#include <sddl.h> void CreateLowProcess(){ BOOLbRet; HANDLEhToken; HANDLEhNewToken; // Notepad is used as an example WCHARwszProcessName[MAX_PATH] = L"C://Windows//System32//Notepad.exe"; // Low integrity SID WCHARwszIntegritySid[20] = L"S-1-16-4096"; PSIDpIntegritySid = NULL; TOKEN_MANDATORY_LABEL TIL = {0}; PROCESS_INFORMATION ProcInfo = {0}; STARTUPINFOStartupInfo = {0}; ULONGExitCode = 0; if (OpenProcessToken(GetCurrentProcess(),MAXIMUM_ALLOWED, &hToken)) { if (DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL, SecurityImpersonation, TokenPrimary, &hNewToken)) { if (ConvertStringSidToSid(wszIntegritySid, &pIntegritySid)) { TIL.Label.Attributes = SE_GROUP_INTEGRITY; TIL.Label.Sid = pIntegritySid; // Set the process integrity level if (SetTokenInformation(hNewToken, TokenIntegrityLevel, &TIL, sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(pIntegritySid))) { // Create the new process at Low integrity bRet = CreateProcessAsUser(hNewToken, NULL, wszProcessName, NULL, NULL, FALSE, 0, NULL, NULL, &StartupInfo, &ProcInfo); } LocalFree(pIntegritySid); } CloseHandle(hNewToken); } CloseHandle(hToken); }}