[NTOS:SE] Add token debug code

Implement initial token debug code. For now debug information that is being tracked are: process image file name, process and thread client IDs and token creation method. More specific debug code can be added later only if needed. As for the token creation method, this follows the same principle as on Windows where the creation method is defined by a value denoting the first letter of the said method of creation. That is, 0xC is for token creation, 0xD is for token duplication and 0xF is for token filtering. The debug field names are taken from Windows PDB symbols for WinDBG debug extension support purposes. The names must not be changed!
2025-08-06 15:53:03 +00:00 · 2022-04-18 10:39:33 +02:00 · 2022-04-18 10:39:33 +02:00 · 11d9c88c35
commit 11d9c88c35
parent 5df5ef2bdf
3 changed files with 67 additions and 1 deletions
--- a/sdk/include/ndk/setypes.h
+++ b/sdk/include/ndk/setypes.h
@ -204,6 +204,14 @@ typedef struct _SECURITY_TOKEN_PROXY_DATA
 //
 // Token and auxiliary data
 //
+// ===================!!!IMPORTANT NOTE!!!=====================
+// ImageFileName, ProcessCid, ThreadCid and CreateMethod field
+// names are taken from Windows Server 2003 SP2 checked build
+// WinDBG debug extensions command purposes (such as !logonsession
+// command respectively). As such names are hardcoded, we have
+// to be compatible with them. THESE FIELD NAMES MUST NOT BE
+// CHANGED!!!
+// ============================================================
 typedef struct _TOKEN
 {
    TOKEN_SOURCE TokenSource;                         /* 0x00 */
@ -236,7 +244,13 @@ typedef struct _TOKEN
    PSECURITY_TOKEN_AUDIT_DATA AuditData;             /* 0x94 */
    PSEP_LOGON_SESSION_REFERENCES LogonSession;       /* 0x98 */
    LUID OriginatingLogonSession;                     /* 0x9C */
-    ULONG VariablePart;                               /* 0xA4 */
+#if DBG
+    UCHAR ImageFileName[16];                          /* 0xA4 */
+    HANDLE ProcessCid;                                /* 0xB4 */
+    HANDLE ThreadCid;                                 /* 0xB8 */
+    ULONG CreateMethod;                               /* 0xBC */
+#endif
+    ULONG VariablePart;                               /* 0xC0 */
 } TOKEN, *PTOKEN;

 typedef struct _AUX_ACCESS_DATA