public static extern bool DuplicateTokenEx(IntPtr ExistingTokenHandle, uint dwDesiredAccess,
ref ProcessManager.SECURITY_ATTRIBUTES lpThreadAttributes, int TokenType,
int ImpersonationLevel, ref IntPtr DuplicateTokenHandle);
/// <summary>
/// Starts the given application in the current active session
/// </summary>
/// <param name="applicationPath">The path to the application</param>
/// <param name="procInfo">process information</param>
/// <returns></returns>
public static bool StartProcessInActiveSession(string applicationPath, out ProcessManager.PROCESS_INFORMATION procInfo)
{
uint winlogonPid = 0;
IntPtr hUserTokenDup = IntPtr.Zero, hPToken = IntPtr.Zero, hProcess = IntPtr.Zero;
procInfo = new ProcessManager.PROCESS_INFORMATION();
// obtain the currently active session id; every logged on user in the system has a unique session id
var dwSessionId = WTSGetActiveConsoleSessionId();
// obtain the process id of the winlogon process that is running within the currently active session
var processes = Process.GetProcessesByName("winlogon");
foreach (var p in processes)
{
if ((uint)p.SessionId == dwSessionId)
{
winlogonPid = (uint)p.Id;
}
}
// obtain a handle to the winlogon process
hProcess = ProcessManager.OpenProcess(MAXIMUM_ALLOWED, false, winlogonPid);
// obtain a handle to the access token of the winlogon process
if (!ProcessManager.OpenProcessToken(hProcess, TOKEN_DUPLICATE, ref hPToken))
{
CloseHandle(hProcess);
return(false);
}
var sa = new ProcessManager.SECURITY_ATTRIBUTES();
sa.Length = Marshal.SizeOf(sa);
if (!DuplicateTokenEx(hPToken, MAXIMUM_ALLOWED, ref sa,
(int)SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, (int)TOKEN_TYPE.TokenPrimary,
ref hUserTokenDup))
{
CloseHandle(hProcess);
CloseHandle(hPToken);
return(false);
}
var si = new ProcessManager.STARTUPINFO();
si.cb = Marshal.SizeOf(si);
si.lpDesktop = @"Winsta0\Winlogon";
si.lpDesktop = @"Winsta0\Default";
var dwCreationFlags = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE;
var result = CreateProcessAsUser(hUserTokenDup, // client's access token
null, // file to execute
applicationPath, // command line
ref sa, // pointer to process SECURITY_ATTRIBUTES
ref sa, // pointer to thread SECURITY_ATTRIBUTES
false, // handles are not inheritable
dwCreationFlags, // creation flags
IntPtr.Zero, // pointer to new environment block
null, // name of current directory
ref si, // pointer to STARTUPINFO structure
out procInfo // receives information about new process
);
// invalidate the handles
CloseHandle(hProcess);
CloseHandle(hPToken);
CloseHandle(hUserTokenDup);
return(result); // return the result
}
public static extern bool CreateProcessAsUser(IntPtr hToken, string lpApplicationName, string lpCommandLine,
ref ProcessManager.SECURITY_ATTRIBUTES lpProcessAttributes,
ref ProcessManager.SECURITY_ATTRIBUTES lpThreadAttributes, bool bInheritHandle, int dwCreationFlags, IntPtr lpEnvironment,
string lpCurrentDirectory, ref ProcessManager.STARTUPINFO lpStartupInfo, out ProcessManager.PROCESS_INFORMATION lpProcessInformation);