On Mon May 27 23:57:31 2024 +0000, Jinoh Kang wrote:

The `TOKEN_MANDATORY_LABEL` structure pointed by `ptr`, with length `len`. This is documented in https://learn.microsoft.com/en-us/windows/win32/api/winnt/ne-winnt-token_inf.... You need to define both `TOKEN_MANDATORY_LEVEL32` (with ULONG in place of pointers) and `TOKEB_MANDATORY_LABEL` (with actual pointers). Also, don't assume `ptr` is not "used." Maybe *right now,* but ntdll and wow64 are still separate components that can get out of sync without tests.

If you don't want to go through all the hassle, but still want to go "in the right direction," please read my first comment.