/// <summary>
/// You can only call this if you are elevated.
/// </summary>
public static SafeProcessHandle StartAttachedWithIntegrity(IntegrityLevel integrityLevel, string appToRun, string args, string startupFolder, bool newWindow, bool hidden)
{
// must return a process Handle because we cant create a Process() from a handle and get the exit code.
Logger.Instance.Log($"{nameof(StartAttachedWithIntegrity)}: {appToRun} {args}", LogLevel.Debug);
int currentIntegrity = ProcessHelper.GetCurrentIntegrityLevel();
SafeTokenHandle newToken;
if ((int)integrityLevel == currentIntegrity)
{
return(new SafeProcessHandle(StartAttached(appToRun, args).Handle, true));
}
if (integrityLevel >= IntegrityLevel.Medium) // Unelevation request.
{
try
{
return(TokenProvider
.CreateFromSystemAccount()
.EnablePrivilege(Privilege.SeIncreaseQuotaPrivilege, false)
.EnablePrivilege(Privilege.SeAssignPrimaryTokenPrivilege, false)
.Impersonate(() =>
{
newToken = TokenProvider.CreateFromCurrentProcessToken().GetLinkedToken()
.SetIntegrity(integrityLevel)
.GetToken();
using (newToken)
{
return CreateProcessAsUser(newToken, appToRun, args, startupFolder, newWindow, hidden);
}
}));
}
catch (Exception e)
{
Logger.Instance.Log("Unable to get unelevated token. (Is UAC enabled?) Fallback to SaferApi Token but this process won't be able to elevate." + e.Message, LogLevel.Debug);
newToken = TokenProvider.CreateFromSaferApi(SaferLevels.NormalUser)
.SetIntegrity(integrityLevel)
.GetToken();
}
using (newToken)
{
return(CreateProcessAsUser(newToken, appToRun, args, startupFolder, newWindow, hidden));
}
}
else
{
// Integrity < Medium
var tf = TokenProvider.CreateFromSaferApi(integrityLevel.ToSaferLevel())
.SetIntegrity(integrityLevel);
newToken = tf.GetToken();
}
using (newToken)
{
return(CreateProcessAsUser(newToken, appToRun, args, startupFolder, newWindow, hidden));
}
}
