对于具有UIAccess =" true"的进程,CreateProcessAsUser失败并显示ERROR_ELEVATION_REQUIRED。

时间:2014-04-22 03:19:49

标签: c++ c winapi service uac

我尝试使用以下代码从我的服务应用程序运行用户模式进程(作为local system运行。)

用户模式流程的要求是运行而不是提升,但要使其清单中的UIAccess="true"能够display top-most windows correctly under Windows 8

所以我这样做(来自我的服务)来运行我的用户模式过程:

//NOTE: Error checking is omitted for readability
//'dwSessionID' = user session ID to run user-mode process in
//'pUserProcPath' = L"C:\\Program Files (x86)\\Company\\Software\\user_process.exe"

HANDLE hToken = NULL;
WTSQueryUserToken(dwSessionID, &hToken);

HANDLE hToken2;
DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hToken2);

LPVOID pEnvBlock = NULL;
CreateEnvironmentBlock(&pEnvBlock, hToken2, FALSE);

STARTUPINFO si;
ZeroMemory(&si, sizeof(STARTUPINFO));
si.cb = sizeof(STARTUPINFO);
si.lpDesktop = L"winsta0\\default";

PROCESS_INFORMATION pi;
ZeroMemory(&pi, sizeof(pi));

//ImpersonateLoggedOnUser(hToken2);   //Not necessary as suggested below

PVOID OldRedir;
Wow64DisableWow64FsRedirection(&OldRedir);

BOOL bSuccess = CreateProcessAsUser(
    hToken2,           // client's access token
    pUserProcPath,     // file to execute
    NULL,              // command line
    NULL,              // pointer to process SECURITY_ATTRIBUTES
    NULL,              // pointer to thread SECURITY_ATTRIBUTES
    FALSE,             // handles are not inheritable
    NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE | CREATE_UNICODE_ENVIRONMENT,   // creation flags
    pEnvBlock,         // pointer to new environment block 
    NULL,              // name of current directory 
    &si,               // pointer to STARTUPINFO structure
    &pi                // receives information about new process
    );

int nOSError = ::GetLastError();

Wow64RevertWow64FsRedirection(OldRedir);
//RevertToSelf();       //Not necessary as suggested below

CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
DestroyEnvironmentBlock(pEnvBlock);
CloseHandle(hToken2);
CloseHandle(hToken);

如果UIAccess="false"的清单中有user_process.exe,则运行正常。

但如果我这样做:

  • UIAccess="true"启用user_process.exe

enter image description here

  • 使用我的代码签名证书和

    • 进行签名

  • 将其放在"C:\Program Files (x86)\Company\Software"文件夹中。

我得到的是CreateProcessAsUser因错误ERROR_ELEVATION_REQUIRED而失败。

有人可以建议如何让它发挥作用吗?

PS。我尝试调整我的服务权限以启用SE_DEBUG_NAMESE_TCB_NAME,但都没有帮助。

PS2。如果我只是双击使用user_process.exe编译的代理签名的UIAccess="true"进程,并将其置于C:\Program Files (x86)\Company\Software文件夹中,则会启动&运行得很好(没有提升。)。

1 个答案:

答案 0 :(得分:3)

我找到了答案。这里也适用于遇到它的人:

DuplicateTokenEx来电后添​​加此内容:

HANDLE hToken2;
DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hToken2);

//ONLY if requiring UIAccess!
DWORD dwUIAccess = 1;
::SetTokenInformation(hToken2, TokenUIAccess, &dwUIAccess, sizeof(dwUIAccess));
相关问题
最新问题