Skip to content

Instantly share code, notes, and snippets.

@iso2022jp

iso2022jp/nudo.c

Created November 11, 2012 09:09
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save iso2022jp/4054249 to your computer and use it in GitHub Desktop.
Save iso2022jp/4054249 to your computer and use it in GitHub Desktop.
Download ZIP
nudo.exe: Do as a normal user
Raw
nudo.c
#define STRICT
#define WIN32_LEAN_AND_MEAN
#define VC_EXTRALEAN
#include <windows.h>
#include <winsafer.h>
void Zero(void *dest, size_t count) {
char *p = (char *)dest;
while (count--) {
*p++ = 0;
}
}
BOOL GetNormalUserToken(HANDLE hToken, LPHANDLE hNewToken) {
SAFER_LEVEL_HANDLE hLevel;
if (!SaferCreateLevel(SAFER_SCOPEID_USER, SAFER_LEVELID_NORMALUSER, 0, &hLevel, NULL)) {
return FALSE;
}
if (!SaferComputeTokenFromLevel(hLevel, hToken, hNewToken, 0, NULL)) {
return FALSE;
}
SaferCloseLevel(hLevel);
return TRUE;
}
int CALLBACK wWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int nCmdShow) {
HANDLE hToken;
HANDLE hRestricted;
STARTUPINFO si;
PROCESS_INFORMATION pi;
TCHAR commandLine[MAX_PATH];
Zero(&si, sizeof (STARTUPINFO));
si.cb = sizeof (STARTUPINFO);
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_DUPLICATE, &hToken)) {
return GetLastError();
}
if (!GetNormalUserToken(hToken, &hRestricted)) {
DWORD error = GetLastError();
CloseHandle(hToken);
return error;
}
lstrcpy(commandLine, lpCmdLine);
if (!CreateProcessAsUser(hRestricted, NULL, commandLine, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi)) {
DWORD error = GetLastError();
CloseHandle(hRestricted);
CloseHandle(hToken);
return error;
}
CloseHandle(pi.hThread);
CloseHandle(hRestricted);
CloseHandle(hToken);
CloseHandle(pi.hProcess);
//WaitForSingleObject(pi.hProcess, INFINITE);
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment