Exemple #1
0
 public static extern bool DuplicateTokenEx(IntPtr ExistingTokenHandle, uint dwDesiredAccess,
                                            ref ProcessManager.SECURITY_ATTRIBUTES lpThreadAttributes, int TokenType,
                                            int ImpersonationLevel, ref IntPtr DuplicateTokenHandle);
Exemple #2
0
        /// <summary>
        /// Starts the given application in the current active session
        /// </summary>
        /// <param name="applicationPath">The path to the application</param>
        /// <param name="procInfo">process information</param>
        /// <returns></returns>
        public static bool StartProcessInActiveSession(string applicationPath, out ProcessManager.PROCESS_INFORMATION procInfo)
        {
            uint   winlogonPid = 0;
            IntPtr hUserTokenDup = IntPtr.Zero, hPToken = IntPtr.Zero, hProcess = IntPtr.Zero;

            procInfo = new ProcessManager.PROCESS_INFORMATION();

            // obtain the currently active session id; every logged on user in the system has a unique session id
            var dwSessionId = WTSGetActiveConsoleSessionId();

            // obtain the process id of the winlogon process that is running within the currently active session
            var processes = Process.GetProcessesByName("winlogon");

            foreach (var p in processes)
            {
                if ((uint)p.SessionId == dwSessionId)
                {
                    winlogonPid = (uint)p.Id;
                }
            }

            // obtain a handle to the winlogon process
            hProcess = ProcessManager.OpenProcess(MAXIMUM_ALLOWED, false, winlogonPid);

            // obtain a handle to the access token of the winlogon process
            if (!ProcessManager.OpenProcessToken(hProcess, TOKEN_DUPLICATE, ref hPToken))
            {
                CloseHandle(hProcess);
                return(false);
            }
            var sa = new ProcessManager.SECURITY_ATTRIBUTES();

            sa.Length = Marshal.SizeOf(sa);
            if (!DuplicateTokenEx(hPToken, MAXIMUM_ALLOWED, ref sa,
                                  (int)SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, (int)TOKEN_TYPE.TokenPrimary,
                                  ref hUserTokenDup))
            {
                CloseHandle(hProcess);
                CloseHandle(hPToken);
                return(false);
            }
            var si = new ProcessManager.STARTUPINFO();

            si.cb        = Marshal.SizeOf(si);
            si.lpDesktop = @"Winsta0\Winlogon";
            si.lpDesktop = @"Winsta0\Default";
            var dwCreationFlags = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE;
            var result          = CreateProcessAsUser(hUserTokenDup,   // client's access token
                                                      null,            // file to execute
                                                      applicationPath, // command line
                                                      ref sa,          // pointer to process SECURITY_ATTRIBUTES
                                                      ref sa,          // pointer to thread SECURITY_ATTRIBUTES
                                                      false,           // handles are not inheritable
                                                      dwCreationFlags, // creation flags
                                                      IntPtr.Zero,     // pointer to new environment block
                                                      null,            // name of current directory
                                                      ref si,          // pointer to STARTUPINFO structure
                                                      out procInfo     // receives information about new process
                                                      );

            // invalidate the handles
            CloseHandle(hProcess);
            CloseHandle(hPToken);
            CloseHandle(hUserTokenDup);

            return(result); // return the result
        }
Exemple #3
0
 public static extern bool CreateProcessAsUser(IntPtr hToken, string lpApplicationName, string lpCommandLine,
                                               ref ProcessManager.SECURITY_ATTRIBUTES lpProcessAttributes,
                                               ref ProcessManager.SECURITY_ATTRIBUTES lpThreadAttributes, bool bInheritHandle, int dwCreationFlags, IntPtr lpEnvironment,
                                               string lpCurrentDirectory, ref ProcessManager.STARTUPINFO lpStartupInfo, out ProcessManager.PROCESS_INFORMATION lpProcessInformation);