Re: calling CreateProcessAsUser() from a service [Edit]

Giganews Newsgroups
Subject: Re: calling CreateProcessAsUser() from a service [Edit]
Posted by:  hani safa
Date: Mon, 29 Mar 2010

> {quote:title=Christian Wimmer wrote:}{quote}
> hani safa schrieb:
> >> {quote:title=Christian Wimmer wrote:}{quote}
> >>> this is the exsact code that i use in my serive , but nothing happen  :(  the service is started by local system account)
> >>> i test it under win XP and 7
> >>>
> >>>  ZeroMemory(@si, SizeOf(si));
> >>>  si.cb := SizeOf(si);
> >>>  si.lpDesktop := nil;
> >>>
> >>>  if WTSQueryUserToken(WtsGetActiveConsoleSessionID, hToken) then
> >>>  begin
> >>>    CreateProcessAsUser(hToken, nil, ‘notepad.exe’, nil, nil, False,0, nil, nil, si, pi)
> >>>
> >>>  end;
> >> If nothing happens then WTSQueryUserToken may fail and CPAU isn't
> >> called. Nonetheless, you also call CPAU incorrect. See next:
> >>
> >>> CreateProcessAsUser(hNewToken, nil, pchar('D:\Servicestest\project2.exe'), nil, nil, false,NORMAL_PRIORITY_CLASS, nil, nil, si, pi);
> >>> but i have access violation in CreateProcessAsUser();
> >>> i test this code in a desktop application , not in a service ....
> >> From Delphi 2009 on, you are not allowed to use a constant command line
> >> string to the call of CreateProcess(AsUser).
> >>
> >> As MSDN tells us
> >> http://msdn.microsoft.com/en-us/library/ms682425%28VS.85%29.aspx):
> >> The Unicode version of this function, CreateProcessW, can modify the
> >> contents of this string. Therefore, this parameter cannot be a pointer
> >> to read-only memory (such as a const variable or a literal string). If
> >> this parameter is a constant string, the function may cause an access
> >> violation
> >
> > thanks a lot , now i don't have access violation but the CreateProcessAsUser falies with error code 2 .. i tried to look it up but i didn't find what dose it mean
> > is there any special privileges that i need to set .
> >>> if LogonUser('useradmin',nil,'123456',LOGON32_LOGON_INTERACTIVE,LOGON32_PROVIDER_DEFAULT,hToken) then
> >>>  begin
> >>>    DuplicateTokenEx(hToken,MAXIMUM_ALLOWED,nil,SecurityIdentification ,TokenPrimary,hNewToken);
> >> DuplicateTokenEx is unnecessary because here the token is already a
> >> primary one.
> >> MSDN reads
> >> http://msdn.microsoft.com/en-us/library/aa378184%28VS.85%29.aspx):
> >> In most cases, the returned handle is a primary token that you can use
> >> in calls to the CreateProcessAsUser  function. However, if you specify
> >> the LOGON32_LOGON_NETWORK flag, LogonUser  returns an impersonation
> >> token that you cannot use in CreateProcessAsUser  unless you call
> >> DuplicateTokenEx  to convert it to a primary token.
> >>
> >>
> >> Christian Wimmer
> >>http://blog.delphi-jedi.net
>
> Just open a command line prompt yourself and type:
> net helpmsg 2
>
> Christian Wimmer
>http://blog.delphi-jedi.net

thanks a lot , i was passing the string in a wrong way

Replies

None

In response to

Re: calling CreateProcessAsUser() from a service [Edit] posted by Christian Wimmer on Sun, 28 Mar 2010