%20-%20MindMeister_files/prev-blue-be81fa386dd84eed81a5666943f293a12e38cbb72230ca6bbb.svg)
Back to Public Maps
Process Token Dumper
by Vivek Ramachandran 02/21/2017
Process Token Dumper
%20-%20MindMeister_files/priority_01-7e8f0f98f69f4ccd61de86ec760e639982a74b32ba562553.png)
Privilege Check
SeDebugPrivilege
GetCurrentProcess()
OpenProcessToken()
GetTokenInformation()
AdjustTokenPrivileges()
%20-%20MindMeister_files/priority_02-98287828d2be20754cd87da961c68f3d22c73f45e3e0cd37.png)
Get Process Handle
OpenProcess()
Choose Minimal Access
MAXIMUM_ALLOWED
PROCESS_QUERY_LIMITED_INFORMATION
Protected Processes
Protected Processes
%20-%20MindMeister_files/8429494.png)
Finding Protected Processes
%20-%20MindMeister_files/priority_03-96b19010a5ee2e7d8cbbad81e3c39c0217b99bf5289a2109.png)
Get Process Token Handle
OpenProcessToken()
MAXIMUM_ALLOWED
%20-%20MindMeister_files/8429375.png)
%20-%20MindMeister_files/priority_04-9635b2cad50413d157b1e239deb3178a3e62fe87d2dfbd43.png)
Dump Token Information
GetTokenInformation()
%20-%20MindMeister_files/8429378.png)
TokenUser
%20-%20MindMeister_files/8429383.png)
SID_AND_ATTRIBUTES
%20-%20MindMeister_files/8429526.png)
Demo
%20-%20MindMeister_files/8429401.png)
TokenOwner
%20-%20MindMeister_files/8429523.png)
Demo
%20-%20MindMeister_files/8429403.png)
TokenPrimaryGroup
%20-%20MindMeister_files/8429528.png)
Demo
%20-%20MindMeister_files/8429406.png)
TokenGroups
%20-%20MindMeister_files/8429532.png)
Demo
%20-%20MindMeister_files/8429490.png)
TokenPrivileges
%20-%20MindMeister_files/8429501.png)
LUID_AND_ATTRIBUTES
%20-%20MindMeister_files/8429533.png)
Demo
%20-%20MindMeister_files/8429491.png)
TokenSource
%20-%20MindMeister_files/8429535.png)
Demo
%20-%20MindMeister_files/8429492.png)
TokenType
%20-%20MindMeister_files/8429536.png)
Demo
%20-%20MindMeister_files/8429493.png)
TokenElevation
%20-%20MindMeister_files/8429540.png)
Demo
... many others
%20-%20MindMeister_files/logo-738573fe48b11c12b91a465f7c6168eb5272d2b6a0255d6d08dd80a.svg){kind=logo}
Process Token Dumper
by Vivek Ramachandran%20-%20MindMeister_files/mind-map-process-token-dumper.png)
1. Privilege Check
1.1. SeDebugPrivilege
1.1.1. GetCurrentProcess()
1.1.2. OpenProcessToken()
1.1.3. GetTokenInformation()
1.1.4. AdjustTokenPrivileges()
2. Get Process Handle
2.1. OpenProcess()
2.1.1. Choose Minimal Access
2.1.2. MAXIMUM_ALLOWED
2.1.3. PROCESS_QUERY_LIMITED_INFORMATION Protected Processes
2.1.3.1. Finding Protected Processes
3. Get Process Token Handle
3.1. OpenProcessToken()
3.1.1. MAXIMUM_ALLOWED
4. Dump Token Information
4.1. GetTokenInformation()
4.1.1. TokenUser
4.1.1.1. SID_AND_ATTRIBUTES
4.1.1.1.1. Demo
4.1.2. TokenOwner
4.1.2.1. Demo
4.1.3. TokenPrimaryGroup
4.1.3.1. Demo
4.1.4. TokenGroups
4.1.4.1. Demo
4.1.5. TokenPrivileges
4.1.5.1. LUID_AND_ATTRIBUTES
4.1.5.1.1. Demo
4.1.6. TokenSource
4.1.6.1. Demo
4.1.7. TokenType
4.1.7.1. Demo
4.1.8. TokenElevation
4.1.8.1. Demo
%20-%20MindMeister_files/robby_what_about_you-1d5e98948fdb9cda36d07f864c9321e4eb3c53a.svg)
%20-%20MindMeister_files/arrow-right-orange-ad5be5d72fc9b0c30dec9581b1388b0ee1b601a8a.svg){kind=icon}
%20-%20MindMeister_files/girl_with_map-d012345ec66f2fbaa00af6609c6b1b8cf2ada0074eccc5.svg)
%20-%20MindMeister_files/cookie-4d5ef6aa8d7c3addb0deeb6f15e8e19678a0f6611513a390560b3.svg)