public void ModifyStartup(ref STARTUPINFOEX startupInfoEx, ref CREATE_PROCESS_FLAGS createProcessFlags)
{
using (var windowStation = WindowStation.GetCurrent())
{
startupInfoEx.StartupInfo.lpDesktop = windowStation.Name + "\\" + this.Desktop.Name;
}
}
public static extern bool CreateProcessAsUser(
SafeTokenHandle hToken,
string applicationName,
string commandLine,
SECURITY_ATTRIBUTES pProcessAttributes,
SECURITY_ATTRIBUTES pThreadAttributes,
bool bInheritHandles,
CREATE_PROCESS_FLAGS dwCreationFlags,
IntPtr pEnvironment,
string currentDirectory,
ref STARTUPINFOEX startupInfo,
out PROCESS_INFORMATION processInformation);
public static extern bool CreateProcessAsUser
(
IntPtr hToken,
string lpApplicationName,
string lpCommandLine,
SECURITY_ATTRIBUTES lpProcessAttributes,
SECURITY_ATTRIBUTES lpThreadAttributes,
bool bInheritHandles,
CREATE_PROCESS_FLAGS dwCreationFlags,
IntPtr lpEnvironment,
string lpCurrentDirectory,
ref STARTUPINFO lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation
);
/// <summary>
/// Starts the sandboxed process.
/// </summary>
public void Start(ProcessStartInfo processStartInfo)
{
if (processStartInfo == null)
{
throw new ArgumentNullException(nameof(processStartInfo));
}
this.tracer.Trace(
nameof(SandboxedProcess),
"Starting process '{0}' (arguments '{1}') with protections {2}",
processStartInfo.FileName,
processStartInfo.Arguments,
string.Join(" ", this.protections.Select(x => x.GetType().Name)));
using (WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent())
using (SafeTokenHandle currentToken = new SafeTokenHandle(currentIdentity.Token, ownsHandle: false))
{
// Start with the current process' token, and then allow the protections to mutate it as required.
this.tracer.Trace(nameof(SandboxedProcess), "Modifying current process token");
SafeTokenHandle processToken = currentToken;
foreach (IProtection protection in this.protections)
{
protection.ModifyToken(ref processToken);
}
STARTUPINFOEX startupInfo = new STARTUPINFOEX();
startupInfo.Init();
CREATE_PROCESS_FLAGS createProcessFlags = CREATE_PROCESS_FLAGS.NONE;
// Now allow the protections to change the startup information as required.
this.tracer.Trace(
nameof(SandboxedProcess),
"Modifying startup info");
foreach (IProtection protection in this.protections)
{
protection.ModifyStartup(ref startupInfo, ref createProcessFlags);
}
// Make sure extended startupinfo flag is set.
createProcessFlags |= CREATE_PROCESS_FLAGS.EXTENDED_STARTUPINFO_PRESENT;
string quotedFileName = processStartInfo.FileName;
if (quotedFileName[0] != '"')
{
quotedFileName = "\"" + quotedFileName + "\"";
}
// Start the process.
PROCESS_INFORMATION processInfo = default;
try
{
this.tracer.Trace(nameof(SandboxedProcess), "Creating sandboxed process");
if (!Methods.CreateProcessAsUser(
processToken,
applicationName: null,
commandLine: quotedFileName + " " + processStartInfo.Arguments,
pProcessAttributes: null,
pThreadAttributes: null,
bInheritHandles: false,
dwCreationFlags: createProcessFlags,
pEnvironment: IntPtr.Zero,
currentDirectory: null,
ref startupInfo,
out processInfo))
{
throw new SandboxException(
"Unable to create process",
new Win32Exception());
}
// Get a managed Process instance so we can avoid reimplementing all its goodness.
this.process = Process.GetProcessById(processInfo.dwProcessId);
this.tracer.Trace(nameof(SandboxedProcess), "Created process {0}", this.process.Id);
// Let the protections modify the process now that it has been created.
this.tracer.Trace(nameof(SandboxedProcess), "Modifying sandboxed process");
foreach (IProtection protection in this.protections)
{
protection.ModifyProcess(this.process);
}
// Resume the process.
this.tracer.Trace(nameof(SandboxedProcess), "Resuming sandboxed process");
Methods.ResumeThread(processInfo.hThread);
}
finally
{
if (processInfo.hProcess != IntPtr.Zero)
{
Methods.CloseHandle(processInfo.hProcess);
}
if (processInfo.hThread != IntPtr.Zero)
{
Methods.CloseHandle(processInfo.hThread);
}
}
}
}
public void ModifyStartup(ref STARTUPINFOEX startupInfoEx, ref CREATE_PROCESS_FLAGS createProcessFlags)
{
}
public static extern bool CreateProcessWithTokenW(IntPtr hToken, uint dwLogonFlags, string lpApplicationName, StringBuilder lpCommandLine, CREATE_PROCESS_FLAGS dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, STARTUPINFO lpStartupInfo, PROCESS_INFORMATION lpProcessInformation);
public void ModifyStartup(ref STARTUPINFOEX startupInfoEx, ref CREATE_PROCESS_FLAGS createProcessFlags)
{
this.AppContainer.SetAttributeList(ref startupInfoEx);
}
