1. 首页
  2. 问答
  3. CreateProecssAsUser提升的权限?

CreateProecssAsUser提升的权限?

2012-12-05 82 views
0

我的CreateProcessAsUser函数出现错误。它说:“请求的操作需要提升。”我认为我给了它最高的特权,我可以。任何人帮助?感谢CreateProecssAsUser提升的权限?

我的代码如下:

  activeSessionId = WTSGetActiveConsoleSessionId();//get the currently logged on user's active session id 
      hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);//take snapshot of all processes in The system 

      pe32.dwSize = sizeof(PROCESSENTRY32); 
      Process32First(hProcessSnap, &pe32) 

      do//iterate through all processes 
      { 
       if(_wcsicmp(pe32.szExeFile, L"winlogon.exe") == 0)//narrow down to process called "winlogon.exe" 
       { 
        if (ProcessIdToSessionId(pe32.th32ProcessID, &peSessionID) 
        && peSessionID == activeSessionId)//compare the sessionID of each winlog process to the active console session id 
        { 
         winlogonPID = pe32.th32ProcessID; 
         break; 
        } 
       } 
      }while(Process32Next(hProcessSnap, &pe32)); 

      dwCreationFlags = (NORMAL_PRIORITY_CLASS|CREATE_NEW_CONSOLE); 

      hProcess = OpenProcess(PROCESS_ALL_ACCESS,false,winlogonPID);//return handle to winlogon process 

      OpenProcessToken(hProcess,TOKEN_ALL_ACCESS,&hPToken)//opens the access token 
      LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid)//get the locally unique identifier(luid) 


      //creates a new access token and duplicates winlogon token of the active user 
      DuplicateTokenEx(hPToken,MAXIMUM_ALLOWED,NULL,SecurityIdentification,TokenPrimary,&hUserTokenDup) 

      } 

      SetTokenInformation(hUserTokenDup,TokenSessionId,(void*)&activeSessionId,sizeof(DWORD))//sets info for duplicated token 

      //adjust the privileges of the duplicated token 
      tp.PrivilegeCount = 1; 
      tp.Privileges[0].Luid = luid; 
      tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; 

      AdjustTokenPrivileges(hUserTokenDup, FALSE, &tp, sizeof(TOKEN_PRIVILEGES),(PTOKEN_PRIVILEGES)NULL,NULL) 


      pEnv = NULL; 
      if(CreateEnvironmentBlock(&pEnv,hUserTokenDup,TRUE))//retrieve environment variables for the user 
      { 
       dwCreationFlags|=CREATE_UNICODE_ENVIRONMENT; 
      } 
      else pEnv = NULL; 

      ZeroMemory(&si, sizeof(si));//set parameters to 0 
      si.cb = sizeof(si);//the size of si 
      si.lpDesktop = L"WinSta0\\Default";//window station and desktop of interactive user 
      ZeroMemory(&pi, sizeof(pi));//set parameters to 0 

      //launch the process in active logged in user's session 
      CreateProcessAsUser 
       (
       hUserTokenDup, 
       NULL, 
       Path, 
       NULL, 
       NULL, 
       FALSE, 
       dwCreationFlags, 
       pEnv, 
       NULL, 
       &si, 
       &pi 
       ) 
      ) 


       //Destroy the Environment block 
         (DestroyEnvironmentBlock(pEnv) 


       CloseHandle(hProcess) 
       CloseHandle(hUserToken) 
       CloseHandle(hUserTokenDup) 
       CloseHandle(hPToken) 

     }

来源

2012-12-05 user966890

+0

“它说明请求的操作需要提升。”究竟是什么意思? –

+0

在我的程序中我将GetLastError()记录到文件中。应该说,对不起 – user966890

+1

你在这里调用了大约20个不同的API函数。哪一个失败? –

回答

3

下运行哪些用户帐户您的调用代码?该帐户是否具有与其他用户一样运行流程的权限?

我的代码使用CreateProcessAsUser()运行在SYSTEM帐户下的服务中。以下方法适用于我,无需枚举进程:

// error handling omitted for brevity... 

DWORD dwSessionId = WTSGetActiveConsoleSessionId(); 
HANDLE hProcessToken = NULL; 
HANDLE hUserToken = NULL; 

TOKEN_PRIVILEGES TokenPriv, OldTokenPriv; 
DWORD OldSize = 0; 
OpenProcess(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hProcessToken); 
LookupPrivilegeValue(NULL, SE_TCB_NAME, &TokenPriv.Privileges[0].Luid); 
TokenPriv.PrivilegeCount = 1; 
TokenPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; 
AdjustTokenPrivileges(hProcessToken, FALSE, &TokenPriv, sizeof(TokenPriv), &OldTokenPriv, &OldSize); 

HANDLE hToken = NULL; 
WTSQueryUserToken(dwSessionId, &hToken); 
DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hUserToken); 
CloseHandle(hToken); 

LPVOID pEnv = NULL; 
CreateEnvironmentBlock(&pEnv, hUserToken, FALSE); 

STARTUPINFO si = {0}; 
si.cb = sizeof(si); 
si.lpDesktop = TEXT("WinSta0\\Default"); 
//... 

PROCESS_INFORMATION pi = {0}; 

//launch the process in active logged in user's session 
CreateProcessAsUser(
    hUserToken, 
    NULL, 
    Path, 
    NULL, 
    NULL, 
    FALSE, 
    NORMAL_PRIORITY_CLASS | CREATE_UNICODE_ENVIRONMENT | ..., 
    pEnv, 
    NULL, 
    &si, 
    &pi 
); 

CloseHandle(pi.hThread); 
CloseHandle(pi.hProcess); 
DestroyEnvironmentBlock(pEnv); 
CloseHandle(hUserToken); 

AdjustTokenPrivileges(hProcessToken, FALSE, &OldTokenPriv, sizeof(OldTokenPriv), NULL, NULL); 
CloseHandle(hProcessToken);

来源

2012-12-05 22:04:59

+0

我相信它在SYSTEM下运行,因为我可以调用记事本或钙,但是当我尝试运行一个自定义exe需要最高权限时,它会得到“需要提升权限”错误。生病试试你的方式,看看它是否有任何区别。谢谢 – user966890

+0

这是系统,因为它使用winlogon.exe令牌,它在SYSTEM下运行,但sessionID大于0,具体取决于有多少用户登录到计算机 – user966890

+0

当我运行你的代码时得到相同的错误:( – user966890

相关问题

 相关问题