{
	"id": "7bdfdcab-88a0-4e13-88ef-b90982e3bc8a",
	"created_at": "2026-04-06T01:30:34.963434Z",
	"updated_at": "2026-04-10T03:21:56.436433Z",
	"deleted_at": null,
	"sha1_hash": "e3706485b6f52299d79bd70b912a4be9255c4642",
	"title": "DuplicateToken function (securitybaseapi.h) - Win32 apps",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48530,
	"plain_text": "DuplicateToken function (securitybaseapi.h) - Win32 apps\r\nBy GrantMeStrength\r\nArchived: 2026-04-06 00:26:58 UTC\r\nThe DuplicateToken function creates a new access token that duplicates one already in existence.\r\nBOOL DuplicateToken(\r\n [in] HANDLE ExistingTokenHandle,\r\n [in] SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,\r\n [out] PHANDLE DuplicateTokenHandle\r\n);\r\n[in] ExistingTokenHandle\r\nA handle to an access token opened with TOKEN_DUPLICATE access.\r\n[in] ImpersonationLevel\r\nSpecifies a SECURITY_IMPERSONATION_LEVEL enumerated type that supplies the impersonation level of\r\nthe new token.\r\n[out] DuplicateTokenHandle\r\nA pointer to a variable that receives a handle to the duplicate token. This handle has TOKEN_IMPERSONATE\r\nand TOKEN_QUERY access to the new token.\r\nWhen you have finished using the new token, call the CloseHandle function to close the token handle.\r\nIf the function succeeds, the return value is nonzero.\r\nIf the function fails, the return value is zero. To get extended error information, call GetLastError.\r\nThe DuplicateToken function creates an impersonation token, which you can use in functions such as\r\nSetThreadToken and ImpersonateLoggedOnUser. The token created by DuplicateToken cannot be used in the\r\nCreateProcessAsUser function, which requires a primary token. To create a token that you can pass to\r\nCreateProcessAsUser, use the DuplicateTokenEx function.\r\nRequirement Value\r\nMinimum supported client Windows XP [desktop apps | UWP apps]\r\nMinimum supported server Windows Server 2003 [desktop apps | UWP apps]\r\nTarget Platform Windows\r\nhttps://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-duplicatetoken\r\nPage 1 of 2\n\nRequirement Value\r\nHeader securitybaseapi.h (include Windows.h)\r\nLibrary Advapi32.lib\r\nDLL Advapi32.dll\r\nAccess Control Overview\r\nBasic Access Control Functions\r\nCreateProcessAsUser\r\nDuplicateTokenEx\r\nImpersonateLoggedOnUser\r\nSECURITY_IMPERSONATION_LEVEL\r\nSetThreadToken\r\nSource: https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-duplicatetoken\r\nhttps://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-duplicatetoken\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-duplicatetoken"
	],
	"report_names": [
		"nf-securitybaseapi-duplicatetoken"
	],
	"threat_actors": [],
	"ts_created_at": 1775439034,
	"ts_updated_at": 1775791316,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e3706485b6f52299d79bd70b912a4be9255c4642.pdf",
		"text": "https://archive.orkl.eu/e3706485b6f52299d79bd70b912a4be9255c4642.txt",
		"img": "https://archive.orkl.eu/e3706485b6f52299d79bd70b912a4be9255c4642.jpg"
	}
}