Filter:Pascal C++ (Lib) C++ (VCL) C++ (.NET) C# VB.NET
Returns the security token of the process that initiated the operation
function GetOriginatorToken : THandle;
unsigned __fastcall GetOriginatorToken(void);
Function GetOriginatorToken() As IntPtr
Handle to the token if the function succeeded or INVALID_HANDLE_VALUE if the function failed.
Use GetOriginatorToken to get the security token of the process that originated the operation. You can use the security token to retrieve various security-related information using GetTokenInformation() function of Windows API.
Call this method only from the callback / event handlers.
Do not call this method from handlers for OnReadFile*, OnWriteFile* and other callbacks that work with opened files, as that callbacks can be initiated by the system components (cache manager, memory manager etc.). Instead do the following:
- Call GetOriginatorToken from OnCreateFile or OnOpenFile event handlers / callbacks and obtain various security information using this token;
- Store obtained information somewhere and store the reference to this information in the UserContext;
- When you need to check the originator information in some file-related callback, access the stored information via UserContext
NOTE: you must call CloseHandle() function of Windows API to close the obtained token handle.
If you monitor the disk being shared, you might want to get security information (account name etc.) of the user, who accesses the disk across network. Disks can be shared in several modes in Windows:
- First is authenticated mode. In this case the network redirector (the process that receives remote disk requests and directs them to the disk driver) is impersonated to the account of the caller user and GetOriginatorToken method will return account information of that caller.
- Next is guest mode. In this mode GetOriginatorToken returns information of GUEST account.
- Third mode is administrative shares (those that exist by default and are named C$, D$ etc.). For such shares GetOriginatorToken returns information of LOCAL_SYSTEM account.