Sign in to follow this  
Followers 0
ilogic

Run in logged on User Session as System account

6 posts in this topic

#1 ·  Posted (edited)

Hello all

I finally found a solution for the problem to run a GUI in the logged-on user session while using the system account. You'll need sysinternals psexec to run. Special thanks to Polymath for getting the user session.

#include <security.au3> ; Get OWNER from SID.
#include <array.au3>

; Set the executable to run.
$Executable = "C:\windows\system32\cmd.exe"

$tag_WTS_PROCESS_INFO= _
  "DWORD SessionId;" & _
  "DWORD ProcessId;" & _
  "PTR pProcessName;" & _
  "PTR pUserSid"

$SessionID = _ProcessListOWNER_WTS("Explorer.exe")
$return = RunWait(@ScriptDir & "\psexec.exe -s -i "&$SessionID[0]& " " & $Executable,"",@SW_HIDE)
ConsoleWrite("Username" & @TAB & "SessionID" & @TAB & "ReturnCode" & @CR)
ConsoleWrite($SessionID[1] & @TAB & @TAB & $SessionID[0] & @TAB & @TAB & $return & @CR)


;===============================================================================
; Function Name:    _ProcessListOWNER_WTS
; Description:      Get the SessionID of the current logged on user
; Parameter(s):     Processname
; Return Value(s):  On Success  An array with 0 SessionID and 1 username
;                   On Failure  0
; Author(s):        Polymath (autoit forum)
; URL               http://www.autoitscript.com/forum/topic/90572-winapi-processlistowner-wts/
;===============================================================================
Func _ProcessListOWNER_WTS($PID=0)
    Local $i, $ret, $ret1, $mem, $Session[2]
    $ret=DllCall("WTSApi32.dll", "int", "WTSEnumerateProcesses", "int", 0, "int", 0, "int", 1, "ptr*", 0, "int*", 0)
    Local $array[$ret[5]][4]
    $mem=DllStructCreate($tag_WTS_PROCESS_INFO,$ret[4])
    for $i=0 to $ret[5]-1
        $mem=DllStructCreate($tag_WTS_PROCESS_INFO, $ret[4]+($i*DllStructGetSize($mem)))
        ;if DllStructGetData($mem, "pProcessName") Then
            $string=DllStructCreate("char[256]", DllStructGetData($mem, "pProcessName"))
            $array[$i][0]=DllStructGetData($string,1)
        ;EndIf
        $array[$i][1]=DllStructGetData($mem, "ProcessId")
        $array[$i][2]=DllStructGetData($mem, "SessionId")
        ;if DllStructGetData($mem, "pUserSid") Then
            $ret1 = _Security__LookupAccountSid(DllStructGetData($mem, "pUserSid"))
            if IsArray($ret1) Then $array[$i][3]=$ret1[0]
        ;EndIf
    Next

    DllCall("WTSApi32.dll", "int", "WTSFreeMemory", "int", $ret[4])

    if $PID Then
        if IsInt($PID) Then
            for $i=0 to UBound($array, 1) - 1
                if $array[$i][1] = $PID Then
                    Return $array[$i][3]
                EndIf
            Next
        Else
            for $i=0 to UBound($array, 1) - 1
                if $array[$i][0] = $PID Then
                    $Session[0] = $array[$i][2]
                    $Session[1] = $array[$i][3]
                    Return $Session
                EndIf
            Next
        EndIf
    EndIf

    Return 0
EndFunc
;################################ END FUNC ##########################################
Edited by ilogic

Share this post


Link to post
Share on other sites



Noob question: Can l run it with PAexec?

Share this post


Link to post
Share on other sites

also >this other post may be of interest


small minds discuss people average minds discuss events great minds discuss ideas.... and use AutoIt....

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Noob question: Can l run it with PAexec?

Yes.  They have the same params.

PAExec is a freely-redistributable re-implementation of
SysInternal/Microsoft's popular PsExec program.  PAExec aims to be a drop
in replacement for PsExec, so the command-line usage is identical, with
additional options also supported.  This work was originally inspired by
Talha Tariq's RemCom.

Usage: PAExec [\\computer[,computer2[,...]] | @file][-u user [-p psswd]][-n s]
[-l][-s|-e][-x][-i [session]][-c [-f|-v] [-csrc path]][-lo path][-rlo path]
[-ods][-w directory][-d][-<priority>][-a n,n,...][-dfr][-noname]
[-to seconds] cmd [arguments]

Standard PAExec\PsExec command line options:
Edited by jdelaney

IEbyXPATH-Grab IE DOM objects by XPATH IEscriptRecord-Makings of an IE script recorder ExcelFromXML-Create Excel docs without excel installed GetAllWindowControls-Output all control data on a given window.

Share this post


Link to post
Share on other sites

Very nice && thanks!


[size="5"] [/size]

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

does not work here:

Username SessionID ReturnCode
adminmiin 1 5
 
 
return code is 5.
Edited by legend

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0