From 937417b6f8aa5b4e815738eaee44b98b3be2b619 Mon Sep 17 00:00:00 2001 From: niansa Date: Thu, 19 Jan 2023 00:13:35 +0100 Subject: [PATCH] Just another minor admin impersonation improvement --- modules/LibInherit.hpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/LibInherit.hpp b/modules/LibInherit.hpp index 110b17d..7512c8a 100644 --- a/modules/LibInherit.hpp +++ b/modules/LibInherit.hpp @@ -16,6 +16,9 @@ class LibInherit : public ModuleBase { _In_ BOOL bInheritHandles, _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCSTR lpCurrentDirectory, _In_ LPSTARTUPINFOA lpStartupInfo, _Out_ LPPROCESS_INFORMATION lpProcessInformation ) { + if (GetEnvironmentVariable("__POLICYTOOL_ADMINIMPERSONATE", buffer, sizeof(buffer)) && buffer[0] == '1') { + SetEnvironmentVariableW(L"__COMPAT_LAYER", L"RunAsInvoker"); + } return DetourCreateProcessWithDllExA(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation, sDetourLibrary, TrueCreateProcessA); @@ -27,6 +30,9 @@ class LibInherit : public ModuleBase { _In_ BOOL bInheritHandles, _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCWSTR lpCurrentDirectory, _In_ LPSTARTUPINFOW lpStartupInfo, _Out_ LPPROCESS_INFORMATION lpProcessInformation ) { + if (GetEnvironmentVariable("__POLICYTOOL_ADMINIMPERSONATE", buffer, sizeof(buffer)) && buffer[0] == '1') { + SetEnvironmentVariableW(L"__COMPAT_LAYER", L"RunAsInvoker"); + } return DetourCreateProcessWithDllExW(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation, sDetourLibrary, TrueCreateProcessW);