Author Topic: RunAsSys  (Read 1624 times)

JonasS

  • Regular Member
  • *
  • Posts: 15
Re: RunAsSys
« Reply #15 on: January 26, 2020, 05:57:34 PM »
I am completely lost.  :undecided:
I am not much into native API.  :nie:

AW

  • Member
  • *****
  • Posts: 2583
  • Let's Make ASM Great Again!
Re: RunAsSys
« Reply #16 on: January 27, 2020, 05:06:01 AM »
I am completely lost.  :undecided:
I am not much into native API.  :nie:

I will post it here, just need to find it and clean it up.

AW

  • Member
  • *****
  • Posts: 2583
  • Let's Make ASM Great Again!
Re: RunAsSys
« Reply #17 on: January 27, 2020, 05:37:45 PM »
This is the version using the Native API and works from Windows 2003 onwards. The Native API is needed for Windows 2003 because we have to impersonate a thread of Winlogon.exe in order to be allowed to access and duplicate its token. This does not happen in later Windows versions.

While I have used the Masm32 SDK, some libs will need to be updated (see comments in the source). There is also a structure that is wrong in Windows.inc causing a fail that took me some time to figure out.


JonasS

  • Regular Member
  • *
  • Posts: 15
Re: RunAsSys
« Reply #18 on: January 27, 2020, 09:15:00 PM »
This is the version using the Native API and works from Windows 2003 onwards. The Native API is needed for Windows 2003 because we have to impersonate a thread of Winlogon.exe in order to be allowed to access and duplicate its token. This does not happen in later Windows versions.

While I have used the Masm32 SDK, some libs will need to be updated (see comments in the source). There is also a structure that is wrong in Windows.inc causing a fail that took me some time to figure out.
Thank you SO MUCH!!!!!  :thumbsup: