R
Ran-jj
Guest
I have a C# and I need to run a process as a Admin user inside current user session.
I can run the process with admin user, but the process is in session 0, and i want to change to the current user session
So I'm using SetTokenInformation, but I gives me a error 24.
my code :
private void StartProc(object state)
{
try
{
IntPtr hToken;
Boolean visible = true;
if (Win32.LogonUser("Infra", "INDRACPS040", "Indra1234", Win32.LOGON32_LOGON_INTERACTIVE, Win32.LOGON32_PROVIDER_DEFAULT, out hToken))
{
int len = Marshal.SizeOf<Win32.TOKEN_LINKED_TOKEN>();
#pragma warning disable IDE0018 // Declaração de variável embutida
int retlen;
#pragma warning restore IDE0018 // Declaração de variável embutida
IntPtr tlt = Marshal.AllocHGlobal(len);
if (Win32.GetTokenInformation(hToken, Win32.TOKEN_INFORMATION_CLASS.TokenLinkedToken, tlt, len, out retlen))
{
Win32.TOKEN_LINKED_TOKEN linked = Marshal.PtrToStructure<Win32.TOKEN_LINKED_TOKEN>(tlt);
Win32.PROFILEINFO profinfo = new Win32.PROFILEINFO();
profinfo.dwSize = Marshal.SizeOf<Win32.PROFILEINFO>();
profinfo.lpUserName = "Infra";
if (Win32.LoadUserProfile(linked.LinkedToken, ref profinfo))
{
uint dwCreationFlags = Win32.CREATE_UNICODE_ENVIRONMENT | (uint)(visible ? Win32.CREATE_NEW_CONSOLE : Win32.CREATE_NO_WINDOW);
bool bImpersonating = Win32.ImpersonateLoggedOnUser(linked.LinkedToken);
UInt32 dwSessionId = Win32.WTSGetActiveConsoleSessionId();
Boolean setInfo = Win32.SetTokenInformation(linked.LinkedToken, Win32.TOKEN_INFORMATION_CLASS.TokenSessionId, ref dwSessionId, (UInt32)len);
if (!setInfo)
{
int err = Marshal.GetLastWin32Error();
string strError = "SetTokenInformation failed with error code " + err.ToString() + " dwSessionID:" + dwSessionId.ToString();
this.eventLog1.WriteEntry(strError, EventLogEntryType.Error);
}
else
{
this.eventLog1.WriteEntry("Set token info is " + setInfo.ToString(), EventLogEntryType.Information);
}
IntPtr pEnvironment;
if (Win32.CreateEnvironmentBlock(out pEnvironment, linked.LinkedToken, false))
{
Win32.PROCESS_INFORMATION pi;
Win32.STARTUPINFO si = new Win32.STARTUPINFO();
Win32.SECURITY_ATTRIBUTES sa = new Win32.SECURITY_ATTRIBUTES();
sa.nLength = Marshal.SizeOf<Win32.SECURITY_ATTRIBUTES>();
si.cb = Marshal.SizeOf<Win32.STARTUPINFO>();
si.lpDesktop = "winsta0\\default";
si.wShowWindow = (ushort)(visible ? Win32.SW.SW_SHOW : Win32.SW.SW_HIDE);
if (Win32.CreateProcessAsUser(linked.LinkedToken,
@"C:\Cap\Capturap.exe",
string.Empty,
ref sa,
ref sa,
false,
dwCreationFlags,
pEnvironment, @"C:\Temp",
ref si,
out pi))
{
uint exitCode;
Win32.CloseHandle(pi.hThread);
Win32.WaitForSingleObject(pi.hProcess, Win32.INFINITE);
Win32.GetExitCodeProcess(pi.hProcess, out exitCode);
Win32.CloseHandle(pi.hProcess);
string strMsg = "Process TokenLister.exe terminated with return code " + exitCode.ToString();
this.eventLog1.WriteEntry(strMsg, EventLogEntryType.Information);
}
else
{
int err = Marshal.GetLastWin32Error();
string strError = "CreateProcessAsUser failed with error code " + err.ToString();
this.eventLog1.WriteEntry(strError, EventLogEntryType.Error);
}
if (bImpersonating)
Win32.RevertToSelf();
Win32.DestroyEnvironmentBlock(pEnvironment);
}
else
{
int err = Marshal.GetLastWin32Error();
string strError = "CreateEnvironmentBlock failed with error code " + err.ToString();
this.eventLog1.WriteEntry(strError, EventLogEntryType.Error);
}
Win32.UnloadUserProfile(linked.LinkedToken, profinfo.hProfile);
}
else
{
int err = Marshal.GetLastWin32Error();
string strError = "LoadUserProfile failed with error code " + err.ToString();
this.eventLog1.WriteEntry(strError, EventLogEntryType.Error);
}
Win32.CloseHandle(linked.LinkedToken);
}
else
{
int err = Marshal.GetLastWin32Error();
string strError = "GetTokenInformation failed with error code " + err.ToString();
this.eventLog1.WriteEntry(strError, EventLogEntryType.Error);
}
Marshal.FreeHGlobal(tlt);
Win32.CloseHandle(hToken);
}
else
{
int err = Marshal.GetLastWin32Error();
string strError = "LogonUser failed with error code " + err.ToString();
this.eventLog1.WriteEntry(strError, EventLogEntryType.Error);
}
}
catch (Exception ex)
{
string strExeption = "Caught exception : " + ex.Message;
this.eventLog1.WriteEntry(strExeption, EventLogEntryType.Error);
}
}
Continue reading...
I can run the process with admin user, but the process is in session 0, and i want to change to the current user session
So I'm using SetTokenInformation, but I gives me a error 24.
my code :
private void StartProc(object state)
{
try
{
IntPtr hToken;
Boolean visible = true;
if (Win32.LogonUser("Infra", "INDRACPS040", "Indra1234", Win32.LOGON32_LOGON_INTERACTIVE, Win32.LOGON32_PROVIDER_DEFAULT, out hToken))
{
int len = Marshal.SizeOf<Win32.TOKEN_LINKED_TOKEN>();
#pragma warning disable IDE0018 // Declaração de variável embutida
int retlen;
#pragma warning restore IDE0018 // Declaração de variável embutida
IntPtr tlt = Marshal.AllocHGlobal(len);
if (Win32.GetTokenInformation(hToken, Win32.TOKEN_INFORMATION_CLASS.TokenLinkedToken, tlt, len, out retlen))
{
Win32.TOKEN_LINKED_TOKEN linked = Marshal.PtrToStructure<Win32.TOKEN_LINKED_TOKEN>(tlt);
Win32.PROFILEINFO profinfo = new Win32.PROFILEINFO();
profinfo.dwSize = Marshal.SizeOf<Win32.PROFILEINFO>();
profinfo.lpUserName = "Infra";
if (Win32.LoadUserProfile(linked.LinkedToken, ref profinfo))
{
uint dwCreationFlags = Win32.CREATE_UNICODE_ENVIRONMENT | (uint)(visible ? Win32.CREATE_NEW_CONSOLE : Win32.CREATE_NO_WINDOW);
bool bImpersonating = Win32.ImpersonateLoggedOnUser(linked.LinkedToken);
UInt32 dwSessionId = Win32.WTSGetActiveConsoleSessionId();
Boolean setInfo = Win32.SetTokenInformation(linked.LinkedToken, Win32.TOKEN_INFORMATION_CLASS.TokenSessionId, ref dwSessionId, (UInt32)len);
if (!setInfo)
{
int err = Marshal.GetLastWin32Error();
string strError = "SetTokenInformation failed with error code " + err.ToString() + " dwSessionID:" + dwSessionId.ToString();
this.eventLog1.WriteEntry(strError, EventLogEntryType.Error);
}
else
{
this.eventLog1.WriteEntry("Set token info is " + setInfo.ToString(), EventLogEntryType.Information);
}
IntPtr pEnvironment;
if (Win32.CreateEnvironmentBlock(out pEnvironment, linked.LinkedToken, false))
{
Win32.PROCESS_INFORMATION pi;
Win32.STARTUPINFO si = new Win32.STARTUPINFO();
Win32.SECURITY_ATTRIBUTES sa = new Win32.SECURITY_ATTRIBUTES();
sa.nLength = Marshal.SizeOf<Win32.SECURITY_ATTRIBUTES>();
si.cb = Marshal.SizeOf<Win32.STARTUPINFO>();
si.lpDesktop = "winsta0\\default";
si.wShowWindow = (ushort)(visible ? Win32.SW.SW_SHOW : Win32.SW.SW_HIDE);
if (Win32.CreateProcessAsUser(linked.LinkedToken,
@"C:\Cap\Capturap.exe",
string.Empty,
ref sa,
ref sa,
false,
dwCreationFlags,
pEnvironment, @"C:\Temp",
ref si,
out pi))
{
uint exitCode;
Win32.CloseHandle(pi.hThread);
Win32.WaitForSingleObject(pi.hProcess, Win32.INFINITE);
Win32.GetExitCodeProcess(pi.hProcess, out exitCode);
Win32.CloseHandle(pi.hProcess);
string strMsg = "Process TokenLister.exe terminated with return code " + exitCode.ToString();
this.eventLog1.WriteEntry(strMsg, EventLogEntryType.Information);
}
else
{
int err = Marshal.GetLastWin32Error();
string strError = "CreateProcessAsUser failed with error code " + err.ToString();
this.eventLog1.WriteEntry(strError, EventLogEntryType.Error);
}
if (bImpersonating)
Win32.RevertToSelf();
Win32.DestroyEnvironmentBlock(pEnvironment);
}
else
{
int err = Marshal.GetLastWin32Error();
string strError = "CreateEnvironmentBlock failed with error code " + err.ToString();
this.eventLog1.WriteEntry(strError, EventLogEntryType.Error);
}
Win32.UnloadUserProfile(linked.LinkedToken, profinfo.hProfile);
}
else
{
int err = Marshal.GetLastWin32Error();
string strError = "LoadUserProfile failed with error code " + err.ToString();
this.eventLog1.WriteEntry(strError, EventLogEntryType.Error);
}
Win32.CloseHandle(linked.LinkedToken);
}
else
{
int err = Marshal.GetLastWin32Error();
string strError = "GetTokenInformation failed with error code " + err.ToString();
this.eventLog1.WriteEntry(strError, EventLogEntryType.Error);
}
Marshal.FreeHGlobal(tlt);
Win32.CloseHandle(hToken);
}
else
{
int err = Marshal.GetLastWin32Error();
string strError = "LogonUser failed with error code " + err.ToString();
this.eventLog1.WriteEntry(strError, EventLogEntryType.Error);
}
}
catch (Exception ex)
{
string strExeption = "Caught exception : " + ex.Message;
this.eventLog1.WriteEntry(strExeption, EventLogEntryType.Error);
}
}
Continue reading...