs(UnmanagedType.Bool)]
[DllImport("ADVAPI32.dll", SetLastError = true, ExactSpelling = true)]
static extern bool DuplicateTokenEx(
    IntPtr hExistingToken,   // HANDLE
    uint dwDesiredAccess,   // TOKEN_ACCESS_MASK
    IntPtr lpTokenAttributes,   // SECURITY_ATTRIBUTES* optional
    int ImpersonationLevel,   // SECURITY_IMPERSONATION_LEVEL
    int TokenType,   // TOKEN_TYPE
    IntPtr phNewToken   // HANDLE* out
);

<DllImport("ADVAPI32.dll", SetLastError:=True, ExactSpelling:=True)>
Public Shared Function DuplicateTokenEx(
    hExistingToken As IntPtr,   ' HANDLE
    dwDesiredAccess As UInteger,   ' TOKEN_ACCESS_MASK
    lpTokenAttributes As IntPtr,   ' SECURITY_ATTRIBUTES* optional
    ImpersonationLevel As Integer,   ' SECURITY_IMPERSONATION_LEVEL
    TokenType As Integer,   ' TOKEN_TYPE
    phNewToken As IntPtr   ' HANDLE* out
) As Boolean
End Function

' hExistingToken : HANDLE
' dwDesiredAccess : TOKEN_ACCESS_MASK
' lpTokenAttributes : SECURITY_ATTRIBUTES* optional
' ImpersonationLevel : SECURITY_IMPERSONATION_LEVEL
' TokenType : TOKEN_TYPE
' phNewToken : HANDLE* out
Declare PtrSafe Function DuplicateTokenEx Lib "advapi32" ( _
    ByVal hExistingToken As LongPtr, _
    ByVal dwDesiredAccess As Long, _
    ByVal lpTokenAttributes As LongPtr, _
    ByVal ImpersonationLevel As Long, _
    ByVal TokenType As Long, _
    ByVal phNewToken As LongPtr) As Long
' VBA7前提(PtrSafe)。32bit Office では LongPtr→Long。Integer=16bit / Long=32bit / LongLong=64bit。

import ctypes
from ctypes import wintypes

DuplicateTokenEx = ctypes.windll.advapi32.DuplicateTokenEx
DuplicateTokenEx.restype = wintypes.BOOL
DuplicateTokenEx.argtypes = [
    wintypes.HANDLE,  # hExistingToken : HANDLE
    wintypes.DWORD,  # dwDesiredAccess : TOKEN_ACCESS_MASK
    ctypes.c_void_p,  # lpTokenAttributes : SECURITY_ATTRIBUTES* optional
    ctypes.c_int,  # ImpersonationLevel : SECURITY_IMPERSONATION_LEVEL
    ctypes.c_int,  # TokenType : TOKEN_TYPE
    ctypes.c_void_p,  # phNewToken : HANDLE* out
]
# GetLastError: use ctypes.GetLastError() (or ctypes.WinDLL(use_last_error=True))

require 'fiddle'
require 'fiddle/import'

lib = Fiddle.dlopen('ADVAPI32.dll')
DuplicateTokenEx = Fiddle::Function.new(
  lib['DuplicateTokenEx'],
  [
    Fiddle::TYPE_VOIDP,  # hExistingToken : HANDLE
    -Fiddle::TYPE_INT,  # dwDesiredAccess : TOKEN_ACCESS_MASK
    Fiddle::TYPE_VOIDP,  # lpTokenAttributes : SECURITY_ATTRIBUTES* optional
    Fiddle::TYPE_INT,  # ImpersonationLevel : SECURITY_IMPERSONATION_LEVEL
    Fiddle::TYPE_INT,  # TokenType : TOKEN_TYPE
    Fiddle::TYPE_VOIDP,  # phNewToken : HANDLE* out
  ],
  Fiddle::TYPE_INT)

#[link(name = "advapi32")]
extern "system" {
    fn DuplicateTokenEx(
        hExistingToken: *mut core::ffi::c_void,  // HANDLE
        dwDesiredAccess: u32,  // TOKEN_ACCESS_MASK
        lpTokenAttributes: *mut SECURITY_ATTRIBUTES,  // SECURITY_ATTRIBUTES* optional
        ImpersonationLevel: i32,  // SECURITY_IMPERSONATION_LEVEL
        TokenType: i32,  // TOKEN_TYPE
        phNewToken: *mut *mut core::ffi::c_void  // HANDLE* out
    ) -> i32;
}
// crates: windows-sys provides ready-made bindings for this API.

$sig = @"
[return: MarshalAs(UnmanagedType.Bool)]
[DllImport("ADVAPI32.dll", SetLastError = true)]
public static extern bool DuplicateTokenEx(IntPtr hExistingToken, uint dwDesiredAccess, IntPtr lpTokenAttributes, int ImpersonationLevel, int TokenType, IntPtr phNewToken);
"@
$api = Add-Type -MemberDefinition $sig -Name 'ADVAPI32_DuplicateTokenEx' -Namespace Win32 -PassThru
# $api::DuplicateTokenEx(hExistingToken, dwDesiredAccess, lpTokenAttributes, ImpersonationLevel, TokenType, phNewToken)

#uselib "ADVAPI32.dll"
#func global DuplicateTokenEx "DuplicateTokenEx" sptr, sptr, sptr, sptr, sptr, sptr
; DuplicateTokenEx hExistingToken, dwDesiredAccess, varptr(lpTokenAttributes), ImpersonationLevel, TokenType, phNewToken   ; 戻り値は stat
; hExistingToken : HANDLE -> "sptr"
; dwDesiredAccess : TOKEN_ACCESS_MASK -> "sptr"
; lpTokenAttributes : SECURITY_ATTRIBUTES* optional -> "sptr"
; ImpersonationLevel : SECURITY_IMPERSONATION_LEVEL -> "sptr"
; TokenType : TOKEN_TYPE -> "sptr"
; phNewToken : HANDLE* out -> "sptr"
; ※HSP3.7は #func のため戻り値はシステム変数 stat に格納されます。

出力引数:

#uselib "ADVAPI32.dll"
#cfunc global DuplicateTokenEx "DuplicateTokenEx" sptr, int, var, int, int, sptr
; res = DuplicateTokenEx(hExistingToken, dwDesiredAccess, lpTokenAttributes, ImpersonationLevel, TokenType, phNewToken)
; hExistingToken : HANDLE -> "sptr"
; dwDesiredAccess : TOKEN_ACCESS_MASK -> "int"
; lpTokenAttributes : SECURITY_ATTRIBUTES* optional -> "var"
; ImpersonationLevel : SECURITY_IMPERSONATION_LEVEL -> "int"
; TokenType : TOKEN_TYPE -> "int"
; phNewToken : HANDLE* out -> "sptr"
; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。#uselib "ADVAPI32.dll"
#cfunc global DuplicateTokenEx "DuplicateTokenEx" sptr, int, sptr, int, int, sptr
; res = DuplicateTokenEx(hExistingToken, dwDesiredAccess, varptr(lpTokenAttributes), ImpersonationLevel, TokenType, phNewToken)
; hExistingToken : HANDLE -> "sptr"
; dwDesiredAccess : TOKEN_ACCESS_MASK -> "int"
; lpTokenAttributes : SECURITY_ATTRIBUTES* optional -> "sptr"
; ImpersonationLevel : SECURITY_IMPERSONATION_LEVEL -> "int"
; TokenType : TOKEN_TYPE -> "int"
; phNewToken : HANDLE* out -> "sptr"
; ※出力/バッファ引数はポインタ方式(token=sptr / 呼び出しは varptr(変数))。

出力引数:

; BOOL DuplicateTokenEx(HANDLE hExistingToken, TOKEN_ACCESS_MASK dwDesiredAccess, SECURITY_ATTRIBUTES* lpTokenAttributes, SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, TOKEN_TYPE TokenType, HANDLE* phNewToken)
#uselib "ADVAPI32.dll"
#cfunc global DuplicateTokenEx "DuplicateTokenEx" intptr, int, var, int, int, intptr
; res = DuplicateTokenEx(hExistingToken, dwDesiredAccess, lpTokenAttributes, ImpersonationLevel, TokenType, phNewToken)
; hExistingToken : HANDLE -> "intptr"
; dwDesiredAccess : TOKEN_ACCESS_MASK -> "int"
; lpTokenAttributes : SECURITY_ATTRIBUTES* optional -> "var"
; ImpersonationLevel : SECURITY_IMPERSONATION_LEVEL -> "int"
; TokenType : TOKEN_TYPE -> "int"
; phNewToken : HANDLE* out -> "intptr"
; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。; BOOL DuplicateTokenEx(HANDLE hExistingToken, TOKEN_ACCESS_MASK dwDesiredAccess, SECURITY_ATTRIBUTES* lpTokenAttributes, SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, TOKEN_TYPE TokenType, HANDLE* phNewToken)
#uselib "ADVAPI32.dll"
#cfunc global DuplicateTokenEx "DuplicateTokenEx" intptr, int, intptr, int, int, intptr
; res = DuplicateTokenEx(hExistingToken, dwDesiredAccess, varptr(lpTokenAttributes), ImpersonationLevel, TokenType, phNewToken)
; hExistingToken : HANDLE -> "intptr"
; dwDesiredAccess : TOKEN_ACCESS_MASK -> "int"
; lpTokenAttributes : SECURITY_ATTRIBUTES* optional -> "intptr"
; ImpersonationLevel : SECURITY_IMPERSONATION_LEVEL -> "int"
; TokenType : TOKEN_TYPE -> "int"
; phNewToken : HANDLE* out -> "intptr"
; ※出力/バッファ引数はポインタ方式(token=intptr / 呼び出しは varptr(変数))。

import (
	"golang.org/x/sys/windows"
	"unsafe"
)

var (
	advapi32 = windows.NewLazySystemDLL("ADVAPI32.dll")
	procDuplicateTokenEx = advapi32.NewProc("DuplicateTokenEx")
)

// hExistingToken (HANDLE), dwDesiredAccess (TOKEN_ACCESS_MASK), lpTokenAttributes (SECURITY_ATTRIBUTES* optional), ImpersonationLevel (SECURITY_IMPERSONATION_LEVEL), TokenType (TOKEN_TYPE), phNewToken (HANDLE* out)
r1, _, err := procDuplicateTokenEx.Call(
	uintptr(hExistingToken),
	uintptr(dwDesiredAccess),
	uintptr(lpTokenAttributes),
	uintptr(ImpersonationLevel),
	uintptr(TokenType),
	uintptr(phNewToken),
)
_ = err  // syscall.Errno (valid when the call sets last-error)
_ = r1   // BOOL

function DuplicateTokenEx(
  hExistingToken: THandle;   // HANDLE
  dwDesiredAccess: DWORD;   // TOKEN_ACCESS_MASK
  lpTokenAttributes: Pointer;   // SECURITY_ATTRIBUTES* optional
  ImpersonationLevel: Integer;   // SECURITY_IMPERSONATION_LEVEL
  TokenType: Integer;   // TOKEN_TYPE
  phNewToken: Pointer   // HANDLE* out
): BOOL; stdcall;
  external 'ADVAPI32.dll' name 'DuplicateTokenEx';

result := DllCall("ADVAPI32\DuplicateTokenEx"
    , "Ptr", hExistingToken   ; HANDLE
    , "UInt", dwDesiredAccess   ; TOKEN_ACCESS_MASK
    , "Ptr", lpTokenAttributes   ; SECURITY_ATTRIBUTES* optional
    , "Int", ImpersonationLevel   ; SECURITY_IMPERSONATION_LEVEL
    , "Int", TokenType   ; TOKEN_TYPE
    , "Ptr", phNewToken   ; HANDLE* out
    , "Int")   ; return: BOOL

●DuplicateTokenEx(hExistingToken, dwDesiredAccess, lpTokenAttributes, ImpersonationLevel, TokenType, phNewToken) = DLL("ADVAPI32.dll", "bool DuplicateTokenEx(void*, dword, void*, int, int, void*)")
# 呼び出し: DuplicateTokenEx(hExistingToken, dwDesiredAccess, lpTokenAttributes, ImpersonationLevel, TokenType, phNewToken)
# hExistingToken : HANDLE -> "void*"
# dwDesiredAccess : TOKEN_ACCESS_MASK -> "dword"
# lpTokenAttributes : SECURITY_ATTRIBUTES* optional -> "void*"
# ImpersonationLevel : SECURITY_IMPERSONATION_LEVEL -> "int"
# TokenType : TOKEN_TYPE -> "int"
# phNewToken : HANDLE* out -> "void*"
# なでしこ1は32bit・ANSI(Shift_JIS)。文字列=char*(ANSI)、ポインタ/ハンドル=void*(4byte)。