Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.specterops.io/llms.txt

Use this file to discover all available pages before exploring further.

Summary

Set the parent process to the specified process identifier for all post-exploitation jobs. If the process ID specified is not the same as Apollo’s session, this function call will fail. Moreover, there are some SEH exceptions I can’t track down and they all stem from using impersonated tokens and attempting to spoof logons. Due to that fact, if you are using an impersonated security context in any capacity, Apollo will default back to the current executing process for its parent. I have attempted to put as many guard rails as possible on this, but I’m certain I’ve missed some edge cases. Careful!

Usage

ppid [pid]