从 windows-2008-server 中的服务在非零会话中创建进程?

发布于 2024-08-20 18:34:33 字数 480 浏览 11 评论 0原文

我想知道服务是否有一种简单的方法可以在用户会话中创建进程?

我的服务作为用户(管理员)帐户运行,而不是作为本地系统帐户运行,因此我无法使用 WTSQueryUserToken 函数。

我尝试过调用

OpenProcessToken(GetCurrentProcess,TOKEN_ALL_ACCESS,TokenHandle);

,但是当我使用此令牌运行时,

 CreateProcessAsUser(TokenHandle,.....)

我的进程仍在会话 0 中运行。 我该如何解决这个问题?

我正在使用 Ole 自动化,所以我并不关心进程将在哪个会话上运行,只要它不是会话 0 - 因为 Ole 由于某种原因不会创建其进程(winword.exe for实例)在会话 0 中,而是在其他用户会话中创建它们。

任何建议都将受到欢迎。 提前致谢。

I was wondering if there is a simple way for a service to create a process in user session?

My service is running as a user(administrator) account and not as a LocalSystem acount, therefore i can't use the WTSQueryUserToken function.

i have tried calling

OpenProcessToken(GetCurrentProcess,TOKEN_ALL_ACCESS,TokenHandle);

but when i use this token to run

 CreateProcessAsUser(TokenHandle,.....)

my process is still running in session 0.
how can i resolve this issue?

I'm using an Ole automation so i don't really care on which session the process will be running on, as long it is not the session 0 - because the Ole from some reason doesn't create its processes (winword.exe for instance) in session 0, but rather it creates them in other user sessions.

Any suggestions will be welcome.
Thanks in advance.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

夜声 2024-08-27 18:34:33

我已经能够自己解决这个问题,感谢所有看过这个问题的人。

好的,正如我上面提到的 - 令牌属于在会话 0 中运行的进程...

所以我所做的...是寻找不在会话 0 中运行的进程的令牌。
当您将其进程 ID 作为 OpenProcessToken 的参数时。
比 CreateProcessAsUser 将在同一会话中创建进程(并且可能使用与您选择的进程相同的凭据);

问题是我无法使用以下函数获得大多数进程的任何详细信息:QueryFullProcessImageName - 因为它有一个错误,并且它不适用于从包含空格的路径创建的进程(例如 C: \例如程序文件)
我猜想该函数的另一个问题是,因为我正在使用用户凭据运行原始进程,所以我无法访问使用本地系统帐户运行的进程的信息。这非常糟糕,因为我想将 winlogon.exe 作为我的进程(因为它表明一个新打开的会话)。

另外,为了成功实现这一技巧,您必须稍微考虑一下系统的安全性,以便允许进程请求提高安全性:
我选择升职的原因是:
SeDebugPrivilege - 用于查找有关正在运行的进程的信息
SeAssignPrimaryTokenPrivilege - 为了使用我从用户会话进程(即explorer.exe)中提取的令牌运行新进程
SeCreateTokenPrivilege - 我不知道是否需要它,但我还是这样做了,因为它听起来相关。

为了成功提升此权限 - 您必须将运行该进程的用户添加到 run->gpedit.msc 或 run->secpol.msc 中所有此权限中的相关用户(在本地计算机策略\计算机下)配置\ Windows 设置\安全设置\ LocalPolicies\用户权限分配)

将您的帐户添加到以下权限(与上面的权限兼容):
创建令牌对象
调试程序
替换进程级别令牌

就是这样! :)
它一直工作得很好!
顺便说一句,您可能想禁用所有 UAC 功能...我不知道它是否相关,但它使 2008 年的工作不再那么痛苦 - 不再有烦人的弹出窗口。

I Have been able to resolve this issue myself, thanks for all of those who have looked at this question.

Ok, so as i mentioned above - the Token belongs to a process which is running in session 0...

so what i have done...is looked for a token of a process that is not running in session 0.
when you take it's process id as the parameter for OpenProcessToken.
than the CreateProcessAsUser will create the process in the same session (and probably with the same cridentals as the process you have chosen);

The problem was that i couldn't have get any details on most of the processes using the function: QueryFullProcessImageName - because it has a bug, and it doesn't work on proccesses that are created from a path that contains spaces (like C:\Program files for instance)
and another issue with that function i guess is that because i'm running the original process using a user cridentals i can't access the information of a process that is running using the Local-system account. which is pretty bad because i wanted to take the winlogon.exe as my process (because it indicate a new opened session).

also in order to succeeed in that trick, you must play a little bit with the security of the system, in order to allow the process to ask for elevated security:
what i have chosen to get elevated for is :
SeDebugPrivilege - for finding information on the running processes
SeAssignPrimaryTokenPrivilege - in order to run a new process with the token i extracted from the user session process(i.e explorer.exe)
SeCreateTokenPrivilege - i dont know if it is needed but i did it anyway because it sounds related.

in order to succeed in elevating this Privileges - you must add the user that run the process to the relevant users in all of this Privileges in run->gpedit.msc or run->secpol.msc (under Local Computer Policy\Computer Configuration\ Windows Settings\Security settings\ LocalPolicies\User Rights Assignments)

add your account to the following rights(compaitable with the Previleges above) :
Create a token object
Debug Programs
Replace a Process level token

and that is it! :)
it has been working Great!
Btw, you might want to disable all the UAC stuff...i dont know if it is related or not, but it has made the working with 2008 less painful - no more annoying popups.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文