加载用户配置文件后以用户身份创建进程
我有作为系统运行的服务,我想在某些具有用户权限的用户 TS 会话中生成新进程。
我在用户 TS 会话中调用 LogonUser、LoadUserProfile、CreateEnvironmentBlock、CreateProcessAsUser 和 spwan 进程。
进程(cmd.exe)在用户 TS 会话中运行,但是当我尝试运行 GUI 应用程序时,我收到以下错误消息:
Exception EAccessViolation in module ntdll.dll at 00022272.
Accessviolation at address 77D22272 in module 'ntdll .dll'。写入地址 0000000C。
我错过了什么吗?
任何帮助将不胜感激!
谢谢, 利奥尔
I have service that runs as system, i want to spawn new process in some user TS session with the user privileges.
I'm calling LogonUser, LoadUserProfile, CreateEnvironmentBlock, CreateProcessAsUser and spwan the process in the user TS session.
The process (cmd.exe) run in the user TS session, but when i'm trying to run GUI application i get the following error message:
Exception EAccessViolation in module ntdll.dll at 00022272.
Access violation at address 77D22272 in module 'ntdll.dll'. Write of address 0000000C.
Have I missed something?
Any help would be greatly appreciated !
Thanks,
Lior
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
查看 启动来自服务的用户会话中的进程。主要问题是您应该在其他 TS 会话上启动进程。因此,您必须根据
SetTokenInformation和TokenSessionId切换当前会话。为此,您必须启用SE_TCB_NAME权限。此外,您必须更改有关
OpenWindowStation、OpenDesktop和SetUserObjectSecurity的桌面和 Windows Station 对象的安全描述符(请参阅 http://msdn.microsoft.com/en-us/library/ms681928.aspx , http://msdn.microsoft.com/en-us/library/ms687107 .aspx 和 http://support.microsoft.com/kb/165194 )Look at Launching a process in user’s session from a service. The main problem is that you should start process with on other TS session. So you have to switch current session with respect of
SetTokenInformationandTokenSessionId. To be able to do this you have to enableSE_TCB_NAMEprivilege.Moreover you have to change Security Descriptor of the Desktop and Windows Station objects with respect of
OpenWindowStation,OpenDesktopandSetUserObjectSecurity(see http://msdn.microsoft.com/en-us/library/ms681928.aspx, http://msdn.microsoft.com/en-us/library/ms687107.aspx and http://support.microsoft.com/kb/165194)