Prev: CComVariant
Next: char *
From: RRD on 4 Apr 2008 08:57
Hello,

I am calling CreateProcessAsUser function to launch an application
from another application.

I am using the following code to launch the application.

{
STARTUPINFO StartupInfo = {0};
PROCESS_INFORMATION SysmenuProcess;
memset( &SysmenuProcess, 0, sizeof( PROCESS_INFORMATION) );
StartupInfo.cb = sizeof(STARTUPINFO);
StartupInfo.dwFlags = STARTF_USESHOWWINDOW;
StartupInfo.wShowWindow = SW_SHOW;
BOOL bRetVal( TRUE );

CHAR wszIntegritySid[20] = "S-1-16-12288"; //high integrity sid
PSID pIntegritySid = NULL;
TOKEN_MANDATORY_LABEL TIL = {0};
ULONG ExitCode = 0;

HANDLE hToken;
HANDLE hNewToken;
HMODULE hModule;

if ( OpenProcessToken( GetCurrentProcess(), MAXIMUM_ALLOWED,
&hToken ) )
{
if ( DuplicateTokenEx( hToken, MAXIMUM_ALLOWED, NULL,
SecurityImpersonation, TokenPrimary, &hNewToken ) )
{
hModule = LoadLibrary( "ADVAPI32.DLL" );
if ( hModule != NULL )
{
//Do dynamic linking otherwise Win 98 will give missing symbol
error
FPConvertStringSidToSID convertStringSidToSid
=( FPConvertStringSidToSID )GetProcAddress( hModule,
"ConvertStringSidToSidA" );

if ( convertStringSidToSid != NULL &&
convertStringSidToSid( wszIntegritySid, &pIntegritySid ) )
{
TIL.Label.Attributes = SE_GROUP_INTEGRITY;
TIL.Label.Sid = pIntegritySid;

// Set the process integrity level
if ( SetTokenInformation( hNewToken, TokenIntegrityLevel, &TIL,
sizeof( TOKEN_MANDATORY_LABEL ) +
GetLengthSid( pIntegritySid ) ) )
{
// Create the new process at medium integrity
if ( !CreateProcessAsUser( hNewToken, NULL, "sysmenu.exe",
NULL, NULL, FALSE,
0, NULL, NULL, &StartupInfo,
&SysmenuProcess ) )
{
DWORD dwError = GetLastError();
LPVOID MsgBuf;
FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM,
NULL, dwError, MAKELANGID( LANG_NEUTRAL,
SUBLANG_DEFAULT ),
( LPTSTR )&MsgBuf, 0,
NULL );

AfxMessageBox( ( LPTSTR )MsgBuf );

LocalFree( MsgBuf );
bRetVal = FALSE;

CString csError;
csError.Format( "Error Code = %d Create As User ", dwError );
AfxMessageBox( csError );
}
}
LocalFree(pIntegritySid);
}
else
{
DWORD dwError = GetLastError();
LPVOID MsgBuf;
FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM,
NULL, dwError, MAKELANGID( LANG_NEUTRAL,
SUBLANG_DEFAULT ),
( LPTSTR )&MsgBuf, 0,
NULL );

AfxMessageBox( ( LPTSTR )MsgBuf );

LocalFree( MsgBuf );
bRetVal = FALSE;

CString csError;
csError.Format( "Error Code = %d convert to sid ", dwError );
AfxMessageBox( csError );
}
CloseHandle(hNewToken);
FreeLibrary( hModule );
}
}
else
{
DWORD dwError = GetLastError();
LPVOID MsgBuf;
FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM,
NULL, dwError, MAKELANGID( LANG_NEUTRAL, SUBLANG_DEFAULT ),
( LPTSTR )&MsgBuf, 0, NULL );

AfxMessageBox( ( LPTSTR )MsgBuf );

LocalFree( MsgBuf );
bRetVal = FALSE;

CString csError;
csError.Format( "Error Code = %d Duplicate Token", dwError );
AfxMessageBox( csError );
}
CloseHandle(hToken);
}
else
{
DWORD dwError = GetLastError();
LPVOID MsgBuf;
FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM,
NULL, dwError, MAKELANGID( LANG_NEUTRAL, SUBLANG_DEFAULT ),
( LPTSTR )&MsgBuf, 0, NULL );

AfxMessageBox( ( LPTSTR )MsgBuf );

LocalFree( MsgBuf );
bRetVal = FALSE;

CString csError;
csError.Format( "Error Code = %d Open Process Token", dwError );
AfxMessageBox( csError );
}
return bRetVal;
}

If the application is running in the non - administrative user the
above code fails to launch the application. Where as if the
application is running in the administrative user the application is
launched successfully.
Also I do not get any failure messages.

 | 
Pages: 1
Prev: CComVariant
Next: char *