C++ conversion of interactive process

Windows specific forum
JHPJHP
Addict
Addict
Posts: 2129
Joined: Sat Oct 09, 2010 3:47 am
Contact:

Re: C++ conversion of interactive process

Post by JHPJHP »

Hi tatanas,
tatanas wrote:I just want to do the same as psexec.
Are you under the assumption that the Interactive Client Process script can function like PsExec, or do you understand that the code can only be used to "impersonate" a local user account, executing programs locally?

PsExec executes processes on a remote system redirecting output to the local system.

LogonUserW function
Microsoft wrote:The LogonUser function attempts to log a user on to the local computer. The local computer is the computer from which LogonUser was called. You cannot use LogonUser to log on to a remote computer.
tatanas
Enthusiast
Enthusiast
Posts: 198
Joined: Wed Nov 06, 2019 10:28 am
Location: France

Re: C++ conversion of interactive process

Post by tatanas »

I think this code functionned like PsExec with Windows XP but not anymore.
An interesting answer from PaExec forum :
I think the problem is every session has it's own WinStation, so the call to OpenWindowStation is getting session 0's WinStation, and granting access to that WinStation's desktop - which isn't helpful. If there was a way to get a WinStation from a specific session, then that code would help. That seems to be the sticking point, but PsExec seems to know how (of course they are inside Microsoft now so they have access to more documentation).
And another discussion here : https://github.com/hfiref0x/WinObjEx64/issues/6


EDIT : Pierre, could you test the last version of you code in session not 0 (Run directly from Purebasic) by replacing CreateProcessAsUser by CreateProcessWithLogonW like you did at the beginning ? I can't make it to work. If I replace the 2 procedures AddAceTo... by the 2 of my first post it's working.
Windows 10 Pro x64
PureBasic 6.04 x64
User avatar
Pierre Bellisle
User
User
Posts: 35
Joined: Wed Jun 27, 2018 5:12 am

Re: C++ conversion of interactive process

Post by Pierre Bellisle »

tatanas & JHPJHP,

I did a complete rewrite of the code, starting from scratch using the original C++ program.
I tried to keep the same coding style, so it is easy to compare both sources.
The updated the beast is in my first post.
Works as intended on my side. Yours to try...
tatanas
Enthusiast
Enthusiast
Posts: 198
Joined: Wed Nov 06, 2019 10:28 am
Location: France

Re: C++ conversion of interactive process

Post by tatanas »

It's not working from Purebasic "Run" but it is OK when I compile it then launch it from a service in the same session as the loggon user.


Session 0
Service
|
\/
User Session X
StartInteractiveClientProcess.exe (as system)
|
|-> notepad.exe (as user with provided credentials)


Thank you Pierre.
Windows 10 Pro x64
PureBasic 6.04 x64
User avatar
Pierre Bellisle
User
User
Posts: 35
Joined: Wed Jun 27, 2018 5:12 am

Re: C++ conversion of interactive process

Post by Pierre Bellisle »

Hi tatanas,
yes, it will work only when started from a service.

At least, for experimenting or expanding, I think this last version is more clean and robust.

Sadly, I guess it won't be enough in your context. Above posts from JHPJHP and you seems to reveal this.

About replacing CreateProcessAsUser with CreateProcessWithLogonW,
CreateProcessAsUser must be mandatory because the rights given by the use of the token handle,
nevertheless, if you feel like it, you could try the following on your network.

Define.i Advapi
Advapi = OpenLibrary(#PB_Any, "AdvApi32.dll")
Prototype PCPWLW(A, B, C, D, E, F, G, H, I, J, K)
Global CreateProcessWithLogonW.PCPWLW = GetFunction(Advapi, "CreateProcessWithLogonW")
bResult = CreateProcessWithLogonW(@"tatanas", @"MyDomain", @"password", 0,
@"c:\windows\system32\notepad.exe", #Null, #Null, #Null, #Null, @si, @pi)
;REMout CreateProcessAsUser_()
Post Reply