[英]System.Diagnostics.Process.Start() problems on Windows Server 2008
[英]Problems starting a process from a DLL in Windows Server 2008
我有一個DLL,可以啟動一些基本的Windows程序:
using System;
using System.Diagnostics;
using Microsoft.Win32;
namespace ExternalProgram
{
public class Access
{
String applicationName = String.Empty;
public Access()
{
}
public void Telnet(string address)
{
applicationName = "telnet.exe " + address;
ApplicationLoader.PROCESS_INFORMATION procInfo;
ApplicationLoader.StartProcessAndBypassUAC(applicationName, out procInfo);
}
public void Ping(string address)
{
Process.Start("ping.exe", address + " -t");
//applicationName = "ping.exe " + address + " -t";
//ApplicationLoader.PROCESS_INFORMATION procInfo;
//ApplicationLoader.StartProcessAndBypassUAC(applicationName, out procInfo);
}
public void Putty(string address)
{
applicationName = "putty.exe " + address;
ApplicationLoader.PROCESS_INFORMATION procInfo;
ApplicationLoader.StartProcessAndBypassUAC(applicationName, out procInfo);
}
public void RemoteDesktop(string address)
{
applicationName = "mstsc.exe " + "/v " + address;
ApplicationLoader.PROCESS_INFORMATION procInfo;
ApplicationLoader.StartProcessAndBypassUAC(applicationName, out procInfo);
}
public void Browse(string address)
{
applicationName = GetDefaultBrowser() + " " + address;
ApplicationLoader.PROCESS_INFORMATION procInfo;
ApplicationLoader.StartProcessAndBypassUAC(applicationName, out procInfo);
}
private string GetDefaultBrowser()
{
string browser = string.Empty;
RegistryKey key = null;
try
{
key = Registry.ClassesRoot.OpenSubKey(@"HTTP\shell\open\command", false);
//trim off quotes
browser = key.GetValue(null).ToString().ToLower().Replace("\"", "");
if (!browser.EndsWith("exe"))
{
//get rid of everything after the ".exe"
browser = browser.Substring(0, browser.LastIndexOf(".exe") + 4);
}
}
finally
{
if (key != null) key.Close();
}
return browser;
}
}
}
namespace ExternalProgram
{
/// <summary>
/// Class that allows running applications with full admin rights. In
/// addition the application launched will bypass the Vista UAC prompt.
/// </summary>
public class ApplicationLoader
{
#region Structures
[StructLayout(LayoutKind.Sequential)]
public struct SECURITY_ATTRIBUTES
{
public int Length;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle;
}
[StructLayout(LayoutKind.Sequential)]
public struct STARTUPINFO
{
public int cb;
public String lpReserved;
public String lpDesktop;
public String lpTitle;
public uint dwX;
public uint dwY;
public uint dwXSize;
public uint dwYSize;
public uint dwXCountChars;
public uint dwYCountChars;
public uint dwFillAttribute;
public uint dwFlags;
public short wShowWindow;
public short cbReserved2;
public IntPtr lpReserved2;
public IntPtr hStdInput;
public IntPtr hStdOutput;
public IntPtr hStdError;
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public uint dwProcessId;
public uint dwThreadId;
}
#endregion
#region Enumerations
enum TOKEN_TYPE : int
{
TokenPrimary = 1,
TokenImpersonation = 2
}
enum SECURITY_IMPERSONATION_LEVEL : int
{
SecurityAnonymous = 0,
SecurityIdentification = 1,
SecurityImpersonation = 2,
SecurityDelegation = 3,
}
#endregion
#region Constants
public const int TOKEN_DUPLICATE = 0x0002;
public const uint MAXIMUM_ALLOWED = 0x2000000;
public const int CREATE_NEW_CONSOLE = 0x00000010;
public const int IDLE_PRIORITY_CLASS = 0x40;
public const int NORMAL_PRIORITY_CLASS = 0x20;
public const int HIGH_PRIORITY_CLASS = 0x80;
public const int REALTIME_PRIORITY_CLASS = 0x100;
#endregion
#region Win32 API Imports
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool CloseHandle(IntPtr hSnapshot);
[DllImport("kernel32.dll")]
static extern uint WTSGetActiveConsoleSessionId();
[DllImport("advapi32.dll", EntryPoint = "CreateProcessAsUser", SetLastError = true, CharSet = CharSet.Ansi, CallingConvention = CallingConvention.StdCall)]
public extern static bool CreateProcessAsUser(IntPtr hToken, String lpApplicationName, String lpCommandLine, ref SECURITY_ATTRIBUTES lpProcessAttributes,
ref SECURITY_ATTRIBUTES lpThreadAttributes, bool bInheritHandle, int dwCreationFlags, IntPtr lpEnvironment,
String lpCurrentDirectory, ref STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
static extern bool ProcessIdToSessionId(uint dwProcessId, ref uint pSessionId);
[DllImport("advapi32.dll", EntryPoint = "DuplicateTokenEx")]
public extern static bool DuplicateTokenEx(IntPtr ExistingTokenHandle, uint dwDesiredAccess,
ref SECURITY_ATTRIBUTES lpThreadAttributes, int TokenType,
int ImpersonationLevel, ref IntPtr DuplicateTokenHandle);
[DllImport("kernel32.dll")]
static extern IntPtr OpenProcess(uint dwDesiredAccess, bool bInheritHandle, uint dwProcessId);
[DllImport("advapi32", SetLastError = true), SuppressUnmanagedCodeSecurityAttribute]
static extern bool OpenProcessToken(IntPtr ProcessHandle, int DesiredAccess, ref IntPtr TokenHandle);
#endregion
/// <summary>
/// Launches the given application with full admin rights, and in addition bypasses the Vista UAC prompt
/// </summary>
/// <param name="applicationName">The name of the application to launch</param>
/// <param name="procInfo">Process information regarding the launched application that gets returned to the caller</param>
/// <returns></returns>
public static bool StartProcessAndBypassUAC(String applicationName, out PROCESS_INFORMATION procInfo)
{
uint winlogonPid = 0;
IntPtr hUserTokenDup = IntPtr.Zero, hPToken = IntPtr.Zero, hProcess = IntPtr.Zero;
procInfo = new PROCESS_INFORMATION();
// obtain the currently active session id; every logged on user in the system has a unique session id
uint dwSessionId = WTSGetActiveConsoleSessionId();
// obtain the process id of the winlogon process that is running within the currently active session
Process[] processes = Process.GetProcessesByName("winlogon");
foreach (Process p in processes)
{
if ((uint)p.SessionId == dwSessionId)
{
winlogonPid = (uint)p.Id;
}
}
// obtain a handle to the winlogon process
hProcess = OpenProcess(MAXIMUM_ALLOWED, false, winlogonPid);
// obtain a handle to the access token of the winlogon process
if (!OpenProcessToken(hProcess, TOKEN_DUPLICATE, ref hPToken))
{
CloseHandle(hProcess);
return false;
}
// Security attibute structure used in DuplicateTokenEx and CreateProcessAsUser
// I would prefer to not have to use a security attribute variable and to just
// simply pass null and inherit (by default) the security attributes
// of the existing token. However, in C# structures are value types and therefore
// cannot be assigned the null value.
SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES();
sa.Length = Marshal.SizeOf(sa);
// copy the access token of the winlogon process; the newly created token will be a primary token
if (!DuplicateTokenEx(hPToken, MAXIMUM_ALLOWED, ref sa, (int)SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, (int)TOKEN_TYPE.TokenPrimary, ref hUserTokenDup))
{
CloseHandle(hProcess);
CloseHandle(hPToken);
return false;
}
// By default CreateProcessAsUser creates a process on a non-interactive window station, meaning
// the window station has a desktop that is invisible and the process is incapable of receiving
// user input. To remedy this we set the lpDesktop parameter to indicate we want to enable user
// interaction with the new process.
STARTUPINFO si = new STARTUPINFO();
si.cb = (int)Marshal.SizeOf(si);
si.lpDesktop = @"winsta0\default"; // interactive window station parameter; basically this indicates that the process created can display a GUI on the desktop
// flags that specify the priority and creation method of the process
int dwCreationFlags = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE;
// create a new process in the current user's logon session
bool result = CreateProcessAsUser(hUserTokenDup, // client's access token
null, // file to execute
applicationName, // command line
ref sa, // pointer to process SECURITY_ATTRIBUTES
ref sa, // pointer to thread SECURITY_ATTRIBUTES
false, // handles are not inheritable
dwCreationFlags, // creation flags
IntPtr.Zero, // pointer to new environment block
null, // name of current directory
ref si, // pointer to STARTUPINFO structure
out procInfo // receives information about new process
);
// invalidate the handles
CloseHandle(hProcess);
CloseHandle(hPToken);
CloseHandle(hUserTokenDup);
return result; // return the result
}
}
}
我從網上博客中竊取了關於繞過Vista UAC的ApplicationLoader
代碼。 當我第一次編寫代碼時,我注意到該過程將啟動,但對用戶不可見,您只能通過過程管理器查看/殺死該過程。
第三方ApplicationLoader
代碼在Vista和Win7上解決了此問題。 我能夠看到該過程愉快地啟動並運行良好。
我只是將DLL移到Windows Server 2008上,卻完全看不到該過程開始。 沒有錯誤,沒有警告。 我在服務器上禁用了UAC,重新啟動,然后再次嘗試,但沒有發現任何變化。
我嘗試定期啟動該過程以及使用應用程序加載器啟動該過程,沒有嘗試。 它確實可以從Run()
開始,所以這是我的代碼。
有任何想法嗎? 我應該從哪里開始進行類似這樣的錯誤記錄? 我還是仍然需要ApplicationLoader
代碼,還是在Server 2008中會破壞代碼?
編輯:我能夠進一步跟蹤此問題。 該過程已成功啟動,但隨后在加載DLL時立即變得不可見。 我已經在Google上看到過有關此內容的文章,因此我正在尋找,但其他建議也將不勝感激。
EDIT2:發現! 以管理員身份而不是具有管理特權的用戶身份登錄會產生不同的結果-進程處於活動狀態但不可見。
編輯:我已經確定了問題,沒有解決的想法。 希望幫助。
因此,這是在兩種不同情況下發生的事情:
方案1:Windows 7(工作)
如果我轉到開始->運行-> Ping.exe 127.0.0.1 -t,然后打開任務管理器,我會看到在SESSION 1中運行的SEAN下打開了PING.EXE。
如果我使用Process.Start()運行Ping.exe,則PING.EXE在SESSION 0中運行的SYSTEM下打開。它不可見,因為它不在與我當前正在使用的會話中運行。
如果我使用StartProcessAndBypassUAC運行Ping.exe,則PING.EXE在SESSION 1中運行的SYSTEM下打開。 值得注意的是,此處的會話ID與我手動運行ping時的會話ID相同。
方案2:Windows Server 2008(不工作)-UAC已100%禁用,安全策略已禁用。
如果我轉到“開始”->“運行”->“ Ping.exe 127.0.0.1 -t”,然后打開“任務管理器”,則會看到在會話ID 2中運行的“管理員”下打開了PING.EXE。
如果我使用Process.Start運行它,它將在會話0的SYSTEM下打開,並且是不可見的。 如果我使用StartProcessAndBypassUAC運行它,它將在會話1的SYSTEM下打開。
雖然在兩種情況下都在會話1中打開它,但我相信我看不到它,因為管理員正在會話2中工作,而ping在會話1中處於關閉狀態。
如何在服務器2k8的會話2中打開ping.exe?
第一次在Windows Server 2008上嘗試正常運行的C#應用程序時,我遇到了類似的問題。 當我嘗試啟動一個流程時,它不會。
解決了我的問題的是,我沒有使用工作目錄,而是使用了可執行文件的完整路徑。
試試這個
applicationName = @"C:\some\dir\putty.exe " + address;
對於遠程登錄時如何自動檢測用戶ID的問題,我從未得出明確的結論。 懷疑這是一個安全問題。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.