////////////////////////////////////////////////////////////////////////////////
// Wrapper for CreateProcessWithTokenW
////////////////////////////////////////////////////////////////////////////////
public static Boolean CreateProcessWithTokenW(IntPtr phNewToken, String name, String arguments)
{
Console.WriteLine("[*] CreateProcessWithTokenW");
IntPtr lpProcessName = Marshal.StringToHGlobalUni(name);
IntPtr lpProcessArgs = Marshal.StringToHGlobalUni(name);
Structs._STARTUPINFO startupInfo = new Structs._STARTUPINFO();
startupInfo.cb = (UInt32)Marshal.SizeOf(typeof(Structs._STARTUPINFO));
Structs._PROCESS_INFORMATION processInformation = new Structs._PROCESS_INFORMATION();
if (!advapi32.CreateProcessWithTokenW(
phNewToken,
Enums.LOGON_FLAGS.NetCredentialsOnly,
lpProcessName,
lpProcessArgs,
Enums.CREATION_FLAGS.NONE,
IntPtr.Zero,
IntPtr.Zero,
ref startupInfo,
out processInformation
))
{
Console.WriteLine(" [-] Function CreateProcessWithTokenW failed: " + Marshal.GetLastWin32Error());
return(false);
}
Console.WriteLine(" [+] Created process: " + processInformation.dwProcessId);
Console.WriteLine(" [+] Created thread: " + processInformation.dwThreadId);
return(true);
}
////////////////////////////////////////////////////////////////////////////////
// Wrapper for ProcessWithLogonW
////////////////////////////////////////////////////////////////////////////////
public static Boolean CreateProcessWithLogonW(IntPtr phNewToken, String name, String arguments)
{
Console.WriteLine("[*] CreateProcessWithLogonW");
Structs._STARTUPINFO startupInfo = new Structs._STARTUPINFO();
startupInfo.cb = (UInt32)Marshal.SizeOf(typeof(Structs._STARTUPINFO));
Structs._PROCESS_INFORMATION processInformation = new Structs._PROCESS_INFORMATION();
if (!advapi32.CreateProcessWithLogonW(
"i",
"j",
"k",
0x00000002,
name,
arguments,
0x04000000,
IntPtr.Zero,
Environment.SystemDirectory,
ref startupInfo,
out processInformation
))
{
Console.WriteLine(" [-] Function CreateProcessWithLogonW failed: " + Marshal.GetLastWin32Error());
return(false);
}
Console.WriteLine(" [+] Created process: " + processInformation.dwProcessId);
Console.WriteLine(" [+] Created thread: " + processInformation.dwThreadId);
return(true);
}
public static extern Boolean CreateProcessWithTokenW(
IntPtr hToken,
Enums.LOGON_FLAGS dwLogonFlags,
IntPtr lpApplicationName,
IntPtr lpCommandLine,
Enums.CREATION_FLAGS dwCreationFlags,
IntPtr lpEnvironment,
IntPtr lpCurrentDirectory,
ref Structs._STARTUPINFO lpStartupInfo,
out Structs._PROCESS_INFORMATION lpProcessInfo
);
public static extern bool CreateProcessWithLogonW(
String userName,
String domain,
String password,
int logonFlags,
String applicationName,
String commandLine,
int creationFlags,
IntPtr environment,
String currentDirectory,
ref Structs._STARTUPINFO startupInfo,
out Structs._PROCESS_INFORMATION processInformation
);
public static extern Boolean CreateProcessAsUserW(
IntPtr hToken,
IntPtr lpApplicationName,
IntPtr lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
Boolean bInheritHandles,
Enums.CREATION_FLAGS dwCreationFlags,
IntPtr lpEnvironment,
IntPtr lpCurrentDirectory,
ref Structs._STARTUPINFO lpStartupInfo,
out Structs._PROCESS_INFORMATION lpProcessInfo
);
////////////////////////////////////////////////////////////////////////////////
// Wrapper for CreateProcessWithTokenW
////////////////////////////////////////////////////////////////////////////////
public static Boolean CreateProcessWithTokenW(IntPtr phNewToken, String name, String arguments)
{
if (name.Contains("\\"))
{
name = System.IO.Path.GetFullPath(name);
if (!System.IO.File.Exists(name))
{
Console.WriteLine("[-] File Not Found");
return(false);
}
}
else
{
name = FindFilePath(name);
if (String.Empty == name)
{
Console.WriteLine("[-] Unable to find file");
return(false);
}
}
Console.WriteLine("[*] CreateProcessWithTokenW");
IntPtr lpProcessName = Marshal.StringToHGlobalUni(name);
IntPtr lpProcessArgs = Marshal.StringToHGlobalUni(arguments);
Structs._STARTUPINFO startupInfo = new Structs._STARTUPINFO();
startupInfo.cb = (UInt32)Marshal.SizeOf(typeof(Structs._STARTUPINFO));
Structs._PROCESS_INFORMATION processInformation = new Structs._PROCESS_INFORMATION();
if (!advapi32.CreateProcessWithTokenW(
phNewToken,
Enums.LOGON_FLAGS.NetCredentialsOnly,
lpProcessName,
lpProcessArgs,
Enums.CREATION_FLAGS.NONE,
IntPtr.Zero,
IntPtr.Zero,
ref startupInfo,
out processInformation
))
{
Console.WriteLine(" [-] Function CreateProcessWithTokenW failed: " + Marshal.GetLastWin32Error());
return(false);
}
Console.WriteLine(" [+] Created process: " + processInformation.dwProcessId);
Console.WriteLine(" [+] Created thread: " + processInformation.dwThreadId);
return(true);
}
////////////////////////////////////////////////////////////////////////////////
// Wrapper for ProcessWithLogonW
////////////////////////////////////////////////////////////////////////////////
public static Boolean CreateProcessWithLogonW(IntPtr phNewToken, String name, String arguments)
{
if (name.Contains("\\"))
{
name = System.IO.Path.GetFullPath(name);
if (!System.IO.File.Exists(name))
{
Console.WriteLine("[-] File Not Found");
return(false);
}
}
else
{
name = FindFilePath(name);
if (String.Empty == name)
{
Console.WriteLine("[-] Unable to find file");
return(false);
}
}
Console.WriteLine("[*] CreateProcessWithLogonW");
Structs._STARTUPINFO startupInfo = new Structs._STARTUPINFO();
startupInfo.cb = (UInt32)Marshal.SizeOf(typeof(Structs._STARTUPINFO));
Structs._PROCESS_INFORMATION processInformation = new Structs._PROCESS_INFORMATION();
if (!advapi32.CreateProcessWithLogonW(
"i",
"j",
"k",
0x00000002,
name,
arguments,
0x04000000,
IntPtr.Zero,
Environment.SystemDirectory,
ref startupInfo,
out processInformation
))
{
Console.WriteLine(" [-] Function CreateProcessWithLogonW failed: " + Marshal.GetLastWin32Error());
return(false);
}
Console.WriteLine(" [+] Created process: " + processInformation.dwProcessId);
Console.WriteLine(" [+] Created thread: " + processInformation.dwThreadId);
return(true);
}
