码迷,mamicode.com
首页 > 其他好文 > 详细

C ProcessAsUser

时间:2017-10-13 15:23:02      阅读:198      评论:0      收藏:0      [点我收藏+]

标签:eve   art   anon   charset   receive   console   poi   direct   domain   

 class Interop
    {
        public static void CreateProcess(string app, string path)
        {
            bool result;
            IntPtr hToken = WindowsIdentity.GetCurrent().Token;
            IntPtr hDupedToken = IntPtr.Zero;

            PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
            SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES();
            sa.Length = Marshal.SizeOf(sa);

            STARTUPINFO si = new STARTUPINFO();
            si.cb = Marshal.SizeOf(si);

            int dwSessionID = WTSGetActiveConsoleSessionId();
            result = WTSQueryUserToken(dwSessionID, out hToken);

            if (!result)
            {
                ShowMessageBox("WTSQueryUserToken failed", "AlertService Message");
            }

            result = DuplicateTokenEx(
                   hToken,
                   GENERIC_ALL_ACCESS,
                   ref sa,
                   (int)SECURITY_IMPERSONATION_LEVEL.SecurityIdentification,
                   (int)TOKEN_TYPE.TokenPrimary,
                   ref hDupedToken
                );

            if (!result)
            {
                ShowMessageBox("DuplicateTokenEx failed", "AlertService Message");
            }

            IntPtr lpEnvironment = IntPtr.Zero;
            result = CreateEnvironmentBlock(out lpEnvironment, hDupedToken, false);

            if (!result)
            {
                ShowMessageBox("CreateEnvironmentBlock failed", "AlertService Message");
            }

            result = CreateProcessAsUser(
                                  hDupedToken,
                                  app,
                                  String.Empty,
                                  ref sa, ref sa,
                                  false, 0, IntPtr.Zero,
                                  null, ref si, ref pi);

            if (!result)
            {
                int error = Marshal.GetLastWin32Error();
                string message = String.Format("CreateProcessAsUser Error: {0}", error);
                ShowMessageBox(message, "AlertService Message");
            }

            if (pi.hProcess != IntPtr.Zero)
                CloseHandle(pi.hProcess);
            if (pi.hThread != IntPtr.Zero)
                CloseHandle(pi.hThread);
            if (hDupedToken != IntPtr.Zero)
                CloseHandle(hDupedToken);
        }

        [StructLayout(LayoutKind.Sequential)]
        public struct STARTUPINFO
        {
            public Int32 cb;
            public string lpReserved;
            public string lpDesktop;
            public string lpTitle;
            public Int32 dwX;
            public Int32 dwY;
            public Int32 dwXSize;
            public Int32 dwXCountChars;
            public Int32 dwYCountChars;
            public Int32 dwFillAttribute;
            public Int32 dwFlags;
            public Int16 wShowWindow;
            public Int16 cbReserved2;
            public IntPtr lpReserved2;
            public IntPtr hStdInput;
            public IntPtr hStdOutput;
            public IntPtr hStdError;
        }

        [StructLayout(LayoutKind.Sequential)]
        public struct PROCESS_INFORMATION
        {
            public IntPtr hProcess;
            public IntPtr hThread;
            public Int32 dwProcessID;
            public Int32 dwThreadID;
        }

        [StructLayout(LayoutKind.Sequential)]
        public struct SECURITY_ATTRIBUTES
        {
            public Int32 Length;
            public IntPtr lpSecurityDescriptor;
            public bool bInheritHandle;
        }

        public enum SECURITY_IMPERSONATION_LEVEL
        {
            SecurityAnonymous,
            SecurityIdentification,
            SecurityImpersonation,
            SecurityDelegation
        }

        public enum TOKEN_TYPE
        {
            TokenPrimary = 1,
            TokenImpersonation
        }

        public const int GENERIC_ALL_ACCESS = 0x10000000;

        [DllImport("kernel32.dll", SetLastError = true,
             CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
        public static extern bool CloseHandle(IntPtr handle);

        [DllImport("advapi32.dll", SetLastError = true,
             CharSet = CharSet.Ansi, CallingConvention = CallingConvention.StdCall)]
        public static extern bool CreateProcessAsUser(
            IntPtr hToken,
            string lpApplicationName,
            string lpCommandLine,
            ref SECURITY_ATTRIBUTES lpProcessAttributes,
            ref SECURITY_ATTRIBUTES lpThreadAttributes,
            bool bInheritHandle,
            Int32 dwCreationFlags,
            IntPtr lpEnvrionment,
            string lpCurrentDirectory,
            ref STARTUPINFO lpStartupInfo,
            ref PROCESS_INFORMATION lpProcessInformation);

        [DllImport("advapi32.dll", SetLastError = true)]
        public static extern bool DuplicateTokenEx(
            IntPtr hExistingToken,
            Int32 dwDesiredAccess,
            ref SECURITY_ATTRIBUTES lpThreadAttributes,
            Int32 ImpersonationLevel,
            Int32 dwTokenType,
            ref IntPtr phNewToken);

        [DllImport("wtsapi32.dll", SetLastError = true)]
        public static extern bool WTSQueryUserToken(
            Int32 sessionId,
            out IntPtr Token);

        [DllImport("userenv.dll", SetLastError = true)]
        static extern bool CreateEnvironmentBlock(
            out IntPtr lpEnvironment,
            IntPtr hToken,
            bool bInherit);

        public static IntPtr WTS_CURRENT_SERVER_HANDLE = IntPtr.Zero;
        public static void ShowMessageBox(string message, string title)
        {
            int resp = 0;
            WTSSendMessage(
                WTS_CURRENT_SERVER_HANDLE,
                WTSGetActiveConsoleSessionId(),
                title, title.Length,
                message, message.Length,
                0, 0, out resp, false);
        }

        [DllImport("kernel32.dll", SetLastError = true)]
        public static extern int WTSGetActiveConsoleSessionId();

        [DllImport("wtsapi32.dll", SetLastError = true)]
        public static extern bool WTSSendMessage(
            IntPtr hServer,
            int SessionId,
            String pTitle,
            int TitleLength,
            String pMessage,
            int MessageLength,
            int Style,
            int Timeout,
            out int pResponse,
            bool bWait);
    }

  

[StructLayout(LayoutKind.Sequential)]
         struct STARTUPINFO
         {
             public Int32 cb;
             [MarshalAs(UnmanagedType.LPTStr)]
             public String lpReserved;
            [MarshalAs(UnmanagedType.LPTStr)]
             public String lpDesktop;
             [MarshalAs(UnmanagedType.LPTStr)]
             public String lpTitle;
             public UInt32 dwX;
            public UInt32 dwY;
            public UInt32 dwXSize;
             public UInt32 dwYSize;
             public UInt32 dwXCountChars;
             public UInt32 dwYCountChars;
             public UInt32 dwFillAttribute;
             public UInt32 dwFlags;
             public Int16 wShowWindow;
             public Int16 cbReserved2;
             public IntPtr lpReserved2;
             public HandleRef hStdInput;
             public HandleRef hStdOutput;
             public HandleRef hStdError;
         }
 
         const int NORMAL_PRIORITY_CLASS = 0x00000020;
 
         struct PROCESS_INFORMATION
         {
             public HandleRef hProcess;
             public HandleRef hThread;
             public UInt32 dwProcessId;
             public UInt32 dwThreadId;
         }
 
         struct SECURITY_ATTRIBUTES
         {
             public UInt32 nLength;
             public IntPtr lpSecurityDescriptor;
             public Boolean bInheritHandle;
         }
 
         [DllImport("advapi32.dll", CharSet = CharSet.Unicode)]
         static extern Boolean CreateProcessAsUser(
         IntPtr hToken,
         String lpApplicationName,
         String lpCommandLine,
         IntPtr lpProcessAttributes,
         IntPtr lpThreadAttributes,
        Boolean bInheritHandles,
        UInt32 dwCreationFlags,
         IntPtr lpEnvironment,
         String lpCurrentDirectory,
         ref STARTUPINFO lpStartupInfo,
         out PROCESS_INFORMATION lpProcessInformation);
 
         [DllImport("advapi32.dll", CharSet = CharSet.Unicode)]
         static extern Boolean LogonUser(
         String lpszUsername,
         String lpszDomain,
         String lpszPassword,
         Int32 dwLogonType,
         Int32 dwLogonProvider,
         ref IntPtr phToken
         );
         const int LOGON32_LOGON_INTERACTIVE = 2;
 
         public void Execute(string File)
         {
             try
             {
                 //unsafe
                 {
                     PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
 
                     STARTUPINFO si = new STARTUPINFO();
                     si.cb = Marshal.SizeOf(si);
                     si.lpDesktop = "winsta0\\default";
 
                     IntPtr hToken = new IntPtr(0);
                     if (LogonUser("auser", "mydomain", "Passw0rd!",
                         LOGON32_LOGON_INTERACTIVE, 0, ref hToken))
                     {
                         Boolean bResult = CreateProcessAsUser(
                             hToken,
                             File, // file to execute
                             null, // command line
                             IntPtr.Zero, // pointer to process SECURITY_ATTRIBUTES
                             IntPtr.Zero, // pointer to thread SECURITY_ATTRIBUTES
                             false, // handles are not inheritable
                             0, // creation flags
                             IntPtr.Zero, // pointer to new environment block
                             null, // name of current directory
                             ref si, // pointer to STARTUPINFO structure
                             out pi // receives information about new process
                             );
 
                         if (bResult)
                         {
                         }
                     }
                 }
             }
             catch(Exception e)
             {
             }
         }

 

C ProcessAsUser

标签:eve   art   anon   charset   receive   console   poi   direct   domain   

原文地址:http://www.cnblogs.com/xiangxiong/p/7661312.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!