View Single Post
30 May 2011  
praveen yadav

Windows 7 Ultimate x64
 
 
Need to give admin rights to session 1 exe

Need to give admin rights to session 1 exe so that this exe can create new files and registry.

i have used the below code to launch an application in session 1(ex: abc.exe) from session 0(ex:Myapp.exe).
I wish to give admin priveleges to abc.exe as this exe in-turn creates a file in C:\. But its failing to create a new file in C:\ as it is returning an ACCESS_DENIED Error, as it doesnt have the admin rights.


Code:
 
void ExecuteProc(DWORD sessionId)
{
HANDLE hToken, hProcess, hPToken, hUserTokenDup;
HDESK hdesk = NULL;
HWINSTA hwinsta = NULL, hwinstaSave = NULL;
PROCESS_INFORMATION pi;
PSID pSid = NULL;
STARTUPINFO si;
 
BOOL bResult = FALSE;
sessionId = WTSGetActiveConsoleSessionId();
 
BOOL bQuery = false;
 
bQuery = WTSQueryUserToken(sessionId, &hToken) ;
DWORD dwErr1;
 
// Initialize the STARTUPINFO structure.
 
// Specify that the process runs in the interactive desktop.
 
 
ZeroMemory(&si, sizeof(STARTUPINFO));
 
si.cb= sizeof(STARTUPINFO);
 
si.lpDesktop = TEXT("winsta0\\default");
 
 
TOKEN_PRIVILEGES tp;
LUID luid;
if (!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid))
{
printf("Lookup Privilege value Error: %u\n",GetLastError());
}
tp.PrivilegeCount =1;
tp.Privileges[0].Luid =luid;
tp.Privileges[0].Attributes =SE_PRIVILEGE_ENABLED;
 
 
DuplicateTokenEx(hToken,MAXIMUM_ALLOWED,NULL,SecurityIdentification,TokenPrimary,&hUserTokenDup);
 
int dup = GetLastError();
 
//Adjust Token privilege
SetTokenInformation(hUserTokenDup, TokenSessionId,(void*)sessionId,sizeof(DWORD));
 
if (!AdjustTokenPrivileges(hUserTokenDup,FALSE,&tp,sizeof(TOKEN_PRIVILEGES),(PTOKEN_PRIVILEGES)NULL,NULL))
{
int abc =GetLastError();
printf("Adjust Privilege value Error: %u\n",GetLastError());
}
 
if (GetLastError()== ERROR_NOT_ALL_ASSIGNED)
{
printf("Token does not have the provilege\n");
}
 
 
 
// Launch the process in the client's logon session.
 
wchar_t lpCommandLine[] = L"C:\\abc.exe";
 
bResult = CreateProcessAsUser(
hUserTokenDup, // client's access token
NULL, // file to execute
lpCommandLine, // command line
NULL, // pointer to process SECURITY_ATTRIBUTES
NULL, // pointer to thread SECURITY_ATTRIBUTES
FALSE, // handles are not inheritable
NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE, // creation flags
NULL, // pointer to new environment block 
NULL, // name of current directory 
&si, // pointer to STARTUPINFO structure
&pi // receives information about new process
); 
 
 
CloseHandle(hProcess);
CloseHandle(hUserTokenDup);
CloseHandle(hPToken);
 
 
}
 
 
int _tmain(int argc, _TCHAR* argv[])
{
DWORD sessionId = 0;
ExecuteProc(sessionId);
return 0;
}



NOTE: abc.exe tries to create a new file in C:\ but it failed to do so as it require admin rights.
please give your valuabe inputs.
thanks
Praveen
My System SpecsSystem Spec