//////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////// private static Boolean CreateProcessWithTokenW(IntPtr phNewToken, String name, String arguments) { Console.WriteLine("[*] CreateProcessWithTokenW"); IntPtr lpProcessName = Marshal.StringToHGlobalUni(name); IntPtr lpProcessArgs = Marshal.StringToHGlobalUni(name); Structs._STARTUPINFO startupInfo = new Structs._STARTUPINFO(); startupInfo.cb = (UInt32)Marshal.SizeOf(typeof(Structs._STARTUPINFO)); Structs._PROCESS_INFORMATION processInformation = new Structs._PROCESS_INFORMATION(); if (!Unmanaged.CreateProcessWithTokenW( phNewToken, Enums.LOGON_FLAGS.NetCredentialsOnly, lpProcessName, lpProcessArgs, Enums.CREATION_FLAGS.NONE, IntPtr.Zero, IntPtr.Zero, ref startupInfo, out processInformation )) { GetError("CreateProcessWithTokenW: "); return(false); } Console.WriteLine(" [+] Created process: " + processInformation.dwProcessId); Console.WriteLine(" [+] Created thread: " + processInformation.dwThreadId); return(true); }