Пример #1
0
 public static extern bool CreateProcess(
     string lpApplicationName,
     string lpCommandLine,
     IntPtr lpProcessAttributes,
     IntPtr lpThreadAttributes,
     bool bInheritHandles,
     uint dwCreationFlags,
     IntPtr lpEnvironment,
     string lpCurrentDirectory,
     StartupInfo *lpStartupInfo,
     ProcessInfo *lpProcessInformation);
Пример #2
0
 public static extern bool CreateProcessInternal([MarshalAs(UnmanagedType.U4)] uint hToken,
                                                 [MarshalAs(UnmanagedType.LPTStr)] string lpApplicationName,
                                                 [MarshalAs(UnmanagedType.LPTStr)] string lpCommandLine,
                                                 [MarshalAs(UnmanagedType.SysInt)] IntPtr lpProcessAttributes,
                                                 [MarshalAs(UnmanagedType.SysInt)] IntPtr lpThreadAttributes,
                                                 [MarshalAs(UnmanagedType.Bool)] bool bInheritHandles,
                                                 [MarshalAs(UnmanagedType.U4)] uint dwCreationFlags,
                                                 [MarshalAs(UnmanagedType.SysInt)] IntPtr lpEnvironment,
                                                 [MarshalAs(UnmanagedType.LPTStr)] string lpCurrentDirectory,
                                                 byte[] lpStartupInfo,
                                                 ProcessInfo *lpProcessInfo,
                                                 [MarshalAs(UnmanagedType.U4)] uint hNewToken);
Пример #3
0
        public static void spoon(out int Res)
        {
            Res = -1;
            ProcessInfo *PInf = (ProcessInfo *)Marshal.AllocHGlobal(sizeof(ProcessInfo));

            if (NtDll.RtlCloneUserProcess(CloneProcessFlags.CreateSuspended | CloneProcessFlags.InheritHandles,
                                          IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, PInf) == CloneStatus.Parent)
            {
                Res = Kernel32.GetProcessId(PInf->ProcInfo.Process);

                Kernel32.ResumeThread(PInf->ProcInfo.Thread);
                Kernel32.CloseHandle(PInf->ProcInfo.Process);
                Kernel32.CloseHandle(PInf->ProcInfo.Thread);
                Marshal.FreeHGlobal(new IntPtr(PInf));
            }
            else
            {
                Res = 0;

                if (Kernel32.FreeConsole())
                {
                    Kernel32.AllocConsole();

                    StreamWriter OutWriter = new StreamWriter(Console.OpenStandardOutput());
                    OutWriter.AutoFlush = true;
                    Console.SetOut(OutWriter);

                    StreamWriter ErrWriter = new StreamWriter(Console.OpenStandardError());
                    ErrWriter.AutoFlush = true;
                    Console.SetError(ErrWriter);

                    StreamReader InReader = new StreamReader(Console.OpenStandardInput());
                    Console.SetIn(InReader);
                }
            }
        }
Пример #4
0
 public static extern CloneStatus RtlCloneUserProcess(CloneProcessFlags Flags, IntPtr ProcSecDesc, IntPtr ThreadSecDesc,
                                                      IntPtr DebugPort, ProcessInfo *ProcessInfo);
Пример #5
0
 public static CloneStatus RtlCloneUserProcess(CloneProcessFlags Flags, ProcessInfo *ProcessInfo)
 {
     return(RtlCloneUserProcess(Flags, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, ProcessInfo));
 }