#include
<sddl.h>
void
CreateLowProcess()
{
BOOL
bRet
;
HANDLE
hToken
;
HANDLE
hNewToken
;
// Notepad is used as an example
WCHAR
wszProcessName
[
MAX_PATH
] =
L"C://Windows//System32//Notepad.exe";
// Low integrity SID
WCHAR
wszIntegritySid
[20] = L"S-1-16-4096";
PSID
pIntegritySid
=
NULL
;
TOKEN_MANDATORY_LABEL
TIL
= {0};
PROCESS_INFORMATION
ProcInfo
= {0};
STARTUPINFO
StartupInfo
= {0};
ULONG
ExitCode
= 0;
if
(
OpenProcessToken
(
GetCurrentProcess
(),
MAXIMUM_ALLOWED
, &
hToken
))
{
if
(
DuplicateTokenEx
(
hToken
,
MAXIMUM_ALLOWED
,
NULL
,
SecurityImpersonation, TokenPrimary, &
hNewToken
))
{
if
(
ConvertStringSidToSid
(
wszIntegritySid
, &
pIntegritySid
))
{
TIL
.
Label
.
Attributes
=
SE_GROUP_INTEGRITY
;
TIL
.
Label
.
Sid
=
pIntegritySid
;
// Set the process integrity level
if
(
SetTokenInformation
(
hNewToken
, TokenIntegrityLevel, &
TIL
,
sizeof
(TOKEN_MANDATORY_LABEL) +
GetLengthSid
(
pIntegritySid
)))
{
// Create the new process at Low integrity
bRet
=
CreateProcessAsUser
(
hNewToken
,
NULL
,
wszProcessName
,
NULL
,
NULL
,
FALSE
,
0,
NULL
,
NULL
, &
StartupInfo
, &
ProcInfo
);
}
LocalFree
(
pIntegritySid
);
}
CloseHandle
(
hNewToken
);
}
CloseHandle
(
hToken
);
}
}