shelld0n/CreateProcessWithTokenW_code.cs

## CreateProcessWithTokenW_code.cs
// Duplicate token and spawn a new cmd.exe process
myAPI.SECURITY_IMPERSONATION_LEVEL seImpersonateLevel = myAPI.SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation;
myAPI.TOKEN_TYPE tokenType = myAPI.TOKEN_TYPE.TokenPrimary;
IntPtr pNewToken = new IntPtr();
myAPI.SECURITY_ATTRIBUTES sec_att = new myAPI.SECURITY_ATTRIBUTES();
if (!myAPI.DuplicateTokenEx(tokenHandle, myAPI.TOKEN_ALL_ACCESS, ref sec_att, seImpersonateLevel, tokenType, out pNewToken)) { Console.WriteLine("Can't Adjust access Token"); Environment.Exit(2); };
myAPI.STARTUPINFO si = new myAPI.STARTUPINFO();
myAPI.PROCESS_INFORMATION pi;
bool ret;
ret = myAPI.CreateProcessWithTokenW(pNewToken, myAPI.LogonFlags.NetCredentialsOnly, "C:\\Windows\\System32\\cmd.exe", null, myAPI.CreationFlags.NewConsole, IntPtr.Zero, null, ref si, out pi);
Console.WriteLine(ret);
// End the routine
	// Duplicate token and spawn a new cmd.exe process
	myAPI.SECURITY_IMPERSONATION_LEVEL seImpersonateLevel = myAPI.SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation;
	myAPI.TOKEN_TYPE tokenType = myAPI.TOKEN_TYPE.TokenPrimary;
	IntPtr pNewToken = new IntPtr();
	myAPI.SECURITY_ATTRIBUTES sec_att = new myAPI.SECURITY_ATTRIBUTES();
	if (!myAPI.DuplicateTokenEx(tokenHandle, myAPI.TOKEN_ALL_ACCESS, ref sec_att, seImpersonateLevel, tokenType, out pNewToken)) { Console.WriteLine("Can't Adjust access Token"); Environment.Exit(2); };
	myAPI.STARTUPINFO si = new myAPI.STARTUPINFO();
	myAPI.PROCESS_INFORMATION pi;
	bool ret;
	ret = myAPI.CreateProcessWithTokenW(pNewToken, myAPI.LogonFlags.NetCredentialsOnly, "C:\\Windows\\System32\\cmd.exe", null, myAPI.CreationFlags.NewConsole, IntPtr.Zero, null, ref si, out pi);
	Console.WriteLine(ret);
	// End the routine