这种要去 英文网站才能找到较丰富的资料
Binary World :
http://binaryworld.net/Main/C...x?CodeId=465叙述:
This function will determine whether or not a thread is running in the user context of the local Administrator account. You need to examine the
access token associated with that thread using the
GetTokenInformation() API, since this access token represents the user under which the thread is running.
By default the token associated with a thread is that of its containing process, but this user context will be superceded by any token attached directly to the thread. So to determine a thread's user context, first attempt to obtain any token attached directly to the thread with
OpenThreadToken(). If this fails, and it reports an
ERROR_NO_TOKEN, then obtain the token of the thread's containing process with
OpenProcessToken().