BOOL bRet;
  HANDLE hToken;
  HANDLE hNewToken;

  // Notepad is used as an example
  WCHAR wszProcessName[MAX_PATH] = L"C:\\Windows\\System32\\Notepad.exe";

  // Low integrity SID
  WCHAR wszIntegritySid[20] = L"S-1-16-4096";

  PSID pIntegritySid = NULL;

  TOKEN_MANDATORY_LABEL TIL = {0};
  PROCESS_INFORMATION ProcInfo = {0};
  STARTUPINFO StartupInfo = {0};
  ULONG ExitCode = 0;

  if (OpenProcessToken(GetCurrentProcess(),MAXIMUM_ALLOWED, &hToken))
  {
    if (DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL,
        SecurityImpersonation, TokenPrimary, &hNewToken))
    {
      if (ConvertStringSidToSid(wszIntegritySid, &pIntegritySid))
      {
        TIL.Label.Attributes = SE_GROUP_INTEGRITY;
        TIL.Label.Sid = pIntegritySid;

        // Set the process integrity level
        if (SetTokenInformation(hNewToken, TokenIntegrityLevel, &TIL,
            sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(pIntegritySid)))
            {
              // Create the new process at Low/High integrity
              bRet = CreateProcessAsUser(hNewToken, NULL,
                       wszProcessName, NULL, NULL, FALSE,
                       0, NULL, NULL, &StartupInfo, &ProcInfo);
            }

        LocalFree(pIntegritySid);
      }
      CloseHandle(hNewToken);
    }
  CloseHandle(hToken);


+ Recent posts