rbmm/gist:4789f472c196749b19b49ad0de0e6696

## gistfile1.txt
NTSTATUS ShowAuthPackage()
{
	HANDLE hToken;
	NTSTATUS status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY, &hToken);
	if (0 <= status)
	{
		TOKEN_STATISTICS ts;
		status = NtQueryInformationToken(hToken, TokenStatistics, &ts, sizeof(ts), &ts.DynamicAvailable);
		NtClose(hToken);

		if (0 <= status)
		{
			PSECURITY_LOGON_SESSION_DATA pLogonSessionData;
			if (0 <= (status = LsaGetLogonSessionData(&ts.AuthenticationId, &pLogonSessionData)))
			{
				int len = 0;
				PWSTR buf = 0;
				BOOL fOk = FALSE;

				while (len = _snwprintf(buf, len, L"%wZ\r\n%wZ\\%wZ\r\n[%x]",
					&pLogonSessionData->AuthenticationPackage,
					&pLogonSessionData->LogonDomain, &pLogonSessionData->UserName,
					pLogonSessionData->UserFlags))
				{
					if (buf)
					{
						fOk = TRUE;
						break;
					}

					buf = (PWSTR)alloca(++len * sizeof(WCHAR));
				}

				LsaFreeReturnBuffer(pLogonSessionData);

				if (fOk) MessageBox(0, buf, 0, MB_ICONINFORMATION);
			}
		}
	}

	return status;
}
	NTSTATUS ShowAuthPackage()
	{
	HANDLE hToken;
	NTSTATUS status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY, &hToken);
	if (0 <= status)
	{
	TOKEN_STATISTICS ts;
	status = NtQueryInformationToken(hToken, TokenStatistics, &ts, sizeof(ts), &ts.DynamicAvailable);
	NtClose(hToken);

	if (0 <= status)
	{
	PSECURITY_LOGON_SESSION_DATA pLogonSessionData;
	if (0 <= (status = LsaGetLogonSessionData(&ts.AuthenticationId, &pLogonSessionData)))
	{
	int len = 0;
	PWSTR buf = 0;
	BOOL fOk = FALSE;

	while (len = _snwprintf(buf, len, L"%wZ\r\n%wZ\\%wZ\r\n[%x]",
	&pLogonSessionData->AuthenticationPackage,
	&pLogonSessionData->LogonDomain, &pLogonSessionData->UserName,
	pLogonSessionData->UserFlags))
	{
	if (buf)
	{
	fOk = TRUE;
	break;
	}

	buf = (PWSTR)alloca(++len * sizeof(WCHAR));
	}

	LsaFreeReturnBuffer(pLogonSessionData);

	if (fOk) MessageBox(0, buf, 0, MB_ICONINFORMATION);
	}
	}
	}

	return status;
	}