Excuse the doublepost but as I see this becoming something i'll have to do a lot more and I'm guessing others at exetools while certainly more skilled than me might run into this I've written up a quick and easy way with handle inheritance.
Here's a source to a program that will steal handles from a privileged process and give them to your executable. (Compile as unsafe / 64bit only at the moment)
We're basically exploiting windows handle inheritance behavior if you can spawn a process from crss for example and it has an 0x1fffff handle to your process you'll get the same handle.
Last edited by H4vC; 05-15-2017 at 20:51.
|