SeCaptureSubjectContext function (wdm.h)
The SeCaptureSubjectContext routine captures the security context of the calling thread for access validation and auditing.
Syntax
void SeCaptureSubjectContext(
[out] PSECURITY_SUBJECT_CONTEXT SubjectContext
);
Parameters
[out] SubjectContext
Pointer to a caller-allocated SECURITY_SUBJECT_CONTEXT structure.
Return value
None
Remarks
The SeCaptureSubjectContext routine returns a pointer to a SECURITY_SUBJECT_CONTEXT structure, which contains references to access tokens. The contents of that structure can change. The SeLockSubjectContext routine locks the primary access token and any impersonation tokens associated with the structure.
When using routines that query token information, such as SeQueryAuthenticationIdToken, SeQuerySubjectContextToken, SeQueryInformationToken, and SePrivilegeCheck, more than once in the same security context, lock the subject context with SeLockSubjectContext to obtain consistent results.
File systems must call SeCaptureSubjectContext before performing access validation or generating audit messages. This is necessary to provide a consistent security context to routines such as SeQueryAuthenticationIdToken, SeQuerySubjectContextToken, and SePrivilegeCheck. After these operations have been performed, the captured context should be released as soon as possible by calling SeReleaseSubjectContext.
For more information about security and access control, see the documentation on these topics in the Microsoft Windows SDK.
Requirements
| Requirement | Value |
|---|---|
| Target Platform | Universal |
| Header | wdm.h (include Ntifs.h, Wdm.h) |
| Library | NtosKrnl.lib |
| DLL | NtosKrnl.exe |
| IRQL | PASSIVE_LEVEL |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for