ZwImpersonateThread understanding - KernelMode.info

ZwImpersonateThread understanding

5 posts

5 posts

ZwImpersonateThread understanding

#33170 by xjk220
Sun Aug 25, 2019 2:56 pm

Hi all, i am trying to understand ZwImpersonateThread , i dont find any information online.
Analyzed zeroaccess dll

it calls ZwOpenProcess -> ZwOpenThread -> ZwImpersonateThread , if it the call was success, dll adjusts privileges. i wanted to understand how can be this function useful. thx

Username

xjk220

Posts

4

Joined

Wed Jun 20, 2018 11:18 am

Re: ZwImpersonateThread understanding

#33171 by Siro
Wed Aug 28, 2019 9:38 am

Can you be more specific with your question?

What is it that you want to understand? How ZwImpersonateThread works internally? Or how to use it? Or what to use it for?

Username

Siro

Posts

2

Joined

Sun Aug 18, 2019 12:22 pm

Re: ZwImpersonateThread understanding

#33175 by xjk220
Wed Aug 28, 2019 8:59 pm

Siro wrote:Can you be more specific with your question?

What is it that you want to understand? How ZwImpersonateThread works internally? Or how to use it? Or what to use it for?

yes exactly, any possible scenario where ZwImpersonateThread can be useful

Username

xjk220

Posts

4

Joined

Wed Jun 20, 2018 11:18 am

Re: ZwImpersonateThread understanding

#33186 by EP_X0FF
Fri Sep 06, 2019 4:27 am

https://googleprojectzero.blogspot.com/ ... andle.html

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: ZwImpersonateThread understanding

#33215 by xjk220
Sun Oct 20, 2019 11:19 am

EP_X0FF wrote:https://googleprojectzero.blogspot.com/ ... andle.html

that article was really helpful, thanks EP_X0FF

Username

xjk220

Posts

4

Joined

Wed Jun 20, 2018 11:18 am

Page 1 of 1
5 posts

Return to “Kernel-Mode Development”

Display:

Sort by:

Sort by:

Jump to: