All geek questions in one place

Pretend to be a standard user

I am trying to do my current process, which rises to restart the explorer using a standard user token.

What I do, first I start the main process as an administrator, and then take a snapshot of the work:

if (Process32First(hSnapshot,&pe32)) { do { if (!wcsicmp(pe32.szExeFile, L"explorer.exe")) { DWORD dwExplorerSessId = 0; if (ProcessIdToSessionId(pe32.th32ProcessID, &dwExplorerSessId) && dwExplorerSessId == dwSessionId) { dwExplorerLogonPid = pe32.th32ProcessID; break; } } } while (Process32Next(hSnapshot, &pe32)); } CloseHandle(hSnapshot);

then as soon as I get the PID of the explorer, which works under the standard user account, I call:

 OpenProcessToken(hProcess,TOKEN_DUPLICATE | TOKEN_QUERY | TOKEN_IMPERSONATE ,&hPToken))

then I call:

 ImpersonateLoggedOnUser(hPToken);

and finally, I taskkill explorer.exe, and the shell will execute it again, but it works under administrator privileges.

As if impersonateLoggedonUser is not working. Although its return is true and GetLastError () returns 0;

I also tried using CreateProcessAsUser (), but this always gives ERROR_FILE_NOT_FOUND:

  STARTUPINFO si; GetStartupInfo(&si); PROCESS_INFORMATION pi; ZeroMemory(&pi, sizeof(PROCESS_INFORMATION)); TCHAR tchcmd[MAX_PATH]; _tcscpy(tchcmd, _T("explorer.exe")); PVOID penv; CreateEnvironmentBlock(&penv, hToken, FALSE); HANDLE hNewToken; DuplicateTokenEx(hToken, TOKEN_ALL_ACCESS, NULL, SecurityIdentification, TokenImpersonation, &hNewToken); CreateProcessAsUser(, NULL, tchcmd, 0, 0, 0, CREATE_DEFAULT_ERROR_MODE, penv, 0, &si, &pi );

Any ideas or suggestions.

+4
source share
2 answers

Do you call DuplicateTokenEx on the token before using it? You must.

Instead of ImpersonateLoggedOnUser, you can simply just call CreateProcessAsUser .

Change according to yours:

  • Your CreateProcessAsUser, by the way, should pass: CREATE_DEFAULT_ERROR_MODE | CREATE_UNICODE_ENVIRONMENT CREATE_DEFAULT_ERROR_MODE | CREATE_UNICODE_ENVIRONMENT for dwCreationFlags .

  • You should also check for CreateEnvironmentBlock errors.

  • You must also configure Ace desktop and window station .

  • Instead of specifying the path directly in CreateProcessByUser, you should first expand any environment variables in the string using ExpandEnvironmentStringsForUser. This will, for example, convert: %windir%\explorer.exe to C:\windows\explorer.exe

.

 wchar_t szNewCommandLine[MAX_PATH]; if(!::ExpandEnvironmentStringsForUser(hNewToken, tchcmd, szNewCommandLine, MAX_PATH - 1)) { DWORD dwExpandEnvLastError = GetLastError(); //error handling }

For further reading, see this post in Session Management, Window Station, and Desktop .

+3
source

I encountered a similar problem when trying to run the program as a standard user from the installer, running with elevated administrator privileges. After trying (and failing) to do this using the CreateProcessAsUser function, I came across a solution using ShellExecute from the IShellDispatch2 interface.

It can be used to start the process as the current interactive user. For full implementation, see here: https://code.google.com/p/mulder/source/browse/trunk/Utils/nsis_stdutils/Contrib/StdUtils/ShellExecAsUser.cpp?r=327

Hope this helps!

0
source

Source: https://habr.com/ru/post/1301587/

More articles:


All Articles