为什么 CreateProcessWithTokenW 失败并出现 ERROR_ACCESS_DENIED

发布于 2024-10-26 08:12:28 字数 2640 浏览 5 评论 0原文

我对 CreateProcessWithTokenW 的调用因访问被拒绝而失败。有什么想法如何调试这个吗？

对 CreateProcessWithTokenW 的调用位于：https://github。 com/fschwiet/PShochu/blob/master/PShochu/PInvoke/NetWrappers/ProcessUtil.cs

现在我正在为当前进程使用访问令牌，最终我将使用另一个用户的令牌。现在我正在使用 https://github。 com/fschwiet/PShochu/blob/master/PShochu/PInvoke/NetWrappers/AccessToken.cs 获取访问令牌。

如果您想调试，请下载源代码并运行 build_and_test.ps1。错误堆栈是：

1) Test Error : PShochu.Tests.can_run_remote_interactive_tasks, given a psake script which writes the current process id to output, when that script is invoked interactively, then the script succeeds
   System.ComponentModel.Win32Exception : Access is denied
   at PShochu.PInvoke.NetWrappers.ProcessUtil.CreateProcessWithToken(IntPtr userPrincipalToken, String applicationName,
String applicationCommand, Boolean dontCreateWindow, Boolean createWithProfile, StreamReader& consoleOutput, StreamReader& errorOutput) in c:\src\PShochu\PShochu\PInvoke\NetWrappers\ProcessUtil.cs:line 52
   at PShochu.ProcessHandling.RunNoninteractiveConsoleProcessForStreams2(String command, String commandArguments, String& newLine) in c:\src\PShochu\PShochu\ProcessHandling.cs:line 36
   at PShochu.ProcessHandling.RunNoninteractiveConsoleProcess(String command, String commandArguments) in c:\src\PShochu\PShochu\ProcessHandling.cs:line 20
   at PShochu.Tests.can_run_remote_interactive_tasks.<>c__DisplayClass16.<>c__DisplayClass18.<Specify>b__2() in c:\src\PShochu\PShochu.Tests\can_run_remote_interactive_tasks.cs:line 27
   at NJasmine.Core.Execution.DescribeState.<>c__DisplayClass7`1.<visitBeforeEach>b__3() in c:\src\NJasmine\NJasmine\Core\Execution\DescribeState.cs:line 62

稍后更新：我在一些文档中看到需要额外的权限（http://msdn.microsoft.com/en-us/library/aa374905%28v=vs.85%29.aspx）。我无法进行测试来验证我是否拥有这些单独的证券（它们在重启前的 secpol.msc 中设置）

SE_ASSIGNPRIMARYTOKEN_NAME  "Replace a process level token"
SE_TCB_NAME "Act as part of the operatin system"
SE_INCREASE_QUOTA_NAME  "Adjust memory quotas for a process"

这些测试不断告诉我我没有在 UI 中设置的权限，https://github.com/fschwiet/PShochu/blob/master/PShochu.Tests/ verify_privileges.cs

原文

I have a call to CreateProcessWithTokenW that is failing with access denied. Any ideas how to debug this?

The call to CreateProcessWithTokenW is here: https://github.com/fschwiet/PShochu/blob/master/PShochu/PInvoke/NetWrappers/ProcessUtil.cs

For now I'm using a access token for the current process, eventually I'll use a token from another user. For now then I'm using https://github.com/fschwiet/PShochu/blob/master/PShochu/PInvoke/NetWrappers/AccessToken.cs to get the access token.

If you want to debug, pull down the sourcecode and run build_and_test.ps1. The error stack is:

1) Test Error : PShochu.Tests.can_run_remote_interactive_tasks, given a psake script which writes the current process id to output, when that script is invoked interactively, then the script succeeds
   System.ComponentModel.Win32Exception : Access is denied
   at PShochu.PInvoke.NetWrappers.ProcessUtil.CreateProcessWithToken(IntPtr userPrincipalToken, String applicationName,
String applicationCommand, Boolean dontCreateWindow, Boolean createWithProfile, StreamReader& consoleOutput, StreamReader& errorOutput) in c:\src\PShochu\PShochu\PInvoke\NetWrappers\ProcessUtil.cs:line 52
   at PShochu.ProcessHandling.RunNoninteractiveConsoleProcessForStreams2(String command, String commandArguments, String& newLine) in c:\src\PShochu\PShochu\ProcessHandling.cs:line 36
   at PShochu.ProcessHandling.RunNoninteractiveConsoleProcess(String command, String commandArguments) in c:\src\PShochu\PShochu\ProcessHandling.cs:line 20
   at PShochu.Tests.can_run_remote_interactive_tasks.<>c__DisplayClass16.<>c__DisplayClass18.<Specify>b__2() in c:\src\PShochu\PShochu.Tests\can_run_remote_interactive_tasks.cs:line 27
   at NJasmine.Core.Execution.DescribeState.<>c__DisplayClass7`1.<visitBeforeEach>b__3() in c:\src\NJasmine\NJasmine\Core\Execution\DescribeState.cs:line 62

Later update: I saw in some docs that additional privileges are needed (http://msdn.microsoft.com/en-us/library/aa374905%28v=vs.85%29.aspx). I am having trouble getting tests to verify I have these individual securities (they are set in secpol.msc pre-reboot)

SE_ASSIGNPRIMARYTOKEN_NAME  "Replace a process level token"
SE_TCB_NAME "Act as part of the operatin system"
SE_INCREASE_QUOTA_NAME  "Adjust memory quotas for a process"

These tests keep telling me I don't have the permissions I've set in the UI, https://github.com/fschwiet/PShochu/blob/master/PShochu.Tests/verify_privileges.cs

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

愛上了 2024-11-02 08:12:28

通过反复试验，我发现传递给 CreateProcessWithTokenW() 的令牌需要以下访问标志（至少在 Windows 7 SP1 64 位上）：

TOKEN_ASSIGN_PRIMARY
TOKEN_DUPLICATE
TOKEN_QUERY
TOKEN_ADJUST_DEFAULT
TOKEN_ADJUST_SESSIONID

两个粗体字非常有帮助，在 CreateProcessWithTokenW() 的文档中根本没有提及。

编辑：以下代码对我来说效果很好（当运行提升时）：

HANDLE hToken = NULL;
if(OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &hToken))
{
    HANDLE hDuplicate = NULL;
    if(DuplicateTokenEx(hToken, TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_QUERY | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID, NULL, SecurityImpersonation, TokenPrimary, &hDuplicate))
    {
        TCHAR szCommandLine[MAX_PATH];
        _tcscpy_s(szCommandLine, MAX_PATH, _T("C:\\Windows\\system32\\notepad.exe"));
        STARTUPINFO StartupInfo;
        ZeroMemory(&StartupInfo, sizeof(STARTUPINFO));
        StartupInfo.cb = sizeof(STARTUPINFO);
        PROCESS_INFORMATION ProcessInformation;
        ZeroMemory(&ProcessInformation, sizeof(PROCESS_INFORMATION));
        if(CreateProcessWithTokenW(hDuplicate, LOGON_WITH_PROFILE, NULL, szCommandLine, 0, NULL, NULL, &StartupInfo, &ProcessInformation))
        {
            WaitForSingleObject(ProcessInformation.hProcess, INFINITE);
            CloseHandle(ProcessInformation.hThread);
            ProcessInformation.hThread = NULL;
            CloseHandle(ProcessInformation.hProcess);
            ProcessInformation.hProcess = NULL;
        }
        CloseHandle(hDuplicate);
        hToken = hDuplicate;
    }
    CloseHandle(hToken);
    hToken = NULL;
}

Through trial and error I figured out that the token you pass to CreateProcessWithTokenW() needs the following access flags (at least on Windows 7 SP1 64-bit):

TOKEN_ASSIGN_PRIMARY
TOKEN_DUPLICATE
TOKEN_QUERY
TOKEN_ADJUST_DEFAULT
TOKEN_ADJUST_SESSIONID

The last two in bold are very helpfully not mentioned at all in the documentation for CreateProcessWithTokenW().

EDIT: The following code works fine for me (when running elevated):

HANDLE hToken = NULL;
if(OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &hToken))
{
    HANDLE hDuplicate = NULL;
    if(DuplicateTokenEx(hToken, TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_QUERY | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID, NULL, SecurityImpersonation, TokenPrimary, &hDuplicate))
    {
        TCHAR szCommandLine[MAX_PATH];
        _tcscpy_s(szCommandLine, MAX_PATH, _T("C:\\Windows\\system32\\notepad.exe"));
        STARTUPINFO StartupInfo;
        ZeroMemory(&StartupInfo, sizeof(STARTUPINFO));
        StartupInfo.cb = sizeof(STARTUPINFO);
        PROCESS_INFORMATION ProcessInformation;
        ZeroMemory(&ProcessInformation, sizeof(PROCESS_INFORMATION));
        if(CreateProcessWithTokenW(hDuplicate, LOGON_WITH_PROFILE, NULL, szCommandLine, 0, NULL, NULL, &StartupInfo, &ProcessInformation))
        {
            WaitForSingleObject(ProcessInformation.hProcess, INFINITE);
            CloseHandle(ProcessInformation.hThread);
            ProcessInformation.hThread = NULL;
            CloseHandle(ProcessInformation.hProcess);
            ProcessInformation.hProcess = NULL;
        }
        CloseHandle(hDuplicate);
        hToken = hDuplicate;
    }
    CloseHandle(hToken);
    hToken = NULL;
}

回复收藏 0 原文

~没有更多了~