| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Fixed the PSv4 dependency for obtaining process ownership information.
Thanks to @mmashwani for suggesting the WMI solution.
|
|
account. Translate SYSTEM SID to NTAccount to maintain compatibility across languages.
|
|
Scripts in a module should not be individually versioned. Only the
module should be versioned.
|
|
Removed 2 unnecessary lines.
|
|
Windows 10 breaks the current version of Invoke-TokenManipulation.ps1 because wininit is now a protected processes. Rather than hardcoding to a specific process to obtain a SYSTEM token, it's better to enumerate all processes running as SYSTEM and find one that works. I have updated the script to version 1.12 and added logic on lines 1689-1696 to make sure it can successfully grab a SYSTEM token necessary to function.
|
|
Thanks to Run Mariboe for the contribution to Invoke-TokenManipulation
adding the -PassThru flag for newly created processes. Version increased
to 1.11.
|
|
Bug fixes for Invoke-TokenManipulation
|
|
Processes could not be started when the script was being run from
Session 0. The fix is to use the CreateProcessAsUserW function when
running in Session 0. This API requires SeAssignPrimaryTokenPrivilege
priviege, so for non-session0 calls I still use CreateProcessWithTokenW
which does not require special privileges.
|
|
|
|
|
|
|