Added Token to native process creation.

Author: James Forshaw

NtApiDotNet/CreateUserProcess.cs

@@ -198,6 +198,14 @@ public SecurityDescriptor ThreadSecurityDescriptor
             get; set;
         }
 
+        /// <summary>
+        /// Specify the primary token for the new process.
+        /// </summary>
+        public NtToken Token
+        {
+            get; set;
+        }
+
         /// <summary>
         /// Constructor
         /// </summary>
@@ -271,6 +279,15 @@ private static IntPtr CreateProcessParameters(
             return ret;
         }
 
+        /// <summary>
+        /// Start the new process based on the ImagePath parameter.
+        /// </summary>
+        /// <returns>The result of the process creation</returns>
+        public CreateUserProcessResult Start()
+        {
+            return Start(ImagePath);
+        }
+
         /// <summary>
         /// Start the new process
         /// </summary>
@@ -281,9 +298,9 @@ public CreateUserProcessResult Start(string image_path)
             if (image_path == null)
                 throw new System.ArgumentNullException("image_path");
 
-            IntPtr process_params = CreateProcessParameters(ImagePath ?? image_path, DllPath, CurrentDirectory,
+            IntPtr process_params = CreateProcessParameters(ConfigImagePath ?? image_path, DllPath, CurrentDirectory,
                   CommandLine, Environment, WindowTitle, DesktopInfo, ShellInfo, RuntimeData, 1);
-            List<ProcessAttribute> attrs = new List<ProcessAttribute>();
+            DisposableList<ProcessAttribute> attrs = new DisposableList<ProcessAttribute>();
             try
             {
                 ProcessCreateInfo create_info = new ProcessCreateInfo();
@@ -306,6 +323,11 @@ public CreateUserProcessResult Start(string image_path)
                     attrs.Add(ProcessAttribute.ChildProcess(RestrictChildProcess, OverrideRestrictChildProcess));
                 }
 
+                if (Token != null)
+                {
+                    attrs.Add(ProcessAttribute.Token(Token.Handle));
+                }
+
                 ProcessAttributeList attr_list = new ProcessAttributeList(attrs);
 
                 create_info.Data.InitFlags = InitFlags | ProcessCreateInitFlag.WriteOutputOnExit;
@@ -351,10 +373,7 @@ public CreateUserProcessResult Start(string image_path)
             finally
             {
                 NtRtl.RtlDestroyProcessParameters(process_params);
-                foreach (ProcessAttribute attr in attrs)
-                {
-                    attr.Dispose();
-                }
+                attrs.Dispose();
             }
         }
     }

NtObjectManager/NtObjectManager.psm1

@@ -597,16 +597,16 @@ function New-NtProcessConfig
     [switch]$TerminateOnDispose
     )
     $config = New-Object NtApiDotNet.CreateUserProcess
-  $config.ProcessFlags = $ProcessFlags
-  $config.ThreadFlags = $ThreadFlags
-  $config.CommandLine = $CommandLine
-  $config.TerminateOnDispose = $TerminateOnDispose
+    $config.ProcessFlags = $ProcessFlags
+    $config.ThreadFlags = $ThreadFlags
+    $config.CommandLine = $CommandLine
+    $config.TerminateOnDispose = $TerminateOnDispose
 
-  if ($ProtectedType -ne 0 -or $ProtectedSigner -ne 0)
-  {
-    $config.AddProtectionLevel($ProtectedType, $ProtectedSigner)
-    $config.ProcessFlags = $ProcessFlags -bor "ProtectedProcess"
-  }
+    if ($ProtectedType -ne 0 -or $ProtectedSigner -ne 0)
+    {
+        $config.AddProtectionLevel($ProtectedType, $ProtectedSigner)
+        $config.ProcessFlags = $ProcessFlags -bor "ProtectedProcess"
+    }
 
     return $config
 }
@@ -631,8 +631,8 @@ function New-NtProcess
 {
   [CmdletBinding(DefaultParameterSetName = "FromArgs")]
     Param(
-        [Parameter(Mandatory=$true, Position=0)]
-        [string]$ImagePath,
+    [Parameter(Mandatory=$true, Position=0)]
+    [string]$ImagePath,
     [NtApiDotNet.CreateUserProcess]$Config,
     [switch]$Win32Path
     )