Re: Create a process from within driver ?

salman_razzaq · August 15, 2007, 2:34am

From the link, just being sent
http://rootkit.com/newsread.php?newsid=259

Lets suppose, the technique used in it is absolutely correct and well
documented or you can say that executes successfully. My question here is
that in which security context will the user mode process will run.

Alyah_Nihal · August 15, 2007, 3:01am

The function UtilInstallUserModeApcForCreateProcess needs pTargetThread & pTargetProcess as arguments, so the process will inherit the same context the APC ran in.