个人中心
gpt4 book ai didi

c++ - 应用程序无法正确启动 0xc0000142 CreateProcessWithLogonW

转载 作者:塔克拉玛干 更新时间:2023-11-03 06:45:20 25 4
gpt4 key购买 nike

我有一段代码

if(!CreateProcessWithLogonW(
    szUserName,
    NULL,
    szPassword,
    LOGON_WITH_PROFILE,
    L"C:\\Windows\\System32\\cmd.exe", // file to execute
    NULL,              
    NORMAL_PRIORITY_CLASS | CREATE_BREAKAWAY_FROM_JOB,   // creation flags
    NULL,              // pointer to new environment block 
    NULL,              // name of current directory 
    &si,               // pointer to STARTUPINFO structure
    &pi                // receives information about new process
    )){
        ReportError(L"Create Process");
    }

ReportError 未被调用,但 csrss.exe 弹出 Startup error

我做错了什么?!

用户名和密码正确。

整个文件:

// cmd.cpp : Defines the entry point for the console application.
//

#include <Windows.h>
#include <Lmcons.h>
#include <iostream>
#include <ctype.h>
#include <string>
#include <stdio.h>

#define winstring LPWSTR
#define stcas(x) static_cast<x>
#define INFO_BUFFER_SIZE    260 

using namespace std;

void ReportError(LPCWSTR pszFunction, DWORD dwError = GetLastError()) 
{ 
    wprintf(L"%s failed w/err 0x%08lx\n", pszFunction, dwError); 
} 

int main()
{
    TCHAR un[UNLEN+1];
    DWORD size = UNLEN + 1;
    GetUserName(un, &size);

    string una(un);

    bool sys = !una.compare("SYSTEM");

    /*
    if(!sys) {
        system("cls");
        system("title Command Prompt");
        system("cmd");
        return 0;
    }
    */


    wchar_t szUserName[INFO_BUFFER_SIZE] = {}; 
    wchar_t szPassword[INFO_BUFFER_SIZE] = {}; 
    wchar_t *pc = NULL; 
    HANDLE hToken = NULL; 
    BOOL fSucceeded = FALSE; 
    BOOL logon = FALSE;


    printf("Enter the username: "); 
    fgetws(szUserName, ARRAYSIZE(szUserName), stdin); 
    pc = wcschr(szUserName, '\n'); 
    if (pc != NULL) *pc = '\0';  // Remove the trailing L'\n' 

    cout << endl;
    //string un(szUserName);

    printf("Enter the password: "); 
    fgetws(szPassword, ARRAYSIZE(szPassword), stdin); 
    pc = wcschr(szPassword, '\n'); 
    if (pc != NULL) *pc = '\0';  // Remove the trailing L'\n'



    if (!LogonUserW(szUserName, NULL, szPassword,  LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &hToken)) 
    {
        ReportError(L"Logon");
        goto Cleanup; 
    } 
    else logon = true;

    HANDLE phToken = NULL;

    BOOL dup = FALSE;

    if(!DuplicateTokenEx(hToken, TOKEN_DUPLICATE|TOKEN_IMPERSONATE|TOKEN_QUERY, NULL, SecurityImpersonation, TokenPrimary, &phToken)){
        ReportError(L"DUPLICATE TOKEN");
    }

    else dup = TRUE;

    // Impersonate the logged on user. 
    if (!ImpersonateLoggedOnUser(phToken)) 
    { 

        ReportError(L"imp");
        goto Cleanup; 
    } 

    fSucceeded = true;

    Cleanup: 

    // Clean up the buffer containing sensitive password. 


    LPTSTR szCmdline[] = {"cmd"};
    STARTUPINFOW si;
    PROCESS_INFORMATION pi;

    TCHAR uni[UNLEN+1];
    DWORD sizei = UNLEN + 1;
    GetUserName(uni, &sizei);

    string unai(uni);
    cout << unai << endl;

    memset(&si, 0, sizeof(si));
    si.cb = sizeof(si);



    system("pause");

    // If the impersonation was successful, undo the impersonation. 
    if (fSucceeded && logon) 
    { 
        system("cls");
        system("title Command Prompt");
        //system("cmd");

        if(!CreateProcessWithLogonW(
        szUserName,
        NULL,
        szPassword,
        LOGON_WITH_PROFILE,
        L"cmd.exe", // file to exec
        NULL,              
        NORMAL_PRIORITY_CLASS | CREATE_BREAKAWAY_FROM_JOB,   // creation flags
        NULL,              // pointer to new environment block 
        NULL,              // name of current directory 
        &si,               // pointer to STARTUPINFO structure
        &pi                // receives information about new process
        )){
            ReportError(L"Create Process");
        }
        if (!RevertToSelf()) 
        {  
            ReportError(L"Undo Imp");
        } 

    }
    SecureZeroMemory(szPassword, sizeof(szPassword));
    system("pause");
}

最佳答案

如果我跳过对 LogonUserDuplicateTokenImpersonateLoggedOnUser 的调用,您发布的代码对我有用。您不想模拟另一个用户来调用 CreateProcessWithLogon,因为它基本上为您完成了,所以只需删除所有这些逻辑即可进行模拟。

如果目标应用程序需要比用户更高级别的权限,则模拟用户还可能导致您的程序根本无法启动应用程序。

关于c++ - 应用程序无法正确启动 0xc0000142 CreateProcessWithLogonW,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22596497/

25 4 0
文章推荐: c++ - 错误的符号扩展 c++/qt
文章推荐: c++ - 了解 C++ STL 错误
文章推荐: c++ - gcc undefined reference 即使 ld 找到库并且它包含所需的函数
文章推荐: android - iostream : No such file or directory in Android NDK Environment
塔克拉玛干
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com