All geek questions in one place

CreateProcessAsUser creates a blank / black window

I use CreateProcessAsUser to create a process using user credentials.

I post what I hope relates to the relevant parts of the code. Let me know if you want to see anything else.

First LogonUser to get a token:

result = LogonUser( username, wcschr(username, '@') ? NULL : (domain ? domain : L"."), password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hrunastoken);

Then I load the profile, set the lpDesktop value of the STARTUPINFO structure to NULL (which makes it use the desktop of the calling process) and calls CreateProcessAsUser:

 result = CreateProcessAsUser( hrunastoken, NULL, apptorun, NULL, NULL, FALSE, CREATE_UNICODE_ENVIRONMENT, envblock ? envblock : NULL, NULL, &si, &pi);

This works great - it enters the system and successfully creates the process, and the process "works." The problem is that the windows created in it are black, because in this screenshot of the notebook process it started with my program:

notepad screenshot

Perhaps the appropriate context:

My account is a local account on a computer running Windows 7 with full administrator rights, and I logged in with this account. I used psexec (Sysinternals utility) to open a command prompt that is launched interactively under the local system account. I run my program from this command line. The credentials that I transfer belong to me.

I did not do anything with window / desktop permissions; I assume that the process I create should have rights to those that arise when the process is created in my session, and using the same account with which I have already registered, although I first go through the SYSTEM account. Using Process Explorer, I see no difference in permissions for values ​​and processes windowsstation / desktop with a process that is open through my program and does not open normally. Maybe this is completely inappropriate.

I also can not use the CreateProcessWithLogonW function, because it should work when starting from the SYSTEM account - this function, as well as the "runas" program that comes with Windows, do not work under SYSTEM.

Oddly enough, I can not use my current method to open processes if I do not start it under the SYSTEM account, because "the required privilege is not held by the client", so I can not compare the created windows when I run my program under my account and account SYSTEM ...

+5
source share
1 answer

The default DACL for window workstations and desktops provides full access to the login SID (which is unique to the current login session ), and not to the SID user. (The SID also appears in the DACL for the window station, but has only limited permissions. It does not appear on the DACL desktop.)

The LogonUser call generates a new session (and its associated login ID) instead of reusing the existing one, so your process does not have access to the desktop and has minimal access to the window station. (Actually, I'm a little puzzled by how the process is managed at all, when I tried to reproduce your results, the process immediately exited with exit code 0xC0000142, as expected.)

The second part of the code in this answer shows how to change the DACL on the window station and on the desktop to allow the process to work correctly. (This may not be the best solution, however, depending on your specific goals.)

+4
source

Source: https://habr.com/ru/post/1207447/

More articles:


All Articles