TOKEN监视器,分为系统驱动和GDI界面两部分,对深入学习系统编程很有帮助,初学的就不用看了
Introduction
Tokenmon is a application that monitors and displays a variety of security-related activity taking place on a system. Tokenmon gets its name from the fact that Windows NT/2000 stores a process‘ security information, including the user account context in which the process executes, in an object called a token. Tokenmon monitors includes the following:
User logon/logoff
Applications enabling or disabling security privileges in their process tokens
Process startup and exit (token creation/deletion)
Impersonation
Tokenmon has advanced filtering and search capabilities that make it a powerful tool for exploring the way NT works, seeing how applications use security functions, or tracking down problems in system or application configurations.
Tokenmon works on NT 4.0 and Windows 2000.
Installation and Use
Simply run the Tokenmon GUI (Tokenmon.exe). Note that you must have administrative privilege to run Toke
