def start_proc_with_token(args, hTokendupe, hidden=True):
##Start the process with the token.
lpProcessInformation = PROCESS_INFORMATION()
lpStartupInfo = STARTUPINFO()
if hidden:
lpStartupInfo.dwFlags = subprocess.STARTF_USESHOWWINDOW|subprocess.CREATE_NEW_PROCESS_GROUP
lpStartupInfo.wShowWindow = subprocess.SW_HIDE
CREATE_NEW_CONSOLE = 0x00000010
CREATE_UNICODE_ENVIRONMENT = 0x00000400
NORMAL_PRIORITY_CLASS = 0x00000020
dwCreationflag = NORMAL_PRIORITY_CLASS | CREATE_UNICODE_ENVIRONMENT | CREATE_NEW_CONSOLE
userenv = WinDLL('userenv', use_last_error=True)
userenv.CreateEnvironmentBlock.argtypes = (POINTER(c_void_p), c_void_p, c_int)
userenv.DestroyEnvironmentBlock.argtypes = (c_void_p,)
cenv = c_void_p()
success = userenv.CreateEnvironmentBlock(byref(cenv), hTokendupe, 0)
if not success:
raise WinError()
success = windll.advapi32.CreateProcessAsUserA(hTokendupe, None, ' '.join(args), None, None, True, dwCreationflag, cenv, None, byref(lpStartupInfo), byref(lpProcessInformation))
if not success:
raise WinError()
print "[+] process created PID: " + str(lpProcessInformation.dwProcessId)
return lpProcessInformation.dwProcessId
评论列表
文章目录