First argument of OpenThread is dwDesiredAccess. I've read here that this argument is checked against the security descriptor of the thread. I tried setting it with SetSecurityInfo, but when i use OpenThread, it doesn't seem to work as expected for me.
#include <AccCtrl.h>
#include <AclAPI.h>
// Create a security descriptor
SECURITY_DESCRIPTOR sd;
InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);
// Create a DACL
ACL_SIZE_INFORMATION aclSizeInfo;
aclSizeInfo.AclBytesInUse = sizeof(ACL);
aclSizeInfo.AclBytesFree = 0;
aclSizeInfo.AceCount = 0;
aclSizeInfo.AclBytesFree = 0;
// Create an ACL
PACL pAcl = (PACL)LocalAlloc(LPTR, aclSizeInfo.AclBytesInUse);
InitializeAcl(pAcl, aclSizeInfo.AclBytesInUse, ACL_REVISION);
// Add an ACE to the DACL
EXPLICIT_ACCESS ea;
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = THREAD_ALL_ACCESS;
ea.grfAccessMode = DENY_ACCESS;
ea.grfInheritance = NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea.Trustee.ptstrName = (LPTSTR)WinLocalSid;
// Add the ACE to the ACL
SetEntriesInAcl(1, &ea, NULL, &pAcl);
// Set the DACL in the security descriptor
SetSecurityDescriptorDacl(&sd, TRUE, pAcl, FALSE);
// Set the security descriptor for the thread handle
std::cout << SetSecurityInfo(GetCurrentThread(), SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pAcl, NULL) << std::endl;
// Free the memory
LocalFree(pAcl);
auto handle = OpenThread(THREAD_ALL_ACCESS, 0, GetCurrentThreadId());
std::cout << handle << std::endl; // always a valid handle