Читаем Windows® Internals, Sixth Edition, Part 1 полностью

The following output is from the kernel debugger’s dt nt!_TOKEN command:kd> dt nt!_TOKEN +0x000 TokenSource : _TOKEN_SOURCE +0x010 TokenId : _LUID +0x018 AuthenticationId : _LUID +0x020 ParentTokenId : _LUID +0x028 ExpirationTime : _LARGE_INTEGER +0x030 TokenLock : Ptr32 _ERESOURCE +0x034 ModifiedId : _LUID +0x040 Privileges : _SEP_TOKEN_PRIVILEGES +0x058 AuditPolicy : _SEP_AUDIT_POLICY +0x074 SessionId : Uint4B +0x078 UserAndGroupCount : Uint4B +0x07c RestrictedSidCount : Uint4B +0x080 VariableLength : Uint4B +0x084 DynamicCharged : Uint4B +0x088 DynamicAvailable : Uint4B +0x08c DefaultOwnerIndex : Uint4B +0x090 UserAndGroups : Ptr32 _SID_AND_ATTRIBUTES +0x094 RestrictedSids : Ptr32 _SID_AND_ATTRIBUTES +0x098 PrimaryGroup : Ptr32 Void +0x09c DynamicPart : Ptr32 Uint4B +0x0a0 DefaultDacl : Ptr32 _ACL +0x0a4 TokenType : _TOKEN_TYPE +0x0a8 ImpersonationLevel : _SECURITY_IMPERSONATION_LEVEL +0x0ac TokenFlags : Uint4B +0x0b0 TokenInUse : UChar +0x0b4 IntegrityLevelIndex : Uint4B +0x0b8 MandatoryPolicy : Uint4B +0x0bc ProxyData : Ptr32 _SECURITY_TOKEN_PROXY_DATA +0x0c0 AuditData : Ptr32 _SECURITY_TOKEN_AUDIT_DATA +0x0c4 LogonSession : Ptr32 _SEP_LOGON_SESSION_REFERENCES +0x0c8 OriginatingLogonSession : _LUID +0x0d0 SidHash : _SID_AND_ATTRIBUTES_HASH +0x158 RestrictedSidHash : _SID_AND_ATTRIBUTES_HASH +0x1e0 VariablePart : Uint4B