gpt4 book ai didi

c - 从其他用户运行进程

转载 作者:太空宇宙 更新时间:2023-11-03 23:48:10 24 4
gpt4 key购买 nike

我正在尝试从在本地管理员帐户下运行的 Windows 服务执行进程。该机器是 Windows 7,它使用 Remote Desktop/Terminal Service APIs .

代码在 WTSQueryUserToken 上失败,错误代码 = 5。

首先,我尝试从当前线程获取 token ,然后调用 SetPrivilege 以启用 SE_DEBUG_NAMESE_TCB_NAME 权限。然后调用 WTSQueryUserToken,但得到错误 5。

澄清一下:当服务在本地系统 (localSystem) 下时,此代码即使无需调用 SetPrivilege 也能完美运行。现在的问题是我需要移动服务以在本地管理员用户下运行!!!!

知道我错过了什么吗?


代码:

BOOL  T_Ex_RunProgram (DWORD sessionId, LPCWSTR targetPath)
{
#ifdef DEBUG
if(g_pLog)
{
g_pLog->Format ("T_Ex_RunProgram: sessionId = %d, targetPath = \"%S\"\n", sessionId, targetPath);
}
#endif
HANDLE htoken;

if(!OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &htoken))
{
if (GetLastError() == ERROR_NO_TOKEN)
{
if (!ImpersonateSelf(SecurityImpersonation))
{
DWORD dwErr = GetLastError();
#ifdef DEBUG
if(g_pLog)
{
g_pLog->Format ("ImpersonateSelf::RunProgram: dwErr = %d\n", dwErr);
}
#endif
SetLastError(dwErr);
return FALSE;
}

if(!OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &htoken))
{
DWORD dwErr = GetLastError();
#ifdef DEBUG
if(g_pLog)
{
g_pLog->Format ("OpenThreadToken::RunProgram: dwErr = %d\n", dwErr);
}
#endif
SetLastError(dwErr);
return FALSE;
}
}
else{
DWORD dwErr = GetLastError();
#ifdef DEBUG
if(g_pLog)
{
g_pLog->Format ("OpenThreadToken::RunProgram: GetLastError return unexpected dwErr = %d\n", dwErr);
}
#endif
SetLastError(dwErr);
return FALSE;
}
}
#ifdef DEBUG
if(g_pLog)
{
g_pLog->Format ("Before SetPrivilege(SE_DEBUG_NAME)::RunProgram\n");
}
#endif
// enable SeDebugPrivilege
if(!SetPrivilege(htoken, SE_DEBUG_NAME, TRUE))
{
// close token handle
CloseHandle(htoken);

DWORD dwErr = GetLastError();
#ifdef DEBUG
if(g_pLog)
{
g_pLog->Format ("SetPrivilege::RunProgram((SE_DEBUG_NAME): dwErr = %d\n", dwErr);
}
#endif
SetLastError(dwErr);
return FALSE;
}

#ifdef DEBUG
if(g_pLog)
{
g_pLog->Format ("Before SetPrivilege(SE_TCB_NAME)::RunProgram\n");
}
#endif
// enable SeDebugPrivilege
if(!SetPrivilege(htoken, SE_TCB_NAME, TRUE))
{
// close token handle
CloseHandle(htoken);

DWORD dwErr = GetLastError();
#ifdef DEBUG
if(g_pLog)
{
g_pLog->Format ("SetPrivilege(SE_TCB_NAME)::RunProgram: dwErr = %d\n", dwErr);
}
#endif
SetLastError(dwErr);
return FALSE;
}

BOOL b = WTSQueryUserToken (sessionId, &htoken);
if (!b)
{
DWORD dwErr = GetLastError();
#ifdef DEBUG
if(g_pLog)
{
g_pLog->Format ("T_Ex_RunProgram: WTSQueryUserToken failed. dwErr = %d\n", dwErr);
}
#endif
SetLastError(dwErr);
return FALSE;
}


LPWSTR userName, userName1;
DWORD userNameLength;
b = WTSQuerySessionInformationW (WTS_CURRENT_SERVER_HANDLE, sessionId, WTSUserName, &userName, &userNameLength);
if (b)
{
userName1 = _wcsdup (userName);
WTSFreeMemory (userName);
}
else
{
DWORD dwErr = GetLastError();
#ifdef DEBUG
if(g_pLog)
{
g_pLog->Format ("T_Ex_RunProgram: WTSQuerySessionInformation failed: dwErr = %d\n", dwErr);
}
#endif
SetLastError(dwErr);
return FALSE;
}
b = RunProgramWithToken (htoken, userName1, targetPath,sessionId);
DWORD dwreturnErr = GetLastError();


#ifdef DEBUG
if(g_pLog)
{
g_pLog->Format ("Before SetPrivilege(SE_DEBUG_NAME,FALSE)::RunProgram\n");
}
#endif
// enable SeDebugPrivilege
if(!SetPrivilege(htoken, SE_DEBUG_NAME, FALSE))
{
// close token handle
CloseHandle(htoken);

DWORD dwErr = GetLastError();
#ifdef DEBUG
if(g_pLog)
{
g_pLog->Format ("SetPrivilege::RunProgram((SE_DEBUG_NAME,FALSE): dwErr = %d\n", dwErr);
}
#endif
SetLastError(dwErr);
}

#ifdef DEBUG
if(g_pLog)
{
g_pLog->Format ("Before SetPrivilege(SE_TCB_NAME,FALSE)::RunProgram\n");
}
#endif
// enable SeDebugPrivilege
if(!SetPrivilege(htoken, SE_TCB_NAME, FALSE))
{
// close token handle
CloseHandle(htoken);

DWORD dwErr = GetLastError();
#ifdef DEBUG
if(g_pLog)
{
g_pLog->Format ("SetPrivilege(SE_TCB_NAME,FALSE)::RunProgram: dwErr = %d\n", dwErr);
}
#endif
SetLastError(dwErr);
}

free (userName1);
CloseHandle (htoken);
if (!b)
SetLastError (dwreturnErr);
return b;
}
BOOL SetPrivilege( HANDLE hToken, // access token handle
LPCTSTR lpszPrivilege, // name of privilege to enable/disable
BOOL bEnablePrivilege // to enable or disable privilege
)
{
TOKEN_PRIVILEGES tp;
LUID luid;

if ( !LookupPrivilegeValue(
NULL, // lookup privilege on local system
lpszPrivilege, // privilege to lookup
&luid ) ) // receives LUID of privilege
{
printf("LookupPrivilegeValue error: %u\n", GetLastError() );
return FALSE;
}

tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if (bEnablePrivilege)
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
tp.Privileges[0].Attributes = 0;

// Enable the privilege or disable all privileges.

if ( !AdjustTokenPrivileges(
hToken,
FALSE,
&tp,
sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES) NULL,
(PDWORD) NULL) )
{
printf("AdjustTokenPrivileges error: %u\n", GetLastError() );
return FALSE;
}

if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)

{
printf("The token does not have the specified privilege. \n");
return FALSE;
}

return TRUE;
}

最佳答案

The code failed on the WTSQueryUserToken with error code = 5... Any idea what I'm missing?

我认为这篇 MSDN 文章可能对您有用:Launching an interactive process from Windows Service in Windows Vista and later .根据这篇文章,您应该在使用 WTSQueryUserToken 时调用以下命令:

WTSQueryUserToken (WTSGetActiveConsoleSessionId (), &hToken);

然后使用在调用 CreateProcessAsUser 时检索到的 token 。


在您使用 TOKEN_ADJUST_PRIVILEGES 调用 OpenThreadToken 时 | TOKEN_QUERY,您可以暂时将其增加到类似TOKEN_ALL_ACCESS 的值,直到解决问题(如果您仍然需要调用电话)。参见 Access Rights for Access-Token Objects在 MSDN 上。

关于c - 从其他用户运行进程,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27651954/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com