static void Main(string[] args)
{
#region WInAPIMarshal을 이용한 방식
var p = new ProcessWMI();
//p.Privilege_Up();
foreach (var info in p.GetProcessList())
{
Console.WriteLine($"ProcessName = {info.ProcessNameWithExtension}, Path = {info.ProcessPath}");
}
#endregion
var a = p.GetProcessList();
//Console.WriteLine(a.Where(pp => pp.ProcessNameWithExtension.IndexOf("winlogon.exe") != -1).Count());
}
public bool CreateProcessInConsoleSession(string CommandLine, int sessionID, bool bElevate = true) //서비스 모드에서만 사용 가능
{
var pWmi = new ProcessWMI();
bool findwinlogon = false;
bool bResult = false;
uint dwSessionId, winlogonPid = 0;
IntPtr hUserTokenDup = IntPtr.Zero, hPToken = IntPtr.Zero, hProcess = IntPtr.Zero;
if (sessionID != -1)
{
dwSessionId = (uint)sessionID;
}
else
{
// Log the client on to the local computer.
dwSessionId = WTSGetActiveConsoleSessionId();
}
var getProcessList = pWmi.GetProcessList();
findwinlogon = getProcessList.Where(p => p.ProcessNameWithExtension.ToLower().Equals("winlogon.exe")).Count() != 0;
if (findwinlogon)
{
winlogonPid = (uint)(getProcessList.Where(p => p.ProcessNameWithExtension.ToLower().Equals("winlogon.exe")).First().SessionId);
Debug.WriteLine("winlogonPid = " + winlogonPid.ToString());
STARTUPINFO si = new STARTUPINFO();
si.cb = (int)Marshal.SizeOf(si);
//si.lpDesktop = "winsta0\\default";
si.lpDesktop = "winsta0\\default";
TOKEN_PRIVILEGES tp = new TOKEN_PRIVILEGES();
LUID luid = new LUID();
hProcess = OpenProcess(MAXIMUM_ALLOWED, false, winlogonPid);
if (!OpenProcessToken(hProcess, TOKEN_ALL_ACCESS | TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY
| TOKEN_ADJUST_SESSIONID | TOKEN_READ | TOKEN_WRITE, ref hPToken))
{
Debug.WriteLine(String.Format("CreateProcessInConsoleSession OpenProcessToken error: {0}", Marshal.GetLastWin32Error()));
}
if (!LookupPrivilegeValue(IntPtr.Zero, SE_TCB_NAME /*SE_DEBUG_NAME*/, ref luid))
{
Debug.WriteLine(String.Format("CreateProcessInConsoleSession LookupPrivilegeValue error: {0}", Marshal.GetLastWin32Error()));
}
tp.PrivilegeCount = 1;
tp.Privileges = new int[3];
tp.Privileges[2] = SE_PRIVILEGE_ENABLED;
tp.Privileges[1] = luid.HighPart;
tp.Privileges[0] = luid.LowPart;
SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES();
sa.Length = Marshal.SizeOf(sa);
if (!DuplicateTokenEx(hPToken, MAXIMUM_ALLOWED, ref sa, (int)SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, (int)TOKEN_TYPE.TokenPrimary, ref hUserTokenDup))
{
Debug.WriteLine(String.Format("CreateProcessInConsoleSession DuplicateTokenEx error: {0} Token does not have the privilege.", Marshal.GetLastWin32Error()));
CloseHandle(hProcess);
CloseHandle(hPToken);
return(false);
}
if (bElevate)
{
//tp.Privileges[0].Luid = luid;
//tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
tp.PrivilegeCount = 1;
tp.Privileges = new int[3];
tp.Privileges[2] = SE_PRIVILEGE_ENABLED;
tp.Privileges[1] = luid.HighPart;
tp.Privileges[0] = luid.LowPart;
//Adjust Token privilege
if (!SetTokenInformation(hUserTokenDup, TOKEN_INFORMATION_CLASS.TokenSessionId, dwSessionId, (uint)IntPtr.Size))
{
Debug.WriteLine(String.Format("CreateProcessInConsoleSession SetTokenInformation error: {0} Token does not have the privilege.", Marshal.GetLastWin32Error()));
//yCloseHandle(hProcess);
//CloseHandle(hPToken);
//CloseHandle(hUserTokenDup);
//return false;
}
if (!AdjustTokenPrivileges(hUserTokenDup, false, ref tp, Marshal.SizeOf(tp), /*(PTOKEN_PRIVILEGES)*/ IntPtr.Zero, IntPtr.Zero))
{
int nErr = Marshal.GetLastWin32Error();
if (nErr == ERROR_NOT_ALL_ASSIGNED)
{
Debug.WriteLine(String.Format("CreateProcessInConsoleSession AdjustTokenPrivileges error: {0} Token does not have the privilege.", nErr));
}
else
{
Debug.WriteLine(String.Format("CreateProcessInConsoleSession AdjustTokenPrivileges error: {0}", nErr));
}
}
}
uint dwCreationFlags = CREATE_UNICODE_ENVIRONMENT;//NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE;
IntPtr pEnv = IntPtr.Zero;
if (CreateEnvironmentBlock(ref pEnv, hUserTokenDup, true))
{
//dwCreationFlags |= CREATE_UNICODE_ENVIRONMENT;
}
else
{
pEnv = IntPtr.Zero;
}
PROCESS_INFORMATION pi;
// Launch the process in the client's logon session.
bResult = CreateProcessAsUser(hUserTokenDup, // client's access token
null, // file to execute
CommandLine, // command line
ref sa, // pointer to process SECURITY_ATTRIBUTES
ref sa, // pointer to thread SECURITY_ATTRIBUTES
false, // handles are not inheritable
(int)dwCreationFlags, // creation flags
pEnv, // pointer to new environment block
null, // name of current directory
ref si, // pointer to STARTUPINFO structure
out pi // receives information about new process
);
// End impersonation of client.
//GetLastError should be 0
int iResultOfCreateProcessAsUser = Marshal.GetLastWin32Error();
//Close handles task
CloseHandle(hProcess);
CloseHandle(hUserTokenDup);
CloseHandle(hPToken);
return((iResultOfCreateProcessAsUser == 0) ? true : false);
}
else
{
ProcessStartInfo proc = new ProcessStartInfo
{
UseShellExecute = true,
FileName = CommandLine,
Verb = "runas",
};
Process.Start(proc);
return(true);
}
}
