Skip to content

Commit 63d1b90

Browse files
author
James Forshaw
committed
Added Token to native process creation.
1 parent bc5817d commit 63d1b90

File tree

2 files changed

+36
-17
lines changed

2 files changed

+36
-17
lines changed

NtApiDotNet/CreateUserProcess.cs

Lines changed: 25 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -198,6 +198,14 @@ public SecurityDescriptor ThreadSecurityDescriptor
198198
get; set;
199199
}
200200

201+
/// <summary>
202+
/// Specify the primary token for the new process.
203+
/// </summary>
204+
public NtToken Token
205+
{
206+
get; set;
207+
}
208+
201209
/// <summary>
202210
/// Constructor
203211
/// </summary>
@@ -271,6 +279,15 @@ private static IntPtr CreateProcessParameters(
271279
return ret;
272280
}
273281

282+
/// <summary>
283+
/// Start the new process based on the ImagePath parameter.
284+
/// </summary>
285+
/// <returns>The result of the process creation</returns>
286+
public CreateUserProcessResult Start()
287+
{
288+
return Start(ImagePath);
289+
}
290+
274291
/// <summary>
275292
/// Start the new process
276293
/// </summary>
@@ -281,9 +298,9 @@ public CreateUserProcessResult Start(string image_path)
281298
if (image_path == null)
282299
throw new System.ArgumentNullException("image_path");
283300

284-
IntPtr process_params = CreateProcessParameters(ImagePath ?? image_path, DllPath, CurrentDirectory,
301+
IntPtr process_params = CreateProcessParameters(ConfigImagePath ?? image_path, DllPath, CurrentDirectory,
285302
CommandLine, Environment, WindowTitle, DesktopInfo, ShellInfo, RuntimeData, 1);
286-
List<ProcessAttribute> attrs = new List<ProcessAttribute>();
303+
DisposableList<ProcessAttribute> attrs = new DisposableList<ProcessAttribute>();
287304
try
288305
{
289306
ProcessCreateInfo create_info = new ProcessCreateInfo();
@@ -306,6 +323,11 @@ public CreateUserProcessResult Start(string image_path)
306323
attrs.Add(ProcessAttribute.ChildProcess(RestrictChildProcess, OverrideRestrictChildProcess));
307324
}
308325

326+
if (Token != null)
327+
{
328+
attrs.Add(ProcessAttribute.Token(Token.Handle));
329+
}
330+
309331
ProcessAttributeList attr_list = new ProcessAttributeList(attrs);
310332

311333
create_info.Data.InitFlags = InitFlags | ProcessCreateInitFlag.WriteOutputOnExit;
@@ -351,10 +373,7 @@ public CreateUserProcessResult Start(string image_path)
351373
finally
352374
{
353375
NtRtl.RtlDestroyProcessParameters(process_params);
354-
foreach (ProcessAttribute attr in attrs)
355-
{
356-
attr.Dispose();
357-
}
376+
attrs.Dispose();
358377
}
359378
}
360379
}

NtObjectManager/NtObjectManager.psm1

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -597,16 +597,16 @@ function New-NtProcessConfig
597597
[switch]$TerminateOnDispose
598598
)
599599
$config = New-Object NtApiDotNet.CreateUserProcess
600-
$config.ProcessFlags = $ProcessFlags
601-
$config.ThreadFlags = $ThreadFlags
602-
$config.CommandLine = $CommandLine
603-
$config.TerminateOnDispose = $TerminateOnDispose
600+
$config.ProcessFlags = $ProcessFlags
601+
$config.ThreadFlags = $ThreadFlags
602+
$config.CommandLine = $CommandLine
603+
$config.TerminateOnDispose = $TerminateOnDispose
604604

605-
if ($ProtectedType -ne 0 -or $ProtectedSigner -ne 0)
606-
{
607-
$config.AddProtectionLevel($ProtectedType, $ProtectedSigner)
608-
$config.ProcessFlags = $ProcessFlags -bor "ProtectedProcess"
609-
}
605+
if ($ProtectedType -ne 0 -or $ProtectedSigner -ne 0)
606+
{
607+
$config.AddProtectionLevel($ProtectedType, $ProtectedSigner)
608+
$config.ProcessFlags = $ProcessFlags -bor "ProtectedProcess"
609+
}
610610

611611
return $config
612612
}
@@ -631,8 +631,8 @@ function New-NtProcess
631631
{
632632
[CmdletBinding(DefaultParameterSetName = "FromArgs")]
633633
Param(
634-
[Parameter(Mandatory=$true, Position=0)]
635-
[string]$ImagePath,
634+
[Parameter(Mandatory=$true, Position=0)]
635+
[string]$ImagePath,
636636
[NtApiDotNet.CreateUserProcess]$Config,
637637
[switch]$Win32Path
638638
)

0 commit comments

Comments
 (0)