Obtain process token privileges #207
Labels
good first issue
needs: docs
Indicates that the issue needs documentation updates
needs: filters
Indicates that new filters should be added
scope: filters
Anything related to filters
scope: process
Anything related to process state
Description
To get the list of privileges held by the process, we can use the
GetTokenInformation
API passing theTokenPrivileges
token information class. After the list of available privileges is retrieved, they can be resolved to human-readable strings by using theLookupPrivilegeName
API function.The privileges should be part of the process state and can be used in filters to determine what privileges the process has.
References
https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-lookupprivilegenamew
https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-gettokeninformation
The text was updated successfully, but these errors were encountered: