Search found 4 matches

by zer0cat
Fri Jan 25, 2019 11:39 am
Forum: User-Mode Development
Topic: How to emulate LOW IL ?
Replies: 6
Views: 962

Re: How to emulate LOW IL ?

EP_X0FF, thank you, your code works good.

I have one question, only for myself education. Microsoft tells, that Low Sid ID is - "S-1-16-1024";
But in book "Writing Secure Code for Windows Vista" (Howard,LeBlank) there is another string for low ID - "S-1-16-4096".

Why and where is it right?
by zer0cat
Thu Jan 24, 2019 4:58 pm
Forum: User-Mode Development
Topic: How to emulate LOW IL ?
Replies: 6
Views: 962

Re: How to emulate LOW IL ?

EP_X0FF I tried to compile this code, but i have error: all programms (what I try to run in LOW) crashed on call CreateProcessAsUserW with code 0xc0000022. This code, compiler is Pelles C: void WINAPI CreateLowProcess() { BOOL fRet; HANDLE hToken = NULL; HANDLE hNewToken = NULL; PSID pIntegritySid ...
by zer0cat
Tue Jan 22, 2019 7:25 pm
Forum: User-Mode Development
Topic: How to emulate LOW IL ?
Replies: 6
Views: 962

How to emulate LOW IL ?

I am writing my program, and I want it to work correctly in a low integrity level. But, how can I emulate it? I have tried three ways, and always different options come out (for example, in 1 case the program can create processes, in the second it cannot). Why is that? What is the correct way? 1)- P...
by zer0cat
Sat Nov 10, 2018 7:48 pm
Forum: Newbie Questions
Topic: How i can use one Asm code to x86 and x64?
Replies: 3
Views: 1432

How i can use one Asm code to x86 and x64?

Hello I have some code in C++, which invokes Asm procedure. One procedure is 32 bit (asm x86), and other is 64 bit (asm x64). Example: x86 proc mov eax,dword ptr[edx] ret x86 proc x64 proc mov rax,qword ptr [rdx] ret x64 proc Can I compile the code into a 32-bit PE file that detects the architecture...