71 lines
1.9 KiB
C
71 lines
1.9 KiB
C
#include <nt.h>
|
|
#include <ntrtl.h>
|
|
#include <nturtl.h>
|
|
#include <ntpsapi.h>
|
|
#include <stdio.h>
|
|
#include <windows.h>
|
|
|
|
#include "reclient.h"
|
|
#include "wchar.h"
|
|
|
|
|
|
|
|
void __cdecl wmain(int argc, WCHAR **argv)
|
|
{
|
|
PROCESS_SESSION_INFORMATION psi;
|
|
PROCESS_INFORMATION pi;
|
|
STARTUPINFOW si;
|
|
NTSTATUS nts;
|
|
HANDLE hProcess = NULL;
|
|
HANDLE hToken = NULL;
|
|
DWORD dwpid = 0;
|
|
|
|
if (argc < 3)
|
|
{
|
|
printf("Usage:\nrecli.exe <pid of process to imitate> <full path to app to run>\n");
|
|
goto done;
|
|
}
|
|
|
|
dwpid = _wtol(argv[1]);
|
|
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwpid);
|
|
if (hProcess == NULL)
|
|
{
|
|
printf("Could not open process %d: 0x%08x\n", dwpid, GetLastError());
|
|
goto done;
|
|
}
|
|
|
|
if (OpenProcessToken(hProcess, TOKEN_ALL_ACCESS, &hToken) == FALSE)
|
|
{
|
|
printf("Could not open process token %d: 0x%08x\n", dwpid, GetLastError());
|
|
goto done;
|
|
}
|
|
|
|
nts = NtQueryInformationProcess(hProcess, ProcessSessionInformation, &psi, sizeof(psi), NULL);
|
|
if (NT_SUCCESS(nts) == FALSE)
|
|
{
|
|
printf("Could not get the session ID %d: 0x%08x\n", dwpid, GetLastError());
|
|
goto done;
|
|
}
|
|
|
|
ZeroMemory(&si, sizeof(si));
|
|
si.cb = sizeof(si);
|
|
|
|
if (CreateRemoteProcessW(psi.SessionId, hToken, argv[2], 0, &si, &pi) == FALSE)
|
|
{
|
|
printf("Could not create remote process %ls: 0x%08x\n", argv[2], GetLastError());
|
|
goto done;
|
|
}
|
|
|
|
printf("Created pid %d\n", pi.dwProcessId);
|
|
WaitForSingleObject(pi.hProcess, INFINITE);
|
|
|
|
CloseHandle(pi.hProcess);
|
|
CloseHandle(pi.hThread);
|
|
|
|
done:
|
|
if (hToken == NULL)
|
|
CloseHandle(hToken);
|
|
if (hProcess == NULL)
|
|
CloseHandle(hProcess);
|
|
}
|