static void Main()
{
SetTokenPriv.EnablePrivilege();
//using var _ = new ApplicationPrivilege(new[] {
// TokenPrivilegeValue.SeAssignPrimaryTokenPrivilege,
// TokenPrivilegeValue.SeTakeOwnershipPrivilege,
// TokenPrivilegeValue.SeLoadDriverPrivilege,
// TokenPrivilegeValue.SeSecurityPrivilege,
// TokenPrivilegeValue.SeTcbPrivilege,
// TokenPrivilegeValue.SeBackupPrivilege,
// TokenPrivilegeValue.SeRestorePrivilege,
//});
//WaitForDebugger();
using var evt = NtEvent.Create(null, EventType.NotificationEvent, false);
using var job = NtJob.CreateServerSilo(SiloObjectRootDirectoryControlFlags.All, @"C:\Windows", evt, false);
using (var root = NtDirectory.Open(job.SiloRootDirectory)) {
Console.WriteLine(root);
SetupRootDirectory(root);
}
//Debugger.Break();
//NotifySM(job, 7);
//ProcessExtensions.GetSessionUserToken(out var tok);
var config = new NtProcessCreateConfig {
ImagePath = @"\SystemRoot\System32\cmd.exe",
ConfigImagePath = @"C:\Windows\System32\cmd.exe",
CurrentDirectory = @"C:\Windows\System32",
WindowTitle = "Demo",
ParentProcess = NtProcess.Current,
TerminateOnDispose = true,
ThreadFlags = ThreadCreateFlags.Suspended,
};
config.AddAttribute(ProcessAttribute.JobList(new[] { job }));
using var proc = NtProcess.Create(config);
proc.Thread.Resume();
proc.Process.Wait().ToNtException();
Console.WriteLine($"status: {proc.Process.ExitNtStatus}");
}
static void Main(string[] args)
{
AppDomain.CurrentDomain.ProcessExit += AppDomain_ProcessExit;
using (var textWriter = new StreamWriter(@"D:\test.txt"))
{
foreach (var arg in args)
{
textWriter.WriteLine(arg);
}
}
try
{
if (args[0] == "-p")
{
_process = NtProcess.Open(int.Parse(args[1]), ProcessAccessRights.MaximumAllowed);
_waitHandle = new IntPtr(long.Parse(args[3]));
}
else
{
var config = new NtProcessCreateConfig();
config.InitFlags |= ProcessCreateInitFlag.IFEOSkipDebugger;
config.ThreadFlags |= ThreadCreateFlags.Suspended;
var path = NtFileUtils.DosFileNameToNt(args[0]);
config.ConfigImagePath = path;
var result = NtProcess.Create(config);
_process = result.Process;
_thread = result.Thread;
}
while (true)
{
bool beingDebugged;
if (_process.Wow64)
{
PartialPeb32 peb = (PartialPeb32)_process.GetPeb();
beingDebugged = peb.BeingDebugged == 1;
}
else
{
PartialPeb peb = (PartialPeb)_process.GetPeb();
beingDebugged = peb.BeingDebugged == 1;
}
if (beingDebugged)
{
break;
}
Thread.Sleep(100);
}
if (_thread != null)
{
_thread.Resume();
}
if (_waitHandle != IntPtr.Zero)
{
SetEvent(_waitHandle);
}
}
finally
{
cleanUp(false);
}
}
