Page 2 of 2 FirstFirst 12
Results 41 to 54 of 54

Thread: [RESOLVED] VB.Net CreateProcessAsUser API

  1. #41
    Member
    Join Date
    Apr 2003
    Posts
    33

    Re: [RESOLVED] VB.Net CreateProcessAsUser API

    Is this code posted anywhere yet? Would really love to give it a whirl
    Thanks

  2. #42

    Thread Starter
    Addicted Member
    Join Date
    Oct 2009
    Location
    Oshawa
    Posts
    214

    Re: [RESOLVED] VB.Net CreateProcessAsUser API

    unfortunately due to copywrite issues, I can't provide my code but I have already outlined the way you should start attempting to run a remote process in my last post.

  3. #43
    New Member
    Join Date
    Apr 2011
    Location
    Zürich
    Posts
    5

    Re: [RESOLVED] VB.Net CreateProcessAsUser API

    Hi all

    Do anyone have a code-example for vb.net (VS2010)?

    Thank you
    luca

  4. #44

    Thread Starter
    Addicted Member
    Join Date
    Oct 2009
    Location
    Oshawa
    Posts
    214

    Re: [RESOLVED] VB.Net CreateProcessAsUser API

    As mentioned in this thread, I can't provide the code due to legality issues but if you use the correct API's from Pinvoke and follow these steps, you will be able to do exactly what I have described.

    Create a service on the remote machine with the local system account.

    1) To create a process as the system account - Obtain the process token from the currently running process and use CreateProcessAsUser to launch the process.

    2) To create a process as the currently logged in user - Obtain the process token from any process running as the currently logged in user. Usually "explorer" will work fine. Then use CreateProcessAsUser API once again.

    3) To run a process as any other user - Create a separate executable with code to run CreateProcessWithLogonW and use named pipes to communicate the username/password/domain/process from the service process. Obtain the process token of the currently logged in user in the service process and use CreateProcessAsUser to launch the second executable using the SW_HIDE flag for the process. Now the new process launched will be that of the user specified and will be interactive with the currently logged in users desktop.


    You will need to create a "SERVICE" application that runs on the remote machine and then another application that runs on the client system that installs and starts the process remotely. If you are looking to re-direct the standard input and output from the service running on the remote machine, I haven't gotten that far yet but at this point I can run any executable on any remote machine in my company either as the SYSTEM account, the currently logged in user, or any other user specified on any domain in the organization.

  5. #45
    New Member
    Join Date
    Apr 2011
    Location
    Zürich
    Posts
    5

    Re: [RESOLVED] VB.Net CreateProcessAsUser API

    thank you taigon, i have readed your post from Jun 10th 2010.
    i have a service running in system-account, but i'm not able to take the token from the explorer to create another process. Can you post only this part? an example to take the token from explorer and open a notepad-process?

    thank you anyway
    luca

  6. #46
    Pro Grammar chris128's Avatar
    Join Date
    Jun 2007
    Location
    England
    Posts
    7,604

    Re: [RESOLVED] VB.Net CreateProcessAsUser API

    Quote Originally Posted by taigon View Post
    If you are looking to re-direct the standard input and output from the service running on the remote machine, I haven't gotten that far yet but at this point
    Oh I thought you got that going - didn't I ever send you the code that I eventually got working for redirecting input and output for a process started with CreateProcessAsUser? I thought I would have as the only reason I started working on it was because of this thread...
    But anyway here it is: http://cjwdev.wordpress.com/2010/06/...ut-and-output/
    My free .NET Windows API library (Version 2.2 Released 12/06/2011)

    Blog: cjwdev.wordpress.com
    Web: www.cjwdev.co.uk


  7. #47

    Thread Starter
    Addicted Member
    Join Date
    Oct 2009
    Location
    Oshawa
    Posts
    214

    Re: [RESOLVED] VB.Net CreateProcessAsUser API

    Hi Chris,

    I hadn't gotten around to it yet because I've been working on an enormous project that I've almost completed. I'm leaving the re-direction code until last. LoL. Thanks for your assistance with it though because I am going to probably need your example to assist.

    I will post the code to open the process token from explorer.exe but it is no longer in VB.Net as I've actually ported everything over to C# and that has now become my preferred language to code in. Later today I will post it for you.

  8. #48

    Thread Starter
    Addicted Member
    Join Date
    Oct 2009
    Location
    Oshawa
    Posts
    214

    Re: [RESOLVED] VB.Net CreateProcessAsUser API

    Ok, here is the full code for the service running on the remote machine to obtain the process token from explorer.exe and create the process as the user.

    vb Code:
    1. Private Declare Function OpenProcessToken Lib "advapi32" (ByVal ProcessHandle As IntPtr, ByVal DesiredAccess As Integer, ByRef TokenHandle As IntPtr) As Boolean
    2.             Private Declare Auto Function DuplicateTokenEx Lib "advapi32" (ByVal ExistingTokenHandle As IntPtr, ByVal dwDesiredAccess As UInt32, ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, ByVal ImpersonationLevel As Integer, ByVal TokenType As Integer, ByRef DuplicateTokenHandle As System.IntPtr) As Boolean
    3.             Private Declare Function CreateEnvironmentBlock Lib "userenv" (ByRef lpEnvironment As IntPtr, ByVal hToken As IntPtr, ByVal bInherit As Boolean) As Boolean
    4.             Private Declare Auto Function CreateProcessAsUser Lib "advapi32" (ByVal hToken As IntPtr, ByVal lpApplicationName As String, ByVal lpCommandLine As String, ByRef lpProcessAttributes As SECURITY_ATTRIBUTES, ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, ByVal bInheritHandles As Boolean, ByVal dwCreationFlags As Integer, ByVal lpEnvironment As IntPtr, ByVal lpCurrentDirectory As String, ByRef lpStartupInfo As STARTUPINFO, ByRef lpProcessInformation As PROCESS_INFORMATION) As Boolean
    5.  
    6.             Dim ps As Process() = Process.GetProcessesByName("explorer")
    7.             Dim p As Process = Process.GetProcessById(ps(0).Id)
    8.  
    9.             If OpenProcessToken(p.Handle, TOKEN_DUPLICATE, p_processtoken) = False Then
    10.                 Return ("PROCFAILED=OpenProcessToken Failed: " & Marshal.GetLastWin32Error.ToString)
    11.             End If
    12.  
    13.             If DuplicateTokenEx(p_processtoken, Convert.ToUInt32(TOKEN_ASSIGN_PRIMARY Or TOKEN_DUPLICATE Or TOKEN_QUERY), sa, CType(SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, Integer), CType(TOKEN_TYPE.TokenPrimary, Integer), DupedToken) = False Then
    14.                 Return ("PROCFAILED=DuplicateTokenEx Failed: " & Marshal.GetLastWin32Error.ToString)
    15.             End If
    16.  
    17.             If CreateEnvironmentBlock(p_env, DupedToken, True) = False Then
    18.                 Return ("PROCFAILED=CreateEnvironmentBlock Failed: " & Marshal.GetLastWin32Error.ToString)
    19.             End If
    20.  
    21.             Dim s_ProfilePath() As String = Environment.GetEnvironmentVariable("USERPROFILE").Split(CChar("\"))
    22.             Dim ProfilePath As String = ""
    23.  
    24.             Dim Path As New ManagementPath("root\cimv2")
    25.             Dim Scope As New ManagementScope(Path)
    26.             Dim objectQuery As New ObjectQuery("select * from Win32_Process")
    27.             Dim searcher As New ManagementObjectSearcher(CType(Scope, ManagementScope), objectQuery)
    28.             Dim Owner(1) As String
    29.  
    30.             For Each os As ManagementObject In searcher.Get()
    31.                 Try
    32.                     os.InvokeMethod("GetOwner", CType(Owner, Object()))
    33.  
    34.                     If os("Caption").ToString = "explorer.exe" Then
    35.                         Exit For
    36.                     End If
    37.                 Catch ex As Exception
    38.                     MsgBox(ex.Message)
    39.                 End Try
    40.             Next os
    41.  
    42.             ProfilePath &= s_ProfilePath(0) & "\" & s_ProfilePath(1) & "\" & Owner(0)
    43.  
    44.             Environment.SetEnvironmentVariable("USERPROFILE", ProfilePath)
    45.  
    46.             If CreateProcessAsUser(DupedToken, exe, Arg, saProcess, saThread, True, Nothing, Nothing, Nothing, si, pi) = False Then
    47.                 If CreateProcessAsUser(DupedToken, Nothing, Executable, saProcess, saThread, True, Nothing, Nothing, Nothing, si, pi) = False Then
    48.                     Return ("PROCFAILED=CreateProcessAsUser Failed: " & Marshal.GetLastWin32Error.ToString)
    49.                 End If
    50.             End If

  9. #49
    New Member
    Join Date
    Apr 2011
    Location
    Zürich
    Posts
    5

    Re: [RESOLVED] VB.Net CreateProcessAsUser API

    Hi taigon

    First of all: thank you for the code!

    But probably i'm a "cretin"! ;o)
    I'm not able to use your code. How can i call this function? Do i have to insert it into the code at the beginning of this thread?

  10. #50
    Pro Grammar chris128's Avatar
    Join Date
    Jun 2007
    Location
    England
    Posts
    7,604

    Re: [RESOLVED] VB.Net CreateProcessAsUser API

    Quote Originally Posted by lucorse View Post
    Hi taigon

    First of all: thank you for the code!

    But probably i'm a "cretin"! ;o)
    I'm not able to use your code. How can i call this function? Do i have to insert it into the code at the beginning of this thread?
    I don't mean to sound rude but if you don't even know how to call a function then I don't think you should be attempting something like this...
    My free .NET Windows API library (Version 2.2 Released 12/06/2011)

    Blog: cjwdev.wordpress.com
    Web: www.cjwdev.co.uk


  11. #51
    New Member
    Join Date
    Apr 2011
    Location
    Zürich
    Posts
    5

    Re: [RESOLVED] VB.Net CreateProcessAsUser API

    may be chris128, but i call a lot of functions and therefor i will try to call also this one.
    could you tell me the way?
    for example:
    i will start a process (in this case "notepad") as the same user who has running the explorer.exe. How do i create it?

  12. #52
    New Member
    Join Date
    Apr 2011
    Location
    Zürich
    Posts
    5

    Re: [RESOLVED] VB.Net CreateProcessAsUser API

    Hi taigon

    Thank you another time, i've cracked the nut! ;o)
    It works very fine.

  13. #53

    Thread Starter
    Addicted Member
    Join Date
    Oct 2009
    Location
    Oshawa
    Posts
    214

    Re: [RESOLVED] VB.Net CreateProcessAsUser API

    There ya go!

  14. #54
    Lively Member
    Join Date
    Feb 2012
    Posts
    106

    Re: [RESOLVED] VB.Net CreateProcessAsUser API

    Quote Originally Posted by taigon View Post
    Ok, here is the full code for the service running on the remote machine to obtain the process token from explorer.exe and create the process as the user.

    vb Code:
    1. Private Declare Function OpenProcessToken Lib "advapi32" (ByVal ProcessHandle As IntPtr, ByVal DesiredAccess As Integer, ByRef TokenHandle As IntPtr) As Boolean
    2.             Private Declare Auto Function DuplicateTokenEx Lib "advapi32" (ByVal ExistingTokenHandle As IntPtr, ByVal dwDesiredAccess As UInt32, ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, ByVal ImpersonationLevel As Integer, ByVal TokenType As Integer, ByRef DuplicateTokenHandle As System.IntPtr) As Boolean
    3.             Private Declare Function CreateEnvironmentBlock Lib "userenv" (ByRef lpEnvironment As IntPtr, ByVal hToken As IntPtr, ByVal bInherit As Boolean) As Boolean
    4.             Private Declare Auto Function CreateProcessAsUser Lib "advapi32" (ByVal hToken As IntPtr, ByVal lpApplicationName As String, ByVal lpCommandLine As String, ByRef lpProcessAttributes As SECURITY_ATTRIBUTES, ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, ByVal bInheritHandles As Boolean, ByVal dwCreationFlags As Integer, ByVal lpEnvironment As IntPtr, ByVal lpCurrentDirectory As String, ByRef lpStartupInfo As STARTUPINFO, ByRef lpProcessInformation As PROCESS_INFORMATION) As Boolean
    5.  
    6.             Dim ps As Process() = Process.GetProcessesByName("explorer")
    7.             Dim p As Process = Process.GetProcessById(ps(0).Id)
    8.  
    9.             If OpenProcessToken(p.Handle, TOKEN_DUPLICATE, p_processtoken) = False Then
    10.                 Return ("PROCFAILED=OpenProcessToken Failed: " & Marshal.GetLastWin32Error.ToString)
    11.             End If
    12.  
    13.             If DuplicateTokenEx(p_processtoken, Convert.ToUInt32(TOKEN_ASSIGN_PRIMARY Or TOKEN_DUPLICATE Or TOKEN_QUERY), sa, CType(SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, Integer), CType(TOKEN_TYPE.TokenPrimary, Integer), DupedToken) = False Then
    14.                 Return ("PROCFAILED=DuplicateTokenEx Failed: " & Marshal.GetLastWin32Error.ToString)
    15.             End If
    16.  
    17.             If CreateEnvironmentBlock(p_env, DupedToken, True) = False Then
    18.                 Return ("PROCFAILED=CreateEnvironmentBlock Failed: " & Marshal.GetLastWin32Error.ToString)
    19.             End If
    20.  
    21.             Dim s_ProfilePath() As String = Environment.GetEnvironmentVariable("USERPROFILE").Split(CChar("\"))
    22.             Dim ProfilePath As String = ""
    23.  
    24.             Dim Path As New ManagementPath("root\cimv2")
    25.             Dim Scope As New ManagementScope(Path)
    26.             Dim objectQuery As New ObjectQuery("select * from Win32_Process")
    27.             Dim searcher As New ManagementObjectSearcher(CType(Scope, ManagementScope), objectQuery)
    28.             Dim Owner(1) As String
    29.  
    30.             For Each os As ManagementObject In searcher.Get()
    31.                 Try
    32.                     os.InvokeMethod("GetOwner", CType(Owner, Object()))
    33.  
    34.                     If os("Caption").ToString = "explorer.exe" Then
    35.                         Exit For
    36.                     End If
    37.                 Catch ex As Exception
    38.                     MsgBox(ex.Message)
    39.                 End Try
    40.             Next os
    41.  
    42.             ProfilePath &= s_ProfilePath(0) & "\" & s_ProfilePath(1) & "\" & Owner(0)
    43.  
    44.             Environment.SetEnvironmentVariable("USERPROFILE", ProfilePath)
    45.  
    46.             If CreateProcessAsUser(DupedToken, exe, Arg, saProcess, saThread, True, Nothing, Nothing, Nothing, si, pi) = False Then
    47.                 If CreateProcessAsUser(DupedToken, Nothing, Executable, saProcess, saThread, True, Nothing, Nothing, Nothing, si, pi) = False Then
    48.                     Return ("PROCFAILED=CreateProcessAsUser Failed: " & Marshal.GetLastWin32Error.ToString)
    49.                 End If
    50.             End If


    Thanks ! The above code is working but the process can be seen only in the taskmanager. UI is not showing.
    Any solution for that?

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width