static uint createProcessAsUser(string cmdLine, IntPtr hToken, IntPtr envBlock)
{
try
{
WinApi.Advapi32.PROCESS_INFORMATION pi = new WinApi.Advapi32.PROCESS_INFORMATION();
WinApi.Advapi32.SECURITY_ATTRIBUTES saProcess = new WinApi.Advapi32.SECURITY_ATTRIBUTES();
WinApi.Advapi32.SECURITY_ATTRIBUTES saThread = new WinApi.Advapi32.SECURITY_ATTRIBUTES();
saProcess.Length = Marshal.SizeOf(saProcess);
saThread.Length = Marshal.SizeOf(saThread);
WinApi.Advapi32.STARTUPINFO si = new WinApi.Advapi32.STARTUPINFO();
si.cb = Marshal.SizeOf(si);
//if this member is NULL, the new process inherits the desktop
//and window station of its parent process. If this member is
//an empty string, the process does not inherit the desktop and
//window station of its parent process; instead, the system
//determines if a new desktop and window station need to be created.
//If the impersonated user already has a desktop, the system uses the
//existing desktop.
si.lpDesktop = @"WinSta0\Default"; //Modify as needed
si.dwFlags = WinApi.Advapi32.STARTF.USESHOWWINDOW | WinApi.Advapi32.STARTF.FORCEONFEEDBACK;
si.wShowWindow = WinApi.User32.SW_SHOW;
if (!WinApi.Advapi32.CreateProcessAsUser(
hToken,
null,
cmdLine,
ref saProcess,
ref saThread,
false,
WinApi.Advapi32.CreationFlags.CREATE_UNICODE_ENVIRONMENT,
envBlock,
null,
ref si,
out pi
))
{
throw new Exception("!CreateProcessAsUser. " + ErrorRoutines.GetLastError());
}
return(pi.dwProcessId);
}
//catch(Exception e)
//{
//}
finally
{
}
}
public static uint CreateProcessAsUserOfCurrentProcess(uint dwSessionId, String commandLine, WinApi.Advapi32.CreationFlags dwCreationFlags = 0, WinApi.Advapi32.STARTUPINFO?startupInfo = null)
{
Log.Main.Inform("Launching (in session " + dwSessionId + "):\r\n" + commandLine);
IntPtr hNewProcessToken = IntPtr.Zero;
IntPtr hProcessToken = IntPtr.Zero;
try
{
WinApi.Advapi32.STARTUPINFO si;
if (startupInfo != null)
{
si = (WinApi.Advapi32.STARTUPINFO)startupInfo;
}
else
{
si = new WinApi.Advapi32.STARTUPINFO();
}
si.cb = Marshal.SizeOf(si);
si.lpDesktop = "winsta0\\default";
if (!WinApi.Advapi32.OpenProcessToken(Process.GetCurrentProcess().Handle, WinApi.Advapi32.DesiredAccess.MAXIMUM_ALLOWED, out hProcessToken))
{
throw new Exception("!OpenProcessToken. " + ErrorRoutines.GetLastError());
}
var sa = new WinApi.Advapi32.SECURITY_ATTRIBUTES();
sa.Length = Marshal.SizeOf(sa);
if (!WinApi.Advapi32.DuplicateTokenEx(hProcessToken, WinApi.Advapi32.DesiredAccess.MAXIMUM_ALLOWED, ref sa, WinApi.Advapi32.SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, WinApi.Advapi32.TOKEN_TYPE.TokenPrimary, ref hNewProcessToken))
{
throw new Exception("!DuplicateTokenEx. " + ErrorRoutines.GetLastError());
}
if (!WinApi.Advapi32.SetTokenInformation(hNewProcessToken, WinApi.Advapi32.TOKEN_INFORMATION_CLASS.TokenSessionId, ref dwSessionId, (uint)IntPtr.Size))
{
throw new Exception("!SetTokenInformation. " + ErrorRoutines.GetLastError());
}
WinApi.Advapi32.PROCESS_INFORMATION pi;
if (!WinApi.Advapi32.CreateProcessAsUser(hNewProcessToken, // client's access token
null, // file to execute
commandLine, // command line
ref sa, // pointer to process SECURITY_ATTRIBUTES
ref sa, // pointer to thread SECURITY_ATTRIBUTES
false, // handles are not inheritable
dwCreationFlags, // creation flags
IntPtr.Zero, //pEnv, // pointer to new environment block
null, // name of current directory
ref si, // pointer to STARTUPINFO structure
out pi // receives information about new process
))
{
throw new Exception("!CreateProcessAsUser. " + ErrorRoutines.GetLastError());
}
return(pi.dwProcessId);
}
//catch(Exception e)
//{
//}
finally
{
if (hProcessToken != IntPtr.Zero)
{
WinApi.Kernel32.CloseHandle(hProcessToken);
}
if (hNewProcessToken != IntPtr.Zero)
{
WinApi.Kernel32.CloseHandle(hNewProcessToken);
}
}
}
static uint createProcessInSession(uint dwSessionId, String commandLine, WinApi.Advapi32.CreationFlags dwCreationFlags = 0, WinApi.Advapi32.STARTUPINFO?startupInfo = null, bool bElevate = false)
{
IntPtr hUserToken = IntPtr.Zero;
IntPtr hUserTokenDup = IntPtr.Zero;
IntPtr hPToken = IntPtr.Zero;
IntPtr hProcess = IntPtr.Zero;
try
{
// Log the client on to the local computer.
//uint dwSessionId = WTSGetActiveConsoleSessionId();
//// Find the winlogon process
//var procEntry = new PROCESSENTRY32();
//uint hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
//if (hSnap == INVALID_HANDLE_VALUE)
// throw new Exception("CreateToolhelp32Snapshot == INVALID_HANDLE_VALUE. " + ErrorRoutines.GetLastError());
//procEntry.dwSize = (uint)Marshal.SizeOf(procEntry); //sizeof(PROCESSENTRY32);
//if (Process32First(hSnap, ref procEntry) == 0)
// throw new Exception("Process32First == 0. " + ErrorRoutines.GetLastError());
//uint winlogonPid = 0;
//String strCmp = "explorer.exe";
//do
//{
// if (strCmp.IndexOf(procEntry.szExeFile) == 0)
// {
// // We found a winlogon process...make sure it's running in the console session
// uint winlogonSessId = 0;
// if (ProcessIdToSessionId(procEntry.th32ProcessID, ref winlogonSessId) && winlogonSessId == dwSessionId)
// {
// winlogonPid = procEntry.th32ProcessID;
// break;
// }
// }
//}
//while (Process32Next(hSnap, ref procEntry) != 0);
//if (winlogonPid == 0)
// throw new Exception("winlogonPid == 0");
//Get the user token used by DuplicateTokenEx
//WTSQueryUserToken(dwSessionId, ref hUserToken);
//if (hUserToken == IntPtr.Zero)
// throw new Exception("WTSQueryUserToken == 0. " + ErrorRoutines.GetLastError());
WinApi.Advapi32.STARTUPINFO si;
if (startupInfo != null)
{
si = (WinApi.Advapi32.STARTUPINFO)startupInfo;
}
else
{
si = new WinApi.Advapi32.STARTUPINFO();
}
si.cb = Marshal.SizeOf(si);
si.lpDesktop = "winsta0\\default";
//hProcess = OpenProcess(MAXIMUM_ALLOWED, false, winlogonPid);
//if (hProcess == IntPtr.Zero)
// throw new Exception("OpenProcess == IntPtr.Zero. " + ErrorRoutines.GetLastError());
if (!WinApi.Advapi32.OpenProcessToken(Process.GetCurrentProcess().Handle, WinApi.Advapi32.DesiredAccess.MAXIMUM_ALLOWED, out hPToken))
{
//if (!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY | TOKEN_ADJUST_SESSIONID | TOKEN_READ | TOKEN_WRITE, ref hPToken))
throw new Exception("!OpenProcessToken. " + ErrorRoutines.GetLastError());
}
//var luid = new LUID();
//if (!LookupPrivilegeValue(IntPtr.Zero, SE_DEBUG_NAME, ref luid))
// throw new Exception("!LookupPrivilegeValue. " + ErrorRoutines.GetLastError());
var sa = new WinApi.Advapi32.SECURITY_ATTRIBUTES();
sa.Length = Marshal.SizeOf(sa);
if (!WinApi.Advapi32.DuplicateTokenEx(hPToken, WinApi.Advapi32.DesiredAccess.MAXIMUM_ALLOWED, ref sa, WinApi.Advapi32.SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, WinApi.Advapi32.TOKEN_TYPE.TokenPrimary, ref hUserTokenDup))
{
throw new Exception("!DuplicateTokenEx. " + ErrorRoutines.GetLastError());
}
//if (bElevate)
//{
// var tp = new TOKEN_PRIVILEGES();
// //tp.Privileges[0].Luid = luid;
// //tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
// tp.PrivilegeCount = 1;
// tp.Privileges = new int[3];
// tp.Privileges[2] = SE_PRIVILEGE_ENABLED;
// tp.Privileges[1] = luid.HighPart;
// tp.Privileges[0] = luid.LowPart;
// //Adjust Token privilege
// if (!SetTokenInformation(hUserTokenDup, TOKEN_INFORMATION_CLASS.TokenSessionId, ref dwSessionId, (uint)IntPtr.Size))
// throw new Exception("!SetTokenInformation. " + ErrorRoutines.GetLastError());
// if (!AdjustTokenPrivileges(hUserTokenDup, false, ref tp, Marshal.SizeOf(tp), /*(PTOKEN_PRIVILEGES)*/IntPtr.Zero, IntPtr.Zero))
// throw new Exception("!AdjustTokenPrivileges. " + ErrorRoutines.GetLastError());
//}
//dwCreationFlags |= dwCreationFlagValues.NORMAL_PRIORITY_CLASS| dwCreationFlagValues.CREATE_NEW_CONSOLE;
//IntPtr pEnv = IntPtr.Zero;
//if (CreateEnvironmentBlock(ref pEnv, hUserTokenDup, true))
// dwCreationFlags |= dwCreationFlagValues.CREATE_UNICODE_ENVIRONMENT;
//else
// pEnv = IntPtr.Zero;
// Launch the process in the client's logon session.
WinApi.Advapi32.PROCESS_INFORMATION pi;
if (!WinApi.Advapi32.CreateProcessAsUser(hUserTokenDup, // client's access token
null, // file to execute
commandLine, // command line
ref sa, // pointer to process SECURITY_ATTRIBUTES
ref sa, // pointer to thread SECURITY_ATTRIBUTES
false, // handles are not inheritable
dwCreationFlags, // creation flags
IntPtr.Zero, //pEnv, // pointer to new environment block
null, // name of current directory
ref si, // pointer to STARTUPINFO structure
out pi // receives information about new process
))
{
throw new Exception("!CreateProcessAsUser. " + ErrorRoutines.GetLastError());
}
return(pi.dwProcessId);
}
//catch(Exception e)
//{
//}
finally
{
if (hProcess != IntPtr.Zero)
{
WinApi.Kernel32.CloseHandle(hProcess);
}
if (hUserToken != IntPtr.Zero)
{
WinApi.Kernel32.CloseHandle(hUserToken);
}
if (hUserTokenDup != IntPtr.Zero)
{
WinApi.Kernel32.CloseHandle(hUserTokenDup);
}
if (hPToken != IntPtr.Zero)
{
WinApi.Kernel32.CloseHandle(hPToken);
}
//if (pEnv != IntPtr.Zero)
// DestroyEnvironmentBlock(pEnv);
}
}
public static void Start(uint sessionId, string arguments)
{
if (mpeg_stream_process != null)
{
Log.Main.Warning("The previous MpegStream was not stopped!");
}
Stop();
if (string.IsNullOrWhiteSpace(Settings.General.CapturedMonitorDeviceName))
{
Settings.General.CapturedMonitorDeviceName = MonitorRoutines.GetDefaultMonitorName();
if (string.IsNullOrWhiteSpace(Settings.General.CapturedMonitorDeviceName))
{
throw new Exception("No monitor was found.");
}
}
WinApi.User32.RECT?an = MonitorRoutines.GetMonitorAreaByMonitorName(Settings.General.CapturedMonitorDeviceName);
if (an == null)
{
Settings.General.CapturedMonitorDeviceName = MonitorRoutines.GetDefaultMonitorName();
Log.Main.Warning("Monitor '" + Settings.General.CapturedMonitorDeviceName + "' was not found. Using default one '" + Settings.General.CapturedMonitorDeviceName + "'");
an = MonitorRoutines.GetMonitorAreaByMonitorName(Settings.General.CapturedMonitorDeviceName);
if (an == null)
{
throw new Exception("Monitor '" + Settings.General.CapturedMonitorDeviceName + "' was not found.");
}
}
WinApi.User32.RECT a = (WinApi.User32.RECT)an;
string source = " -offset_x " + a.Left + " -offset_y " + a.Top + " -video_size " + (a.Right - a.Left) + "x" + (a.Bottom - a.Top) + " -show_region 1 -i desktop ";
arguments = Regex.Replace(arguments, @"-framerate\s+\d+", "$0" + source);
commandLine = "ffmpeg.exe " + arguments;
Log.Main.Inform("Launching:\r\n" + commandLine);
WinApi.Advapi32.CreationFlags dwCreationFlags = 0;
if (!Settings.General.ShowMpegWindow)
{
dwCreationFlags |= WinApi.Advapi32.CreationFlags.CREATE_NO_WINDOW;
//startupInfo.dwFlags |= Win32Process.STARTF_USESTDHANDLES;
//startupInfo.wShowWindow = Win32Process.SW_HIDE;
}
WinApi.Advapi32.STARTUPINFO startupInfo = new WinApi.Advapi32.STARTUPINFO();
if (Settings.General.WriteMpegOutput2Log)
{
string file0 = Log.WorkDir + "\\ffmpeg_" + DateTime.Now.ToString("yyMMddHHmmss");
string file = file0;
for (int count = 1; File.Exists(file); count++)
{
file = file0 + "_" + count.ToString();
}
file += ".log";
fileStream = new FileStream(file, FileMode.Create, FileAccess.Write, FileShare.Write);
FileSecurity fileSecurity = File.GetAccessControl(file);
FileSystemAccessRule fileSystemAccessRule = new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.AppendData, AccessControlType.Allow);
fileSecurity.AddAccessRule(fileSystemAccessRule);
File.SetAccessControl(file, fileSecurity);
//fileStream.SetAccessControl(fileSecurity);
string s = @"STARTED: " + DateTime.Now.ToString() + @"
>" + commandLine + @"
";
byte[] bs = Encoding.UTF8.GetBytes(s);
fileStream.Write(bs, 0, bs.Length);
fileStream.Flush();
//Win32File.SECURITY_ATTRIBUTES sa = new Win32File.SECURITY_ATTRIBUTES();
//sa.nLength = Marshal.SizeOf(sa);
//sa.lpSecurityDescriptor = IntPtr.Zero;
//sa.bInheritHandle = true;
//Microsoft.Win32.SafeHandles.SafeFileHandle sfh = Win32File.CreateFile(file, Win32File.dwDesiredAccess.GENERIC_WRITE, Win32File.dwShareMode.FILE_SHARE_WRITE | Win32File.dwShareMode.FILE_SHARE_READ, ref sa, Win32File.dwCreationDisposition.CREATE_ALWAYS, Win32File.dwFlagsAndAttributes.FILE_ATTRIBUTE_NORMAL, IntPtr.Zero);
IntPtr fh = fileStream.SafeFileHandle.DangerousGetHandle();
//IntPtr fh = sfh.DangerousGetHandle();
startupInfo.hStdError = fh;
startupInfo.hStdOutput = fh;
startupInfo.dwFlags |= WinApi.Advapi32.STARTF.USESTDHANDLES;
}
//uint dwSessionId = Win32Process3.WTSGetActiveConsoleSessionId();
//string active_user = Win32Process3.GetUsernameBySessionId(dwSessionId);
//if (sessionUserName != active_user)
// throw new Exception("Active session user's name: '" + active_user + "' != '" + sessionUserName + "'");
//uint processId = Win32Process.CreateProcessInConsoleSession("C:\\Windows\\System32\\cmd.exe /c " + commandLine, dwCreationFlags, startupInfo);
uint processId = createProcessInSession(sessionId, commandLine, dwCreationFlags, startupInfo);
mpeg_stream_process = Process.GetProcessById((int)processId);
if (antiZombieTracker != null)
{
antiZombieTracker.KillTrackedProcesses();
}
antiZombieTracker = new ProcessRoutines.AntiZombieTracker();
antiZombieTracker.Track(mpeg_stream_process);
}
public static void Start(uint sessionId, string arguments)
{
if (mpeg_stream_process != null)
{
Log.Main.Warning("The previous MpegStream was not stopped!");
}
Stop();
if (string.IsNullOrWhiteSpace(Settings.General.CapturedMonitorDeviceName))
{
Settings.General.CapturedMonitorDeviceName = MonitorRoutines.GetDefaultMonitorName();
if (string.IsNullOrWhiteSpace(Settings.General.CapturedMonitorDeviceName))
{
throw new Exception("No monitor was found.");
}
}
WinApi.User32.RECT?an = MonitorRoutines.GetMonitorAreaByMonitorName(Settings.General.CapturedMonitorDeviceName);
if (an == null)
{
Settings.General.CapturedMonitorDeviceName = MonitorRoutines.GetDefaultMonitorName();
Log.Main.Warning("Monitor '" + Settings.General.CapturedMonitorDeviceName + "' was not found. Using default one '" + Settings.General.CapturedMonitorDeviceName + "'");
an = MonitorRoutines.GetMonitorAreaByMonitorName(Settings.General.CapturedMonitorDeviceName);
if (an == null)
{
throw new Exception("Monitor '" + Settings.General.CapturedMonitorDeviceName + "' was not found.");
}
}
WinApi.User32.RECT a = (WinApi.User32.RECT)an;
string source = " -offset_x " + a.Left + " -offset_y " + a.Top + " -video_size " + (a.Right - a.Left) + "x" + (a.Bottom - a.Top) + " -show_region 1 -i desktop ";
arguments = Regex.Replace(arguments, @"-framerate\s+\d+", "$0" + source);
commandLine = "ffmpeg.exe " + arguments;
Log.Main.Inform("Launching:\r\n" + commandLine);
WinApi.Advapi32.CreationFlags dwCreationFlags = 0;
if (!Settings.General.ShowMpegWindow)
{
dwCreationFlags |= WinApi.Advapi32.CreationFlags.CREATE_NO_WINDOW;
//startupInfo.dwFlags |= Win32Process.STARTF_USESTDHANDLES;
//startupInfo.wShowWindow = Win32Process.SW_HIDE;
}
WinApi.Advapi32.STARTUPINFO startupInfo = new WinApi.Advapi32.STARTUPINFO();
if (Settings.General.WriteMpegOutput2Log)
{
string file0 = Log.WorkDir + "\\ffmpeg_" + DateTime.Now.ToString("yyMMddHHmmss");
string file = file0;
for (int count = 1; File.Exists(file); count++)
{
file = file0 + "_" + count.ToString();
}
file += ".log";
File.WriteAllText(file, @"STARTED: " + DateTime.Now.ToString() + @"
>" + commandLine + @"
", Encoding.UTF8);
FileSecurity fileSecurity = File.GetAccessControl(file);
FileSystemAccessRule fileSystemAccessRule = new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), FileSystemRights.AppendData, AccessControlType.Allow);
fileSecurity.AddAccessRule(fileSystemAccessRule);
File.SetAccessControl(file, fileSecurity);
commandLine = Environment.SystemDirectory + "\\cmd.exe /c " + commandLine + " 1>>\"" + file + "\",2>&1";
}
uint processId = createProcessInSession(sessionId, commandLine, dwCreationFlags, startupInfo);
mpeg_stream_process = Process.GetProcessById((int)processId);
if (antiZombieTracker != null)
{
antiZombieTracker.KillTrackedProcesses();
}
antiZombieTracker = new ProcessRoutines.AntiZombieTracker();
antiZombieTracker.Track(mpeg_stream_process);
}
