create interactive elevated process from windows service and show to logged-on user

Question

I have a service that spawns a WPF application process when a user logs on.

But for some reason the WPF application gets killed about 10 minutes after it has been created? The termination is immediate with no traces found in the Event Log nor are any normal close/exit events called in the WPF application.

In fact, when the termination occurs, Windows 7 seems to hang for a second, the mouse becoming unresponsive and then acting out the mouse gestures after a short delay (when it normalizes, but now lacking the created process).

The When

public partial class Service1 : ServiceBase
{
    public Service1()
    {
        InitializeComponent();
        CanHandleSessionChangeEvent = true;
    }

    protected override void OnSessionChange(SessionChangeDescription changeDescription)
    {
        if (changeDescription.Reason == SessionChangeReason.SessionLogon
            && changeDescription.SessionId > 0)
        {
            ApplicationLoader.PROCESS_INFORMATION procInfo;
            ApplicationLoader.StartProcessAndBypassUAC(@"myapp.exe", out procInfo);                    
        }
        base.OnSessionChange(changeDescription);
    }
}

Process Creation As Per Pero Matic Code

// ...
bool result = CreateProcessAsUser(hUserTokenDup,  // client's access token
                            null,             // file to execute
                            applicationName,  // command line
                            ref sa,           // pointer to process SECURITY_ATTRIBUTES
                            ref sa,           // pointer to thread SECURITY_ATTRIBUTES
                            false,            // handles are not inheritable
                            dwCreationFlags,  // creation flags
                            IntPtr.Zero,      // pointer to new environment block 
                            null,             // name of current directory 
                            ref si,           // pointer to STARTUPINFO structure
                            out procInfo      // receives information about new process
                            );

• the termination does not seem to happen if i target notepad.exe, however?
• tested it with a vanilla\empty WPF application (.NET 4), and that crashed as well

Process Creation with Administrative Privileges and No Prompt

• It seems that the issue is trying to duplicate the administrative SYSTEM token from winlogon.exe (but which is running in session 1+), because if you duplicate the specific user token instead (e.g. from explorer.exe) then the crashes are no more!
• this is confirmed with the same vanilla/empty WPF application, and with running Marcel Roma code here - note that he uses explorer.exe instead of winlogon.exe

• although using explorer.exe gets rid of the termination I lose the administrative privileges with that, which does not work for me

• any ideas how to get it to work with the winlogon process token?

• or is it possible to adjust the exlorer.exe token to make the duplicate elevated? im guessing somehow using TokenElevation and SetTokenInformation or AdjustTokenPrivileges
• or could it be that Windows 7 has been patched to disallow such process impersonation?
• alternatively, is there any way to get the specific user token with administrative privileges (rather than the owner being SYSTEM), but again, without password knowledge/prompts (excluding CreateProcessWithLogonW)
• is this maybe to do with garbage collection somehow?

Answer 1

Well I'm just suggesting you a work around: Why you don't put your core functionalities in a windows service, and then use the wpf app as a frontend ? So that if the user kill it, it doesn't stop the service. Then the service can regularly check that the wpf front end is started, and if needed restart it.

I think it'll be a more "trusted" design that the one you're trying to do, which could let the antivirus think you're a bad software and block you.

And to protect the windows service there is another question here: Protecting a Windows Service from untrusted users

Answer 2

I don't think you can (and definitly should not be able) to do this. Your best bet is to create an application that doesn't need elevated privileges and then use IPC to talk back to your service which then performs administrative tasks on the users behalf.