问题
I'm getting an error with my CreateProcessAsUser function. It says "The requested operation requires elevation. " I thought i had given it the highest privilege i could. Anyone help? thanks
My code is as follows:
activeSessionId = WTSGetActiveConsoleSessionId();//get the currently logged on user's active session id
hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );//take snapshot of all processes in The system
pe32.dwSize = sizeof(PROCESSENTRY32);
Process32First(hProcessSnap, &pe32)
do//iterate through all processes
{
if(_wcsicmp(pe32.szExeFile, L"winlogon.exe") == 0)//narrow down to process called "winlogon.exe"
{
if (ProcessIdToSessionId(pe32.th32ProcessID, &peSessionID)
&& peSessionID == activeSessionId)//compare the sessionID of each winlog process to the active console session id
{
winlogonPID = pe32.th32ProcessID;
break;
}
}
}while( Process32Next( hProcessSnap, &pe32 ) );
dwCreationFlags = (NORMAL_PRIORITY_CLASS|CREATE_NEW_CONSOLE);
hProcess = OpenProcess(PROCESS_ALL_ACCESS,false,winlogonPID);//return handle to winlogon process
OpenProcessToken(hProcess,TOKEN_ALL_ACCESS,&hPToken)//opens the access token
LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid)//get the locally unique identifier(luid)
//creates a new access token and duplicates winlogon token of the active user
DuplicateTokenEx(hPToken,MAXIMUM_ALLOWED,NULL,SecurityIdentification,TokenPrimary,&hUserTokenDup)
}
SetTokenInformation(hUserTokenDup,TokenSessionId,(void*)&activeSessionId,sizeof(DWORD))//sets info for duplicated token
//adjust the privileges of the duplicated token
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hUserTokenDup, FALSE, &tp, sizeof(TOKEN_PRIVILEGES),(PTOKEN_PRIVILEGES)NULL,NULL)
pEnv = NULL;
if(CreateEnvironmentBlock(&pEnv,hUserTokenDup,TRUE))//retrieve environment variables for the user
{
dwCreationFlags|=CREATE_UNICODE_ENVIRONMENT;
}
else pEnv = NULL;
ZeroMemory( &si, sizeof(si) );//set parameters to 0
si.cb = sizeof(si);//the size of si
si.lpDesktop = L"WinSta0\\Default";//window station and desktop of interactive user
ZeroMemory( &pi, sizeof(pi) );//set parameters to 0
//launch the process in active logged in user's session
CreateProcessAsUser
(
hUserTokenDup,
NULL,
Path,
NULL,
NULL,
FALSE,
dwCreationFlags,
pEnv,
NULL,
&si,
&pi
)
)
//Destroy the Environment block
(DestroyEnvironmentBlock(pEnv)
CloseHandle(hProcess)
CloseHandle(hUserToken)
CloseHandle(hUserTokenDup)
CloseHandle(hPToken)
}
回答1:
What user account is your calling code running under? Does that account have permissions to run processes as other users?
My code that uses CreateProcessAsUser()
runs in a service under the SYSTEM account. The following approach works fine for me, without having to enumerate processes at all:
// error handling omitted for brevity...
DWORD dwSessionId = WTSGetActiveConsoleSessionId();
HANDLE hProcessToken = NULL;
HANDLE hUserToken = NULL;
TOKEN_PRIVILEGES TokenPriv, OldTokenPriv;
DWORD OldSize = 0;
OpenProcess(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hProcessToken);
LookupPrivilegeValue(NULL, SE_TCB_NAME, &TokenPriv.Privileges[0].Luid);
TokenPriv.PrivilegeCount = 1;
TokenPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hProcessToken, FALSE, &TokenPriv, sizeof(TokenPriv), &OldTokenPriv, &OldSize);
HANDLE hToken = NULL;
WTSQueryUserToken(dwSessionId, &hToken);
DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hUserToken);
CloseHandle(hToken);
LPVOID pEnv = NULL;
CreateEnvironmentBlock(&pEnv, hUserToken, FALSE);
STARTUPINFO si = {0};
si.cb = sizeof(si);
si.lpDesktop = TEXT("WinSta0\\Default");
//...
PROCESS_INFORMATION pi = {0};
//launch the process in active logged in user's session
CreateProcessAsUser(
hUserToken,
NULL,
Path,
NULL,
NULL,
FALSE,
NORMAL_PRIORITY_CLASS | CREATE_UNICODE_ENVIRONMENT | ...,
pEnv,
NULL,
&si,
&pi
);
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
DestroyEnvironmentBlock(pEnv);
CloseHandle(hUserToken);
AdjustTokenPrivileges(hProcessToken, FALSE, &OldTokenPriv, sizeof(OldTokenPriv), NULL, NULL);
CloseHandle(hProcessToken);
来源:https://stackoverflow.com/questions/13725435/createproecssasuser-elevated-privilege