Why does Windows not allow WinSock to be started while impersonating another user

南楼画角 提交于 2019-12-01 02:39:52

问题


Using my own program or others I can't get winsock to run when calling if the process is created with CreateProcessWithLogonW or CreateProcessAsUserW. It returns this error when I create the socket:

WSAEPROVIDERFAILEDINIT 10106

Service provider failed to initialize.

The requested service provider could not be loaded or initialized.

This error is returned if either a service provider's DLL could not be loaded (LoadLibrary failed) or the provider's WSPStartup or NSPStartup function failed

.

However, WSAStartup seems to go w/o an error. Just creating the socket with WSASocket returns this.

UPDATE:

Errors:

LoadUserProfile: Error Code 2. Can't find file specified

AdjustTokenPrivs: Error Code 5. Access Denied


回答1:


I encountered exactly the same problem and it was due to the environment (!): Apparently WinSock expects a valid SystemRoot environment variable to be set. In my case I was calling CreateProcess() by specifying only one environment variable specific to my app (without inheriting the caller's environment), and it was failing.

Check that you created your process by either passing NULL to lpEnvironment to inherit the caller's environment, or specify a valid SystemRoot environment variable.

Completely undocumented AFAIK, but it worked for me.




回答2:


Perhaps the user you executed the process with isn't allowed to use the TCP/IP stack?

Try to start the application with an administrator user that is not your own account.




回答3:


You have to have the Act As Operating Priv




回答4:


May be you lack the required privileges to run the process as another user. Try getting the handle to the access token by a call to OpenProcessToken and add SE_IMPERSONATE_NAME by a call to AdjustTokenPrivileges and then call CreateProcessAsUserW. I have not tried this myself though.
Code snippet in Python to do something similar with win32 calls




回答5:


Run Process Monitor on it and see if it is failing to find a file or registry key. Perhaps the impersonated user's profile is not loaded and Winsock (or a service provider it is trying to load) is looking for something there.




回答6:


Always start WinSock near the top of main and leave it running. The need to start winsock is an accident of architecture and not germain to any problem domain anymore.



来源:https://stackoverflow.com/questions/1554878/why-does-windows-not-allow-winsock-to-be-started-while-impersonating-another-use

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!