reactos/media/doc/news2

         Re: alternative to SeCaptureSubjectContext for Win2000 sought
                                       
   From: "dave porter" <porter@zultranet.com>
   Reply to: "dave porter"
   Date: Mon, 26 Jun 2000 10:57:18 -0400
   Newsgroups:
          comp.os.ms-windows.programmer.nt.kernel-mode
   Followup to: newsgroup
   References:
          <39520e7f$0$15896@wodc7nh1.news.uu.net> 
          <sl5ulbjfe7f47@corp.supernews.com> 
          <39575985$0$24336@wodc7nh0.news.uu.net>


> Under advise, I have tried ZwOpenProcessToken(), but to little avail.
> ZwQueryInformationToken( ..TokenUser ...) doesn't seem to want to do its
job
> either under NT4.

I could be jumping in the middle here, but in what way doesn't it work?
This code works for me:

        int bufLen = 256; // we suppose this is enough
        void* sidBuf = new char[bufLen];
        int sidLen = 0;

        void* pToken = PsReferencePrimaryToken(PsGetCurrentProcess());
        if (!pToken) ... error ...

        NTSTATUS ntstatus = ObOpenObjectByPointer(pToken, 0, 0, TOKEN_QUERY,
0, KernelMode, &handle);
        if (!NT_SUCCESS(ntstatus))  ... error ...

        TOKEN_USER* user = static_cast<TOKEN_USER*>(sidBuf);
        ULONG tokenInfoLen;
        ntstatus = ZwQueryInformationToken(handle, TokenUser, user, bufLen,
&tokenInfoLen);
        if (!NT_SUCCESS(ntstatus)) ... error ...

        assert(tokenInfoLen <= bufLen); // else we would have got an error,
right?
        assert(user->User.Sid == user+1); // SID is in buffer just past
TOKEN_USER structure

        sidLen = tokenInfoLen - sizeof (TOKEN_USER);
        memmove(sidBuf, user->User.Sid, sidLen); // shuffle down the buffer

Naturally, this returns the id of the thread that's running it.
If you execute this in DriverEntry, you're running in some
thread in the system process, which is not related to
the thread which executed the Win32 StartService call.