Micha1405 Posted June 11, 2010 Share Posted June 11, 2010 Description: a process runnings as system will start a new process as user! Complile the script and start a system console an type: runasuser.exe notepad.exe the script works with Windows XP and Win7, but the Process will only start with the User Rights but without a Profile, can anyboddy help me to change it to "run as logged on user with using the profile of the user" expandcollapse popup#AutoIt3Wrapper_Outfile=RunAsUser.exe #NoTrayIcon #RequireAdmin #include <StructureConstants.au3> #include <WinAPI.au3> Global Const $STANDARD_RIGHTS_REQUIRED = 0x000F0000 Global Const $TOKEN_ALL_ACCESS_P = BitOR($STANDARD_RIGHTS_REQUIRED, $TOKEN_ASSIGN_PRIMARY, $TOKEN_DUPLICATE, $TOKEN_IMPERSONATE, $TOKEN_QUERY, $TOKEN_QUERY_SOURCE, $TOKEN_ADJUST_PRIVILEGES, $TOKEN_ADJUST_GROUPS, $TOKEN_ADJUST_DEFAULT) Global Const $TOKEN_ALL_ACCESS = BitOR($TOKEN_ALL_ACCESS_P, $TOKEN_ADJUST_SESSIONID) Global $ghADVAPI32 = DllOpen("advapi32.dll") $lpApplicationName = "" $lpCommandline = "Notepad.exe" $CustomProcess = $lpCommandline $lpProcessAttributes = DllStructCreate($tagSECURITY_ATTRIBUTES) $lpThreadAttributes = DllStructCreate($tagSECURITY_ATTRIBUTES) $bInheritHandles = False $dwCreationFlags = 0x0 $lpEnvironment = "" $lpCurrentDirectory = "" $si = DllStructCreate($tagSTARTUPINFO) $pi = DllStructCreate($tagPROCESS_INFORMATION) DllStructSetData($lpThreadAttributes, "Descriptor", "") $ta_size = DllStructGetSize($lpThreadAttributes) DllStructSetData($lpThreadAttributes, "Length", $ta_size) DllStructSetData($lpProcessAttributes, "Descriptor", "") $pa_size = DllStructGetSize($lpProcessAttributes) DllStructSetData($lpProcessAttributes, "Length", $pa_size) DllStructSetData($si, "lpDesktop", "winsta0\default") $pi_size = DllStructGetSize($pi) $si_size = DllStructGetSize($si) DllStructSetData($pi, "Size", $pi_size) DllStructSetData($si, "Size", $si_size) If $Cmdline[0] < 1 And $Cmdline[0] <> 1 Then Exit Else $lpCommandline = $Cmdline[1] $CustomProcess = $lpCommandline EndIf ; 1 Step GET Security TOKEN FROM EXPLORER process running as user If ProcessExists("DMW.exe") Then $ProcessID = ProcessExists("DWM.exe") ;Windows 7 Else $ProcessID = ProcessExists("EXPLORER.exe") EndIf ; 2 STEP GET HANDLE FROM PROCESS $ProcessHandle = _WinAPI_OpenProcess(0x0400, False, $ProcessID) ; 3 Step GEt TOKEN from Process $ProcessToken = _WinAPI_OpenProcessToken($ProcessHandle, $TOKEN_ALL_ACCESS) If $ProcessToken Then _WinAPI_ImpersonateLoggedOnUser($ProcessToken) ;$ProcessToken = DllCall("advapi32.dll", "int", "DuplicateTokenEx", "long_ptr", $ProcessToken, "int", $TOKEN_ALL_ACCESS, "long_ptr", "", "int", $TOKEN_TYPE_IMPERSONATION, "int", $TOKEN_TYPE_PRIMARY, "long_ptr*", "") LaunchProcessAsUser($CustomProcess) If $ProcessToken Then _WinAPI_CloseHandle($ProcessToken) If $ProcessHandle Then _WinAPI_CloseHandle($ProcessHandle) Func LaunchProcessAsUser($CustomProcess) Local Const $tagSTARTUPINFO = "dword cb;ptr lpReserved;ptr lpDesktop;ptr lpTitle;dword dwX;dword dwY;dword dwXSize;dword dwYSize;" & _ "dword dwXCountChars;dword dwYCountChars;dword dwFillAttribute;dword dwFlags;ushort wShowWindow;" & _ "ushort cbReserved2;ptr lpReserved2;ptr hStdInput;ptr hStdOutput;ptr hStdError" Local Const $tagPROCESSINFO = "ptr hProcess;ptr hThread;dword dwProcessId;dword dwThreadId" $hToken = $ProcessToken $si = DllStructCreate($tagSTARTUPINFO) $pi = DllStructCreate($tagPROCESS_INFORMATION) $pi_size = DllStructGetSize($pi) $si_size = DllStructGetSize($si) $si_lpDesktop = "" DllStructSetData($pi, "Size", $pi_size) DllStructSetData($si, "Size", $si_size) $console = "0x3" $a_PCall = DllCall("advapi32.dll", "bool", "CreateProcessAsUser", _ ; "handle", $hToken, _ "ptr", 0, _ ; you don't need this "str", $lpCommandline, _ ; wstr for CreateProcessAsUserW "ptr", DllStructGetPtr($lpProcessAttributes), _ "ptr", DllStructGetPtr($lpThreadAttributes), _ "bool", $bInheritHandles, _ "dword", $dwCreationFlags, _ "ptr", 0, _ ; you don't need this "ptr", 0, _ ; you don't need this "ptr", DllStructGetPtr($si), _ "ptr", DllStructGetPtr($pi)) $dllerr = @error EndFunc ;==>LaunchProcessAsUser Func _WinAPI_OpenProcessToken($pHandle, $iAccess) Local $aResult = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $pHandle, "int", $iAccess, "int*", 0) If @error Or $aResult[0] = 0 Then Return SetError(1, 0, 0) Return SetError(0, 0, $aResult[3]) EndFunc ;==>_WinAPI_OpenProcessToken Func _WinAPI_ImpersonateLoggedOnUser($hToken) Local $aResult = DllCall("advapi32.dll", "int", "ImpersonateLoggedOnUser", "hwnd", $hToken) If @error Then Return SetError(@error, @extended, 0) Return SetError(0, 0, $aResult[0] <> 0) EndFunc ;==>_WinAPI_ImpersonateLoggedOnUser My TrayToolBar Link to comment Share on other sites More sharing options...
Micha1405 Posted June 16, 2010 Author Share Posted June 16, 2010 This is the better one !!! http://www.autoitscript.com/forum/index.php?showtopic=104735 with a little modification you can build a runasloggedonUser and start programs from system as user (with user profile) ! great script from "wraithdu" My TrayToolBar Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now