Skip to content
This repository was archived by the owner on Jan 21, 2021. It is now read-only.

Commit 1916464

Browse files
HarmJ0yHarmJ0y
committed
bug fix in Get-TokenInformation
1 parent 9853900 commit 1916464

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

Privesc/PowerUp.ps1

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -999,10 +999,10 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa379630(v=vs.85).aspx
999999

10001000
# initial query to determine the necessary buffer size
10011001
$TokenGroupsPtrSize = 0
1002-
$Success = $Advapi32::GetTokenInformation($hProcToken, 2, 0, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize)
1002+
$Success = $Advapi32::GetTokenInformation($TokenHandle, 2, 0, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize)
10031003
[IntPtr]$TokenGroupsPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenGroupsPtrSize)
10041004

1005-
$Success = $Advapi32::GetTokenInformation($hProcToken, 2, $TokenGroupsPtr, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error()
1005+
$Success = $Advapi32::GetTokenInformation($TokenHandle, 2, $TokenGroupsPtr, $TokenGroupsPtrSize, [ref]$TokenGroupsPtrSize);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error()
10061006

10071007
if ($Success) {
10081008
$TokenGroups = $TokenGroupsPtr -as $TOKEN_GROUPS
@@ -1036,10 +1036,10 @@ https://msdn.microsoft.com/en-us/library/windows/desktop/aa379630(v=vs.85).aspx
10361036

10371037
# initial query to determine the necessary buffer size
10381038
$TokenPrivilegesPtrSize = 0
1039-
$Success = $Advapi32::GetTokenInformation($hProcToken, 3, 0, $TokenPrivilegesPtrSize, [ref]$TokenPrivilegesPtrSize)
1039+
$Success = $Advapi32::GetTokenInformation($TokenHandle, 3, 0, $TokenPrivilegesPtrSize, [ref]$TokenPrivilegesPtrSize)
10401040
[IntPtr]$TokenPrivilegesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenPrivilegesPtrSize)
10411041

1042-
$Success = $Advapi32::GetTokenInformation($hProcToken, 3, $TokenPrivilegesPtr, $TokenPrivilegesPtrSize, [ref]$TokenPrivilegesPtrSize);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error()
1042+
$Success = $Advapi32::GetTokenInformation($TokenHandle, 3, $TokenPrivilegesPtr, $TokenPrivilegesPtrSize, [ref]$TokenPrivilegesPtrSize);$LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error()
10431043

10441044
if ($Success) {
10451045
$TokenPrivileges = $TokenPrivilegesPtr -as $TOKEN_PRIVILEGES

0 commit comments

Comments
 (0)