Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
82 views
in Technique[技术] by (71.8m points)

winlogon - Creating a process in a non-zero session from a service in windows-2008-server?

I was wondering if there is a simple way for a service to create a process in user session?

My service is running as a user(administrator) account and not as a LocalSystem acount, therefore i can't use the WTSQueryUserToken function.

i have tried calling

OpenProcessToken(GetCurrentProcess,TOKEN_ALL_ACCESS,TokenHandle);

but when i use this token to run

 CreateProcessAsUser(TokenHandle,.....)

my process is still running in session 0. how can i resolve this issue?

I'm using an Ole automation so i don't really care on which session the process will be running on, as long it is not the session 0 - because the Ole from some reason doesn't create its processes (winword.exe for instance) in session 0, but rather it creates them in other user sessions.

Any suggestions will be welcome. Thanks in advance.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I Have been able to resolve this issue myself, thanks for all of those who have looked at this question.

Ok, so as i mentioned above - the Token belongs to a process which is running in session 0...

so what i have done...is looked for a token of a process that is not running in session 0. when you take it's process id as the parameter for OpenProcessToken. than the CreateProcessAsUser will create the process in the same session (and probably with the same cridentals as the process you have chosen);

The problem was that i couldn't have get any details on most of the processes using the function: QueryFullProcessImageName - because it has a bug, and it doesn't work on proccesses that are created from a path that contains spaces (like C:Program files for instance) and another issue with that function i guess is that because i'm running the original process using a user cridentals i can't access the information of a process that is running using the Local-system account. which is pretty bad because i wanted to take the winlogon.exe as my process (because it indicate a new opened session).

also in order to succeeed in that trick, you must play a little bit with the security of the system, in order to allow the process to ask for elevated security: what i have chosen to get elevated for is : SeDebugPrivilege - for finding information on the running processes SeAssignPrimaryTokenPrivilege - in order to run a new process with the token i extracted from the user session process(i.e explorer.exe) SeCreateTokenPrivilege - i dont know if it is needed but i did it anyway because it sounds related.

in order to succeed in elevating this Privileges - you must add the user that run the process to the relevant users in all of this Privileges in run->gpedit.msc or run->secpol.msc (under Local Computer PolicyComputer Configuration Windows SettingsSecurity settings LocalPoliciesUser Rights Assignments)

add your account to the following rights(compaitable with the Previleges above) :
Create a token object
Debug Programs
Replace a Process level token

and that is it! :) it has been working Great! Btw, you might want to disable all the UAC stuff...i dont know if it is related or not, but it has made the working with 2008 less painful - no more annoying popups.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...