search

gentilkiwi / mimikatz

A little tool to play with Windows security
http://blog.gentilkiwi.com/mimikatz
19.48k stars 3.74k forks source link

File "mimispool.c" may hava bug that More than 2 RDP Users Active #387

Open yanghaoi opened 2 years ago

yanghaoi commented 2 years ago

1.Line number 124 In mimispool.c image

if more than 2 RDP users active, mimispool will be run CreateProcessAsUser more.Like this image:

image

  1. Fix,Use API ProcessIdToSessionId() Get SessionId : 
    DWORD processId = GetCurrentProcessId(); 
DWORD pSessionId = 0; 
ProcessIdToSessionId(processId, &pSessionId);
......
// Check Current SessionId
if (Session[i].State == WTSActive && Session[i].SessionId == pSessionId)
{
....
}