public TMProcessBuilder UsingExistingProcessToken(int processId) { var hProc = TMProcessHandle.FromProcessId(processId); var hToken = AccessTokenHandle.FromProcessHandle(hProc, TokenAccess.TOKEN_DUPLICATE, TokenAccess.TOKEN_QUERY); var hDuplicate = hToken.DuplicatePrimaryToken(); this.TokenHandle = hDuplicate; return(this); }
/// <summary> /// Duplicates and impersonates the process token of the specified PID. /// This replaces the current thread token. Call RevertToSelf() to get back /// previous access token. /// </summary> /// <param name="pid"></param> public static void ImpersonateProcessToken(int pid) { var hProc = TMProcessHandle.FromProcessId(pid, ProcessAccessFlags.QueryInformation); var hToken = AccessTokenHandle.FromProcessHandle(hProc, TokenAccess.TOKEN_IMPERSONATE, TokenAccess.TOKEN_DUPLICATE); var hDuplicate = hToken.DuplicateImpersonationToken(TokenAccess.TOKEN_ALL_ACCESS); if (!Advapi32.SetThreadToken(IntPtr.Zero, hDuplicate.GetHandle())) { Console.WriteLine($"{Kernel32.GetLastError()}"); } }
public void Execute() { TMProcessHandle hProcess; if (this.options.ProcessID.HasValue) { hProcess = TMProcessHandle.FromProcessId(this.options.ProcessID.Value, TokenManage.API.ProcessAccessFlags.QueryInformation); } else { hProcess = TMProcessHandle.GetCurrentProcessHandle(); } var hToken = AccessTokenHandle.FromProcessHandle(hProcess, TokenAccess.TOKEN_QUERY); if (this.options.ShowUser || this.options.ShowAll) { ShowUser(hToken); } if (this.options.ShowGroups || this.options.ShowAll) { ShowGroups(hToken); } if (this.options.ShowPrivileges || this.options.ShowAll) { ShowPrivileges(hToken); } if (this.options.ShowLogonSid || this.options.ShowAll) { ShowLogonSid(hToken); } if (this.options.ShowOwner || this.options.ShowAll) { ShowOwner(hToken); } if (this.options.ShowPrimaryGroup || this.options.ShowAll) { ShowPrimaryGroup(hToken); } if (this.options.ShowSessionID || this.options.ShowAll) { ShowSessionID(hToken); } }