CreateProcessWithLogonW()问题-需要使用同一用户启动子流程 [英] CreateProcessWithLogonW() problems - Need to launch sub-processes with the same user
问题描述
我有一个Windows可执行文件,可通过在服务内通过调用CreateProcessWithLogonW()并使用一组指定的用户详细信息来启动。
I have a Windows executable that is launched from within a service by calling CreateProcessWithLogonW() with a set of specfied user details.
此方法运行正常,过程开始如预期的那样。但是,当此进程尝试自行启动其他进程时,当前仅使用CreateProcess()就会立即启动,然后立即消失-它们是需要桌面访问的可执行文件。
This works fine and the process starts as expected. However, when this process tries to launch other processes itself, currently just using CreateProcess() these start then die straight away - they are executables that require desktop access.
阅读后查阅Microsoft在CreateProcess()上的文章- http:// msdn.microsoft.com/zh-CN/library/ms682425(VS.85).aspx
After reading up on Microsoft's article on CreateProcess() - http://msdn.microsoft.com/en-us/library/ms682425(VS.85).aspx
我认为可以看到为什么会发生这种情况,这使得感觉到一定程度。 CreateProcess()知道调用进程正在冒充用户,因此它使用其父进程,在本例中为本地系统帐户。但是,当然,在本地系统帐户中运行的任何内容都没有我们需要的访问权限,因此启动的进程会终止。
I think can see why this is happening and it makes sense to an extent. CreateProcess() knows the calling process is impersonating a user so it uses it's parent process, which in this case is the Local System account. But of course anything run in the local system account doesn't have the access we need, so the launched process dies.
奇怪的是,当我以前使用LogonUser()和CreateProcessAsUser()启动服务中的初始可执行文件,它运行良好。但是由于没有正确权限的问题,我不得不将其更改为CreateProcessWithLogonW()。
Oddly when I was previously using LogonUser() and CreateProcessAsUser() to launch the initial executable within the service, it worked fine. But I had to change this to CreateProcessWithLogonW() due to problems with not having the correct privileges.
有人知道这个解决方案吗?我已经在网上其他地方看到过有关此问题的讨论,但没有任何明确的解决方案。似乎我可能需要在CreateProcessWithLogonW()中使用登录用户的令牌,以便以后可以使用它启动其他进程?但是我没有办法获得此令牌,当前用户可以通过任何方式取回它吗?
Does anybody know of a solution to this? I've seen talk about this elsewhere on the web but not with any definite solution. It seems like I possibly need the token of the user i'm logging on with in CreateProcessWithLogonW() with so I can use it to launch the other processes later? But I have no way of getting hold of this token, can this be retreived for the current user in any way?
任何帮助将不胜感激,谢谢:)
Any help would be greatly appreciated, thanks :)
推荐答案
您是否拥有使用 CreateProcessWithLogonW 启动的代码(并且依次调用 CreateProcess )?如果不这样做,则可能需要执行 IAT(或API)挂钩 上(即在运行时),以使用也使用 CreateProcessWithLogonW CreateProcess 的任何调用c $ c>或 CreateProcessWithTokenW 。参见 APIHijack ,绕行。
Do you own the code launched using CreateProcessWithLogonW (and which in turn calls CreateProcess)? If you do not then you might need to perform IAT (or API) hooking on it (i.e. at run-time), as to substitute any calls to CreateProcess with an appropriate procedure that also uses CreateProcessWithLogonW or CreateProcessWithTokenW. See APIHijack, Detours.
完成此操作后,子进程可能需要访问 HKCU 。如果尚未执行此操作,则应在调用 CreateProcessWithLogonW 之前,为每个用户加载每个模拟用户的配置文件。
After this is done, the child process may require access to HKCU. If you are not already doing this, you should load the profile of each impersonated user, once per user, before calling CreateProcessWithLogonW.
默认情况下,CreateProcessWithLogonW
不会将指定的用户
配置文件加载到HKEY_USERS注册表
项中。这意味着访问HKEY_CURRENT_USER
注册表项中的
信息可能不会产生与常规
交互式登录一致的结果
。由
负责将
个注册表配置单元加载到HKEY_USERS中,再由
使用LOGON_WITH_PROFILE或
调用LoadUserProfile函数。 >
By default, CreateProcessWithLogonW does not load the specified user profile into the HKEY_USERS registry key. This means that access to information in the HKEY_CURRENT_USER registry key may not produce results that are consistent with a normal interactive logon. It is your responsibility to load the user registry hive into HKEY_USERS before calling CreateProcessWithLogonW, by using LOGON_WITH_PROFILE, or by calling the LoadUserProfile function.
这篇关于CreateProcessWithLogonW()问题-需要使用同一用户启动子流程的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
