In this example, an interactive process is created by a Windows service.
Before calling CreateProcessAsUser, you need to set the session ID by SetTokenInformation with TokenSessionId. And this call requires the Act As Part Of the Operating System privilege (SE_TCB_NAME, SeTcbPrivilege).
To simplify the code, suppose we have an ID of the running process (dwProcessId) as well as the name of its executable (sImageName). Also, the environment block, the priority required, and the command line are ignored.
March 13, 2013
Using AdjustTokenPrivileges to change several privileges at once
In this example (Windows 7, VS 2010), three privileges are changed for the current process:
- SeBackupPrivilege is enabled;
- SeDebugPrivilege is removed;
- SeCreatePagefilePrivilege is disabled.
Using NtLoadDriver/NtUnloadDriver: basics
NtLoadDriver uses a registry key for the driver (of the form L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\"). To create this key, you can either use the "sc create" command:
or create the driver key using the Registry Windows API, or even do the same manually. As a minimum, the registry key should have the ImagePath (in Unicode) and the Type (equal to 1) values.
> sc create someDrv type= kernel binPath= "D:\TestProjects\004_sampleDriver\someDrv.sys"
or create the driver key using the Registry Windows API, or even do the same manually. As a minimum, the registry key should have the ImagePath (in Unicode) and the Type (equal to 1) values.
Subscribe to:
Posts (Atom)