So how do you create a process in another, different session than which you are logged on. (i am working on Windows Terminal Server 2008 although this can be done in earlier OSs as well)
In order to be able to do this you need to have "LOCAL_SYSTEM" credentials.
The api that will do this is CreateProcessAsUser(), and the most important parameter it will take is the hToken, which will the token of the user logged onto the other session, in which we are creating a process.
CreateProcessAsUser() creates process in the session of the token provided.
The api which will get you the token of that user is, WTSQueryUserToken(), which takes input a sessionid and outputs its token. It is this api which needs "LOCAL_SYSTEM" priveledge.
So i wrote a windows service, which runs as "LOCAL_SYSTEM" and here is very small skeleton code which does the work.
BOOL fSuccess;
HANDLE hToken;
fSuccess = WTSQueryUserToken(
SessionID,
&hToken);
if(!fSuccess){
return -1;
}
fSuccess = CreateProcessAsUser(
hToken,
AppName,
AppName,
NULL,
NULL,
FALSE,
0,
NULL,
NULL,
&StartInfo,
&ProcInfo);
if(!fSuccess){
return -1;
}
In order to be able to do this you need to have "LOCAL_SYSTEM" credentials.
The api that will do this is CreateProcessAsUser(), and the most important parameter it will take is the hToken, which will the token of the user logged onto the other session, in which we are creating a process.
CreateProcessAsUser() creates process in the session of the token provided.
The api which will get you the token of that user is, WTSQueryUserToken(), which takes input a sessionid and outputs its token. It is this api which needs "LOCAL_SYSTEM" priveledge.
So i wrote a windows service, which runs as "LOCAL_SYSTEM" and here is very small skeleton code which does the work.
BOOL fSuccess;
HANDLE hToken;
fSuccess = WTSQueryUserToken(
SessionID,
&hToken);
if(!fSuccess){
return -1;
}
fSuccess = CreateProcessAsUser(
hToken,
AppName,
AppName,
NULL,
NULL,
FALSE,
0,
NULL,
NULL,
&StartInfo,
&ProcInfo);
if(!fSuccess){
return -1;
}
No comments:
Post a Comment