从Windows 2008 Server中的服务在非零会话中创建进程? [英] Creating a process in a non-zero session from a service in windows-2008-server?

问题描述

我想知道服务是否有一种简单的方法可以在用户会话中创建流程?

I was wondering if there is a simple way for a service to create a process in user session?

我的服务以用户(管理员)帐户而不是LocalSystem帐户的身份运行，因此我无法使用WTSQueryUserToken函数.

My service is running as a user(administrator) account and not as a LocalSystem acount, therefore i can't use the WTSQueryUserToken function.

我尝试致电

OpenProcessToken(GetCurrentProcess,TOKEN_ALL_ACCESS,TokenHandle);

但是当我使用此令牌运行

but when i use this token to run

 CreateProcessAsUser(TokenHandle,.....)

我的进程仍在会话0中运行. 我该如何解决这个问题?

my process is still running in session 0. how can i resolve this issue?

我使用的是Ole自动化，所以我并不在乎进程将在哪个会话上运行，只要它不是会话0即可-因为出于某种原因，Ole不会创建其进程(winword .exe)在会话0中创建，而是在其他用户会话中创建它们.

I'm using an Ole automation so i don't really care on which session the process will be running on, as long it is not the session 0 - because the Ole from some reason doesn't create its processes (winword.exe for instance) in session 0, but rather it creates them in other user sessions.

任何建议都将受到欢迎. 预先感谢.

Any suggestions will be welcome. Thanks in advance.

推荐答案

我已经能够自己解决此问题，感谢所有关注此问题的人.

I Have been able to resolve this issue myself, thanks for all of those who have looked at this question.

好的，正如我上面提到的-令牌属于在会话0中运行的进程...

Ok, so as i mentioned above - the Token belongs to a process which is running in session 0...

所以我所做的...正在寻找未在会话0中运行的进程的令牌. 当您将其进程ID用作OpenProcessToken的参数时. 那么CreateProcessAsUser将在同一会话中创建流程(并且可能与您选择的流程具有相同的信用条件)；

so what i have done...is looked for a token of a process that is not running in session 0. when you take it's process id as the parameter for OpenProcessToken. than the CreateProcessAsUser will create the process in the same session (and probably with the same cridentals as the process you have chosen);

问题是我无法使用以下函数获得大多数进程的任何详细信息:QueryFullProcessImageName-因为它有一个错误，并且不适用于从包含空格的路径创建的过程(例如C:\ Program文件) 我猜想该功能的另一个问题是，因为我正在使用用户凭据运行原始进程，所以我无法访问使用本地系统帐户运行的进程的信息.这非常糟糕，因为我想将winlogon.exe作为我的进程(因为它表示一个新的打开的会话).

The problem was that i couldn't have get any details on most of the processes using the function: QueryFullProcessImageName - because it has a bug, and it doesn't work on proccesses that are created from a path that contains spaces (like C:\Program files for instance) and another issue with that function i guess is that because i'm running the original process using a user cridentals i can't access the information of a process that is running using the Local-system account. which is pretty bad because i wanted to take the winlogon.exe as my process (because it indicate a new opened session).

为了成功实现该技巧，您还必须对系统的安全性有所了解，以允许该过程要求更高的安全性: 我选择要升职的是: SeDebugPrivilege-用于查找有关正在运行的进程的信息 SeAssignPrimaryTokenPrivilege-为了使用从用户会话进程中提取的令牌运行新进程(即explorer.exe) SeCreateTokenPrivilege-我不知道是否需要它，但我还是这么做了，因为它听起来很相关.

also in order to succeeed in that trick, you must play a little bit with the security of the system, in order to allow the process to ask for elevated security: what i have chosen to get elevated for is : SeDebugPrivilege - for finding information on the running processes SeAssignPrimaryTokenPrivilege - in order to run a new process with the token i extracted from the user session process(i.e explorer.exe) SeCreateTokenPrivilege - i dont know if it is needed but i did it anyway because it sounds related.

为了成功提升此特权-您必须在run-> gpedit.msc或run-> secpol.msc(在本地计算机策略\"下)中，将运行该进程的用户添加到所有此特权中的相关用户中计算机配置\ Windows设置\安全设置\ LocalPolicies \用户权限分配)

in order to succeed in elevating this Privileges - you must add the user that run the process to the relevant users in all of this Privileges in run->gpedit.msc or run->secpol.msc (under Local Computer Policy\Computer Configuration\ Windows Settings\Security settings\ LocalPolicies\User Rights Assignments)

将您的帐户添加到以下权限(与上述特权相同):
创建令牌对象
调试程序
替换流程级别令牌

add your account to the following rights(compaitable with the Previleges above) :
Create a token object
Debug Programs
Replace a Process level token

就是这样！ :) 它一直都很棒！ 顺便说一句，您可能想禁用所有UAC内容...我不知道它是否相关，但这使使用2008的工作更轻松-不再有烦人的弹出窗口.

and that is it! :) it has been working Great! Btw, you might want to disable all the UAC stuff...i dont know if it is related or not, but it has made the working with 2008 less painful - no more annoying popups.

这篇关于从Windows 2008 Server中的服务在非零会话中创建进程?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！