Menu
I have a block of of code
if(!CreateProcessWithLogonW(
szUserName,
NULL,
szPassword,
LOGON_WITH_PROFILE,
L"C:\\Windows\\System32\\cmd.exe", // file to execute
NULL,
NORMAL_PRIORITY_CLASS | CREATE_BREAKAWAY_FROM_JOB, // creation flags
NULL, // pointer to new environment block
NULL, // name of current directory
&si, // pointer to STARTUPINFO structure
&pi // receives information about new process
)){
ReportError(L"Create Process");
}
ReportError is not invoked, but csrss.exe pops up with
What am I doing wrong?!
The username and password ARE correct.
the whole file:
// cmd.cpp : Defines the entry point for the console application.
//
#include <Windows.h>
#include <Lmcons.h>
#include <iostream>
#include <ctype.h>
#include <string>
#include <stdio.h>
#define winstring LPWSTR
#define stcas(x) static_cast<x>
#define INFO_BUFFER_SIZE 260
using namespace std;
void ReportError(LPCWSTR pszFunction, DWORD dwError = GetLastError())
{
wprintf(L"%s failed w/err 0x%08lx\n", pszFunction, dwError);
}
int main()
{
TCHAR un[UNLEN+1];
DWORD size = UNLEN + 1;
GetUserName(un, &size);
string una(un);
bool sys = !una.compare("SYSTEM");
/*
if(!sys) {
system("cls");
system("title Command Prompt");
system("cmd");
return 0;
}
*/
wchar_t szUserName[INFO_BUFFER_SIZE] = {};
wchar_t szPassword[INFO_BUFFER_SIZE] = {};
wchar_t *pc = NULL;
HANDLE hToken = NULL;
BOOL fSucceeded = FALSE;
BOOL logon = FALSE;
printf("Enter the username: ");
fgetws(szUserName, ARRAYSIZE(szUserName), stdin);
pc = wcschr(szUserName, '\n');
if (pc != NULL) *pc = '\0'; // Remove the trailing L'\n'
cout << endl;
//string un(szUserName);
printf("Enter the password: ");
fgetws(szPassword, ARRAYSIZE(szPassword), stdin);
pc = wcschr(szPassword, '\n');
if (pc != NULL) *pc = '\0'; // Remove the trailing L'\n'
if (!LogonUserW(szUserName, NULL, szPassword, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &hToken))
{
ReportError(L"Logon");
goto Cleanup;
}
else logon = true;
HANDLE phToken = NULL;
BOOL dup = FALSE;
if(!DuplicateTokenEx(hToken, TOKEN_DUPLICATE|TOKEN_IMPERSONATE|TOKEN_QUERY, NULL, SecurityImpersonation, TokenPrimary, &phToken)){
ReportError(L"DUPLICATE TOKEN");
}
else dup = TRUE;
// Impersonate the logged on user.
if (!ImpersonateLoggedOnUser(phToken))
{
ReportError(L"imp");
goto Cleanup;
}
fSucceeded = true;
Cleanup:
// Clean up the buffer containing sensitive password.
LPTSTR szCmdline[] = {"cmd"};
STARTUPINFOW si;
PROCESS_INFORMATION pi;
TCHAR uni[UNLEN+1];
DWORD sizei = UNLEN + 1;
GetUserName(uni, &sizei);
string unai(uni);
cout << unai << endl;
memset(&si, 0, sizeof(si));
si.cb = sizeof(si);
system("pause");
// If the impersonation was successful, undo the impersonation.
if (fSucceeded && logon)
{
system("cls");
system("title Command Prompt");
//system("cmd");
if(!CreateProcessWithLogonW(
szUserName,
NULL,
szPassword,
LOGON_WITH_PROFILE,
L"cmd.exe", // file to exec
NULL,
NORMAL_PRIORITY_CLASS | CREATE_BREAKAWAY_FROM_JOB, // creation flags
NULL, // pointer to new environment block
NULL, // name of current directory
&si, // pointer to STARTUPINFO structure
&pi // receives information about new process
)){
ReportError(L"Create Process");
}
if (!RevertToSelf())
{
ReportError(L"Undo Imp");
}
}
SecureZeroMemory(szPassword, sizeof(szPassword));
system("pause");
}
397
Run Outlook in Compatibility Mode Right-click on the application and select the 'Properties' from the options. Navigate towards the 'Compatibility tab' and open the window. Tick on the box that reads 'Run Outlook in compatibility mode'. Choose the earlier version of Windows and select the 'OK' option.
Make a right-click on file in which you are encountering Excel application was unable to start correctly. Tap the Properties option and hit the Compatibility tab. Now choose the option “Run Compatibility Troubleshooter”. Now check whether the application starts working correctly or not.
The code you posted works for me if I skip the calls to LogonUser, DuplicateToken and ImpersonateLoggedOnUser. You don't want to impersonate another user in order to call CreateProcessWithLogon since it basically does that for you, so just remove all that logic to do the impersonation.
Impersonating a user could also cause your program to be unable to launch an application at all if the target application requires a higher level of privilege than the user has.
95
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
