Page 1 of 1

ZwImpersonateThread understanding

PostPosted:Sun Aug 25, 2019 2:56 pm
by xjk220
Hi all, i am trying to understand ZwImpersonateThread , i dont find any information online.
Analyzed zeroaccess dll

it calls ZwOpenProcess -> ZwOpenThread -> ZwImpersonateThread , if it the call was success, dll adjusts privileges. i wanted to understand how can be this function useful. thx

Re: ZwImpersonateThread understanding

PostPosted:Wed Aug 28, 2019 9:38 am
by Siro
Can you be more specific with your question?

What is it that you want to understand? How ZwImpersonateThread works internally? Or how to use it? Or what to use it for?

Re: ZwImpersonateThread understanding

PostPosted:Wed Aug 28, 2019 8:59 pm
by xjk220
Siro wrote:Can you be more specific with your question?

What is it that you want to understand? How ZwImpersonateThread works internally? Or how to use it? Or what to use it for?
yes exactly, any possible scenario where ZwImpersonateThread can be useful

Re: ZwImpersonateThread understanding

PostPosted:Fri Sep 06, 2019 4:27 am
by EP_X0FF