NtCreateToken example for creating elevated token without user password

Bala Smart 51 Reputation points
2021-06-15T11:17:06.337+00:00

Hi,

I need elevated token for user, So i can achieve this by using NtCreateToken undocumented API. I'm not able to find any examples to call NtCreateToken.

If anybody knowing usage of [NtCreateToken][1], help me!!!!!!
C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,690 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Castorix31 84,471 Reputation points
    2021-06-15T14:04:54.96+00:00

    You can find samples from Google, like
    SeCreateTokenPrivilege.cpp
    But I get STATUS_PRIVILEGE_NOT_HELD as Admin on Windows 10
    (cannot enable SE_CREATE_TOKEN_NAME privilege)


  2. RLWA32 45,236 Reputation points
    2021-06-17T22:29:36.047+00:00

    Well, it can be done. Here's a standard user - Bozo with an elevated Administrator command prompt running.

    106630-ntcreatetoken.png


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.