static uint createProcessInSession(uint dwSessionId, String commandLine, WinApi.Advapi32.CreationFlags dwCreationFlags = 0, WinApi.Advapi32.STARTUPINFO?startupInfo = null, bool bElevate = false)
{
IntPtr hUserToken = IntPtr.Zero;
IntPtr hUserTokenDup = IntPtr.Zero;
IntPtr hPToken = IntPtr.Zero;
IntPtr hProcess = IntPtr.Zero;
try
{
// Log the client on to the local computer.
//uint dwSessionId = WTSGetActiveConsoleSessionId();
//// Find the winlogon process
//var procEntry = new PROCESSENTRY32();
//uint hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
//if (hSnap == INVALID_HANDLE_VALUE)
// throw new Exception("CreateToolhelp32Snapshot == INVALID_HANDLE_VALUE. " + ErrorRoutines.GetLastError());
//procEntry.dwSize = (uint)Marshal.SizeOf(procEntry); //sizeof(PROCESSENTRY32);
//if (Process32First(hSnap, ref procEntry) == 0)
// throw new Exception("Process32First == 0. " + ErrorRoutines.GetLastError());
//uint winlogonPid = 0;
//String strCmp = "explorer.exe";
//do
//{
// if (strCmp.IndexOf(procEntry.szExeFile) == 0)
// {
// // We found a winlogon process...make sure it's running in the console session
// uint winlogonSessId = 0;
// if (ProcessIdToSessionId(procEntry.th32ProcessID, ref winlogonSessId) && winlogonSessId == dwSessionId)
// {
// winlogonPid = procEntry.th32ProcessID;
// break;
// }
// }
//}
//while (Process32Next(hSnap, ref procEntry) != 0);
//if (winlogonPid == 0)
// throw new Exception("winlogonPid == 0");
//Get the user token used by DuplicateTokenEx
//WTSQueryUserToken(dwSessionId, ref hUserToken);
//if (hUserToken == IntPtr.Zero)
// throw new Exception("WTSQueryUserToken == 0. " + ErrorRoutines.GetLastError());
WinApi.Advapi32.STARTUPINFO si;
if (startupInfo != null)
{
si = (WinApi.Advapi32.STARTUPINFO)startupInfo;
}
else
{
si = new WinApi.Advapi32.STARTUPINFO();
}
si.cb = Marshal.SizeOf(si);
si.lpDesktop = "winsta0\\default";
//hProcess = OpenProcess(MAXIMUM_ALLOWED, false, winlogonPid);
//if (hProcess == IntPtr.Zero)
// throw new Exception("OpenProcess == IntPtr.Zero. " + ErrorRoutines.GetLastError());
if (!WinApi.Advapi32.OpenProcessToken(Process.GetCurrentProcess().Handle, WinApi.Advapi32.DesiredAccess.MAXIMUM_ALLOWED, out hPToken))
{
//if (!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY | TOKEN_ADJUST_SESSIONID | TOKEN_READ | TOKEN_WRITE, ref hPToken))
throw new Exception("!OpenProcessToken. " + ErrorRoutines.GetLastError());
}
//var luid = new LUID();
//if (!LookupPrivilegeValue(IntPtr.Zero, SE_DEBUG_NAME, ref luid))
// throw new Exception("!LookupPrivilegeValue. " + ErrorRoutines.GetLastError());
var sa = new WinApi.Advapi32.SECURITY_ATTRIBUTES();
sa.Length = Marshal.SizeOf(sa);
if (!WinApi.Advapi32.DuplicateTokenEx(hPToken, WinApi.Advapi32.DesiredAccess.MAXIMUM_ALLOWED, ref sa, WinApi.Advapi32.SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, WinApi.Advapi32.TOKEN_TYPE.TokenPrimary, ref hUserTokenDup))
{
throw new Exception("!DuplicateTokenEx. " + ErrorRoutines.GetLastError());
}
//if (bElevate)
//{
// var tp = new TOKEN_PRIVILEGES();
// //tp.Privileges[0].Luid = luid;
// //tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
// tp.PrivilegeCount = 1;
// tp.Privileges = new int[3];
// tp.Privileges[2] = SE_PRIVILEGE_ENABLED;
// tp.Privileges[1] = luid.HighPart;
// tp.Privileges[0] = luid.LowPart;
// //Adjust Token privilege
// if (!SetTokenInformation(hUserTokenDup, TOKEN_INFORMATION_CLASS.TokenSessionId, ref dwSessionId, (uint)IntPtr.Size))
// throw new Exception("!SetTokenInformation. " + ErrorRoutines.GetLastError());
// if (!AdjustTokenPrivileges(hUserTokenDup, false, ref tp, Marshal.SizeOf(tp), /*(PTOKEN_PRIVILEGES)*/IntPtr.Zero, IntPtr.Zero))
// throw new Exception("!AdjustTokenPrivileges. " + ErrorRoutines.GetLastError());
//}
//dwCreationFlags |= dwCreationFlagValues.NORMAL_PRIORITY_CLASS| dwCreationFlagValues.CREATE_NEW_CONSOLE;
//IntPtr pEnv = IntPtr.Zero;
//if (CreateEnvironmentBlock(ref pEnv, hUserTokenDup, true))
// dwCreationFlags |= dwCreationFlagValues.CREATE_UNICODE_ENVIRONMENT;
//else
// pEnv = IntPtr.Zero;
// Launch the process in the client's logon session.
WinApi.Advapi32.PROCESS_INFORMATION pi;
if (!WinApi.Advapi32.CreateProcessAsUser(hUserTokenDup, // client's access token
null, // file to execute
commandLine, // command line
ref sa, // pointer to process SECURITY_ATTRIBUTES
ref sa, // pointer to thread SECURITY_ATTRIBUTES
false, // handles are not inheritable
dwCreationFlags, // creation flags
IntPtr.Zero, //pEnv, // pointer to new environment block
null, // name of current directory
ref si, // pointer to STARTUPINFO structure
out pi // receives information about new process
))
{
throw new Exception("!CreateProcessAsUser. " + ErrorRoutines.GetLastError());
}
return(pi.dwProcessId);
}
//catch(Exception e)
//{
//}
finally
{
if (hProcess != IntPtr.Zero)
{
WinApi.Kernel32.CloseHandle(hProcess);
}
if (hUserToken != IntPtr.Zero)
{
WinApi.Kernel32.CloseHandle(hUserToken);
}
if (hUserTokenDup != IntPtr.Zero)
{
WinApi.Kernel32.CloseHandle(hUserTokenDup);
}
if (hPToken != IntPtr.Zero)
{
WinApi.Kernel32.CloseHandle(hPToken);
}
//if (pEnv != IntPtr.Zero)
// DestroyEnvironmentBlock(pEnv);
}
}
static void beginMonitorServiceStartStop()
{
try
{
IntPtr hSCM = WinApi.Advapi32.OpenSCManager(null, null, WinApi.Advapi32.SCM_ACCESS.SC_MANAGER_CONNECT);//(WinApi.Advapi32.SCM_ACCESS)0xF003F);//
if (hSCM == IntPtr.Zero)
{
throw new Exception("OpenSCManager: " + ErrorRoutines.GetLastError());
}
IntPtr hService = WinApi.Advapi32.OpenService(hSCM, Cliver.CisteraScreenCaptureService.Program.SERVICE_NAME, WinApi.Advapi32.OpenServiceDesiredAccess.SERVICE_QUERY_STATUS);
if (hService == IntPtr.Zero)
{
throw new Exception("OpenService: " + ErrorRoutines.GetLastError());
}
ThreadRoutines.StartTry(() =>
{
for (; ;)
{
serviceSatusChangedNotify = new WinApi.Advapi32.SERVICE_NOTIFY();
serviceSatusChangedNotify.dwVersion = 2;
serviceSatusChangedNotify.pfnNotifyCallback = Marshal.GetFunctionPointerForDelegate(serviceStatusChangedDelegate);
serviceSatusChangedNotify.pContext = IntPtr.Zero;
serviceSatusChangedNotify.dwNotificationStatus = 0;
WinApi.Advapi32.SERVICE_STATUS_PROCESS process;
process.dwServiceType = 0;
process.dwCurrentState = 0;
process.dwControlsAccepted = 0;
process.dwWin32ExitCode = 0;
process.dwServiceSpecificExitCode = 0;
process.dwCheckPoint = 0;
process.dwWaitHint = 0;
process.dwProcessId = 0;
process.dwServiceFlags = 0;
serviceSatusChangedNotify.ServiceStatus = process;
serviceSatusChangedNotify.dwNotificationTriggered = 0;
serviceSatusChangedNotify.pszServiceNames = Marshal.StringToHGlobalUni(Cliver.CisteraScreenCaptureService.Program.SERVICE_NAME);
notifyHandle = GCHandle.Alloc(serviceSatusChangedNotify, GCHandleType.Pinned);
unmanagedNotifyStructure = notifyHandle.AddrOfPinnedObject();
if (0 != WinApi.Advapi32.NotifyServiceStatusChange(hService, WinApi.Advapi32.NotifyMask.SERVICE_NOTIFY_RUNNING | WinApi.Advapi32.NotifyMask.SERVICE_NOTIFY_STOPPED, unmanagedNotifyStructure))
{
LogMessage.Error("NotifyServiceStatusChange: " + ErrorRoutines.GetLastError());
}
serviceStatusChangedManualResetEvent.Reset();
serviceStatusChangedManualResetEvent.WaitOne();
notifyHandle.Free();
}
},
null,
() =>
{
try
{
notifyHandle.Free();
}
catch { }
}
);
}
catch (Exception e)
{
LogMessage.Error(e);
}
}
static uint createProcessInSession(uint dwSessionId, String commandLine, WinApi.Advapi32.CreationFlags dwCreationFlags = 0, WinApi.Advapi32.STARTUPINFO?startupInfo = null, bool bElevate = false)
{
Log.Main.Inform("Launching (in session " + dwSessionId + "):\r\n" + commandLine);
IntPtr hNewProcessToken = IntPtr.Zero;
IntPtr hProcessToken = IntPtr.Zero;
try
{
WinApi.Advapi32.STARTUPINFO si;
if (startupInfo != null)
{
si = (WinApi.Advapi32.STARTUPINFO)startupInfo;
}
else
{
si = new WinApi.Advapi32.STARTUPINFO();
}
si.cb = Marshal.SizeOf(si);
si.lpDesktop = "winsta0\\default";
if (!WinApi.Advapi32.OpenProcessToken(Process.GetCurrentProcess().Handle, WinApi.Advapi32.DesiredAccess.MAXIMUM_ALLOWED, out hProcessToken))
{
throw new Exception("!OpenProcessToken. " + ErrorRoutines.GetLastError());
}
var sa = new WinApi.Advapi32.SECURITY_ATTRIBUTES();
sa.Length = Marshal.SizeOf(sa);
if (!WinApi.Advapi32.DuplicateTokenEx(hProcessToken, WinApi.Advapi32.DesiredAccess.MAXIMUM_ALLOWED, ref sa, WinApi.Advapi32.SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, WinApi.Advapi32.TOKEN_TYPE.TokenPrimary, ref hNewProcessToken))
{
throw new Exception("!DuplicateTokenEx. " + ErrorRoutines.GetLastError());
}
if (!WinApi.Advapi32.SetTokenInformation(hNewProcessToken, WinApi.Advapi32.TOKEN_INFORMATION_CLASS.TokenSessionId, ref dwSessionId, (uint)IntPtr.Size))
{
throw new Exception("!SetTokenInformation. " + ErrorRoutines.GetLastError());
}
WinApi.Advapi32.PROCESS_INFORMATION pi;
if (!WinApi.Advapi32.CreateProcessAsUser(hNewProcessToken, // client's access token
null, // file to execute
commandLine, // command line
ref sa, // pointer to process SECURITY_ATTRIBUTES
ref sa, // pointer to thread SECURITY_ATTRIBUTES
false, // handles are not inheritable
dwCreationFlags, // creation flags
IntPtr.Zero, //pEnv, // pointer to new environment block
null, // name of current directory
ref si, // pointer to STARTUPINFO structure
out pi // receives information about new process
))
{
throw new Exception("!CreateProcessAsUser. " + ErrorRoutines.GetLastError());
}
return(pi.dwProcessId);
}
//catch(Exception e)
//{
//}
finally
{
if (hProcessToken != IntPtr.Zero)
{
WinApi.Kernel32.CloseHandle(hProcessToken);
}
if (hNewProcessToken != IntPtr.Zero)
{
WinApi.Kernel32.CloseHandle(hNewProcessToken);
}
}
}
