[Enhancement/Idea]A token viewer with export option and capability to compare two processes security parameters would be nice to have

[GiantPluto]

Token viewer is a very nice tool which is useful in wide variety of use cases w.r.t analysis of a process's security. It would be great if the below use cases are supported

1. An export capability which would help in sharing the data with others.
2. Comparing two instance of processes to see what is different among them w.r.t security parameters/token.

The need of second one arose when I was analyzing a store app where I was not able to access a file from one of the process running in a container. But a command prompt launched in the same security context with the tool called Hover (as per the documentation) was able to access it. I wanted to see how the privilege of command prompt launched from Hover is different from the actual process which failed to access a file. A comparison view which would result in showing the difference between these two processes would help in easier analysis.

[tyranid]

Thanks for the request, a few questions to try and determine what you want.

1. What format are you expecting the export to be in? Plain text? machine readable (JSON/XML)? If it's just plain text then the powershell module provides the Format-NtToken command to convert a token into a readable format, not sure if that's enough for you. However it'd be nice to integrate with TokenViewer itself I'd guess.

2. I guess again what sort of format are you expecting and to what level of detail? Typically it's probably enough to know that one token is sandboxed versus another which isn't which manual inspection would show. I think having a general comparison between tokens would be useful, but you could easily go down a rabbit hold of complexity so want to dial in what's of use.