static void Main(string[] args)
        {
            try
            {
                if (!IsInAppContainer())
                {
                    if (args.Length > 0)
                    {
                        throw new ArgumentException("Already started");
                    }

                    Win32ProcessConfig config = new Win32ProcessConfig();
                    config.ApplicationName = CopyToTempDir();
                    config.CommandLine     = "run abc";
                    config.AppContainerSid = TokenUtils.DerivePackageSidFromName("microsoft.windowscalculator_8wekyb3d8bbwe");
                    config.CreationFlags   = CreateProcessFlags.NewConsole;
                    using (var p = Win32Process.CreateProcess(config))
                    {
                        p.Process.Wait();
                    }
                }
                else
                {
                    Console.WriteLine("In AC");
                    Console.WriteLine("idiot");
                    // Spawn an OOP process to init
                    Guid clsid = new Guid("ce0e0be8-cf56-4577-9577-34cc96ac087c");
                    Guid iid   = new Guid("00000000-0000-0000-c000-000000000046");
                    CoCreateInstance(ref clsid, IntPtr.Zero, CLSCTX.LOCAL_SERVER, ref iid);
                    using (var client = new Client())
                    {
                        client.Connect("actkernel");
                        uint res = client.PrivGetPsmToken(0x40000001, 0, "Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe",
                                                          "Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge", out NtToken token, out int a);
                        if (res != 0)
                        {
                            throw new SafeWin32Exception((int)res);
                        }

                        using (token)
                        {
                            Console.WriteLine("{0} - Handle: {1:X}", token, token.Handle.DangerousGetHandle().ToInt32());
                            Console.WriteLine("Package Sid: {0}", token.AppContainerSid.Name);
                            Console.WriteLine("AppId: {0}", token.PackageFullName);
                            Console.ReadLine();
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex);
                Console.ReadLine();
            }
        }
        private void btnCreateProcess_Click(object sender, EventArgs e)
        {
            try
            {
                if (checkBoxUseWmi.Checked || checkBoxUseNetLogon.Checked)
                {
                    using (var token = _token.DuplicateToken(TokenType.Impersonation, SecurityImpersonationLevel.Impersonation, TokenAccessRights.MaximumAllowed))
                    {
                        token.SetDefaultDacl(new Acl(IntPtr.Zero, false));
                        using (var imp = token.Impersonate())
                        {
                            if (checkBoxUseWmi.Checked)
                            {
                                using (var managementClass = new ManagementClass(@"\\.\root\cimv2",
                                                                                 "Win32_Process",
                                                                                 new ObjectGetOptions()))
                                {
                                    var inputParams = managementClass.GetMethodParameters("Create");

                                    inputParams["CommandLine"] = txtCommandLine.Text;
                                    var outParams = managementClass.InvokeMethod("Create",
                                                                                 inputParams,
                                                                                 new InvokeMethodOptions());
                                }
                            }
                            else
                            {
                                var config = new Win32ProcessConfig
                                {
                                    CommandLine = txtCommandLine.Text,
                                    Desktop     = @"WinSta0\Default"
                                };
                                using (Win32Process.CreateProcessWithLogon("abc", "abc", "abc",
                                                                           CreateProcessLogonFlags.NetCredentialsOnly | CreateProcessLogonFlags.WithProfile, config))
                                {
                                }
                            }
                        }
                    }
                }
                else
                {
                    using (CreateProcessForToken(txtCommandLine.Text, _token, checkBoxMakeInteractive.Checked))
                    {
                    }
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
        }
예제 #3
0
        static bool RestartInAppContainer(string[] args)
        {
            string FakeFile = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures), "1.txt");

            if (!File.Exists(FakeFile))
            {
                File.WriteAllText(FakeFile, "fake");
            }
            FixSecurity(Path.GetDirectoryName(typeof(Program).Assembly.Location));
            FixSecurity(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures));


            List <Sid> caps = new List <Sid>
            {
                KnownSids.CapabilityInternetClient,
                KnownSids.CapabilityInternetClientServer,
                KnownSids.CapabilityPrivateNetworkClientServer,
                KnownSids.CapabilityPicturesLibrary
            };


            Win32ProcessConfig config = new Win32ProcessConfig
            {
                CreationFlags    = CreateProcessFlags.NewConsole,
                CurrentDirectory = Environment.GetFolderPath(Environment.SpecialFolder.MyPictures),
                ApplicationName  = mainExe,
                CommandLine      = mainExe + " " + FakeFile
            };

            config.SetAppContainerSidFromName("microsoft.windowscalculator_8wekyb3d8bbwe");

            config.Capabilities.AddRange(caps);

            using (var p = Win32Process.CreateProcess(config))
            {
                p.Process.Wait();
            }
            return(true);
        }