static void Main() { SetTokenPriv.EnablePrivilege(); //using var _ = new ApplicationPrivilege(new[] { // TokenPrivilegeValue.SeAssignPrimaryTokenPrivilege, // TokenPrivilegeValue.SeTakeOwnershipPrivilege, // TokenPrivilegeValue.SeLoadDriverPrivilege, // TokenPrivilegeValue.SeSecurityPrivilege, // TokenPrivilegeValue.SeTcbPrivilege, // TokenPrivilegeValue.SeBackupPrivilege, // TokenPrivilegeValue.SeRestorePrivilege, //}); //WaitForDebugger(); using var evt = NtEvent.Create(null, EventType.NotificationEvent, false); using var job = NtJob.CreateServerSilo(SiloObjectRootDirectoryControlFlags.All, @"C:\Windows", evt, false); using (var root = NtDirectory.Open(job.SiloRootDirectory)) { Console.WriteLine(root); SetupRootDirectory(root); } //Debugger.Break(); //NotifySM(job, 7); //ProcessExtensions.GetSessionUserToken(out var tok); var config = new NtProcessCreateConfig { ImagePath = @"\SystemRoot\System32\cmd.exe", ConfigImagePath = @"C:\Windows\System32\cmd.exe", CurrentDirectory = @"C:\Windows\System32", WindowTitle = "Demo", ParentProcess = NtProcess.Current, TerminateOnDispose = true, ThreadFlags = ThreadCreateFlags.Suspended, }; config.AddAttribute(ProcessAttribute.JobList(new[] { job })); using var proc = NtProcess.Create(config); proc.Thread.Resume(); proc.Process.Wait().ToNtException(); Console.WriteLine($"status: {proc.Process.ExitNtStatus}"); }
static void Main(string[] args) { AppDomain.CurrentDomain.ProcessExit += AppDomain_ProcessExit; using (var textWriter = new StreamWriter(@"D:\test.txt")) { foreach (var arg in args) { textWriter.WriteLine(arg); } } try { if (args[0] == "-p") { _process = NtProcess.Open(int.Parse(args[1]), ProcessAccessRights.MaximumAllowed); _waitHandle = new IntPtr(long.Parse(args[3])); } else { var config = new NtProcessCreateConfig(); config.InitFlags |= ProcessCreateInitFlag.IFEOSkipDebugger; config.ThreadFlags |= ThreadCreateFlags.Suspended; var path = NtFileUtils.DosFileNameToNt(args[0]); config.ConfigImagePath = path; var result = NtProcess.Create(config); _process = result.Process; _thread = result.Thread; } while (true) { bool beingDebugged; if (_process.Wow64) { PartialPeb32 peb = (PartialPeb32)_process.GetPeb(); beingDebugged = peb.BeingDebugged == 1; } else { PartialPeb peb = (PartialPeb)_process.GetPeb(); beingDebugged = peb.BeingDebugged == 1; } if (beingDebugged) { break; } Thread.Sleep(100); } if (_thread != null) { _thread.Resume(); } if (_waitHandle != IntPtr.Zero) { SetEvent(_waitHandle); } } finally { cleanUp(false); } }