e***@gmail.com
2008-12-03 00:32:17 UTC
I have code that works on XP and Vista, on about 20 different test
PCs, except on one XP system CreateProcessAsUser fails sometimes.
Here is the code, without error checking:
OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&t);
DuplicateTokenEx
(t,TOKEN_ALL_ACCESS,NULL,SecurityImpersonation,TokenPrimary,&dt);
DWORD sid = WTSGetActiveConsoleSessionId();
SetTokenInformation(dt,TokenSessionId,&sid,sizeof(sid));
STARTUPINFO si;
memset(&si,0,sizeof(si));
si.cb = sizeof(si);
si.lpDesktop = "winsta0\\default";
CreateProcessAsUser(dt,NULL,"c:\myfile.exe",
NULL,NULL,FALSE,NORMAL_PRIORITY_CLASS|CREATE_NEW_CONSOLE,
NULL,NULL,&si,&UserModeProcessInfo);
The code runs in a service running as LocalSystem. I want the process
to run as LocalSystem also (I know the security risks).
If the active console session ID is 0, the code always works. If non-
zero (1, 2, 3, etc), only one on XP system the CreateProcessAsUser
fails and GetLastError() returns 2 (file not found). I can add a
check right before that call to see if the file exists, and it does.
I can change form myfile.exe to notepad.exe or some other system EXE,
and get the same results. If I force to code to always use session ID
0 then it also works, but of course the app runs on the wrong session
(I want it on the active console session).
So obviously there is some issue related to a service (running in
session 0, since this is XP), starting a process under another
session. Weird that the error is 2, and not something like 5 (access
denied).
Or is there a better method to have a service that runs apps under the
current console session, and runs those apps as LocalSystem? All of
the examples I've found on MSDN use LogonUser or WTSQueryUserToken to
"display UI from a service", but in my case I really need/want the
process to run as LocalSystem, not as the active user.
PCs, except on one XP system CreateProcessAsUser fails sometimes.
Here is the code, without error checking:
OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&t);
DuplicateTokenEx
(t,TOKEN_ALL_ACCESS,NULL,SecurityImpersonation,TokenPrimary,&dt);
DWORD sid = WTSGetActiveConsoleSessionId();
SetTokenInformation(dt,TokenSessionId,&sid,sizeof(sid));
STARTUPINFO si;
memset(&si,0,sizeof(si));
si.cb = sizeof(si);
si.lpDesktop = "winsta0\\default";
CreateProcessAsUser(dt,NULL,"c:\myfile.exe",
NULL,NULL,FALSE,NORMAL_PRIORITY_CLASS|CREATE_NEW_CONSOLE,
NULL,NULL,&si,&UserModeProcessInfo);
The code runs in a service running as LocalSystem. I want the process
to run as LocalSystem also (I know the security risks).
If the active console session ID is 0, the code always works. If non-
zero (1, 2, 3, etc), only one on XP system the CreateProcessAsUser
fails and GetLastError() returns 2 (file not found). I can add a
check right before that call to see if the file exists, and it does.
I can change form myfile.exe to notepad.exe or some other system EXE,
and get the same results. If I force to code to always use session ID
0 then it also works, but of course the app runs on the wrong session
(I want it on the active console session).
So obviously there is some issue related to a service (running in
session 0, since this is XP), starting a process under another
session. Weird that the error is 2, and not something like 5 (access
denied).
Or is there a better method to have a service that runs apps under the
current console session, and runs those apps as LocalSystem? All of
the examples I've found on MSDN use LogonUser or WTSQueryUserToken to
"display UI from a service", but in my case I really need/want the
process to run as LocalSystem, not as the active user.