Created
March 10, 2017 23:15
-
-
Save adamdriscoll/4effdf9d29228d1e9f1184bfd92d744b to your computer and use it in GitHub Desktop.
Creates a process as a user in a untrusted domain
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public void CreateProcessAsUser(string applicationName, string commandLine, string username, string domainName, string password) | |
| { | |
| var si = new STARTUPINFO(); | |
| var pi = new PROCESS_INFORMATION(); | |
| if (!CreateProcessWithLogonW(username, domainName, password, | |
| LogonFlags.LOGON_NETCREDENTIALS_ONLY, null, applicationName + " " + commandLine, | |
| CreationFlags.CREATE_DEFAULT_ERROR_MODE, 0, null, ref si, out pi)) | |
| { | |
| throw new Win32Exception(); | |
| } | |
| WaitForSingleObject(pi.hProcess, 0xffffffff); | |
| CloseHandle(pi.hProcess); | |
| CloseHandle(pi.hThread); | |
| } | |
| [DllImport("kernel32.dll", SetLastError = true)] | |
| static extern UInt32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds); | |
| [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] | |
| private static extern bool CreateProcessWithLogonW( | |
| String userName, | |
| String domain, | |
| String password, | |
| LogonFlags logonFlags, | |
| String applicationName, | |
| String commandLine, | |
| CreationFlags creationFlags, | |
| UInt32 environment, | |
| String currentDirectory, | |
| ref STARTUPINFO startupInfo, | |
| out PROCESS_INFORMATION processInformation); | |
| [DllImport("kernel32.dll", SetLastError = true)] | |
| [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] | |
| [SuppressUnmanagedCodeSecurity] | |
| [return: MarshalAs(UnmanagedType.Bool)] | |
| static extern bool CloseHandle(IntPtr hObject); | |
| [Flags] | |
| enum CreationFlags | |
| { | |
| CREATE_SUSPENDED = 0x00000004, | |
| CREATE_NEW_CONSOLE = 0x00000010, | |
| CREATE_NEW_PROCESS_GROUP = 0x00000200, | |
| CREATE_UNICODE_ENVIRONMENT = 0x00000400, | |
| CREATE_SEPARATE_WOW_VDM = 0x00000800, | |
| CREATE_DEFAULT_ERROR_MODE = 0x04000000, | |
| } | |
| [Flags] | |
| enum LogonFlags | |
| { | |
| LOGON_WITH_PROFILE = 0x00000001, | |
| LOGON_NETCREDENTIALS_ONLY = 0x00000002 | |
| } | |
| [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] | |
| private struct STARTUPINFO | |
| { | |
| public Int32 cb; | |
| public string lpReserved; | |
| public string lpDesktop; | |
| public string lpTitle; | |
| public Int32 dwX; | |
| public Int32 dwY; | |
| public Int32 dwXSize; | |
| public Int32 dwYSize; | |
| public Int32 dwXCountChars; | |
| public Int32 dwYCountChars; | |
| public Int32 dwFillAttribute; | |
| public Int32 dwFlags; | |
| public Int16 wShowWindow; | |
| public Int16 cbReserved2; | |
| public IntPtr lpReserved2; | |
| public IntPtr hStdInput; | |
| public IntPtr hStdOutput; | |
| public IntPtr hStdError; | |
| } | |
| [StructLayout(LayoutKind.Sequential)] | |
| private struct PROCESS_INFORMATION | |
| { | |
| public IntPtr hProcess; | |
| public IntPtr hThread; | |
| public int dwProcessId; | |
| public int dwThreadId; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment