Jump to content
Sign in to follow this  
ilogic

Run in logged on User Session as System account

Recommended Posts

Hello all

I finally found a solution for the problem to run a GUI in the logged-on user session while using the system account. You'll need sysinternals psexec to run. Special thanks to Polymath for getting the user session.

#include <security.au3> ; Get OWNER from SID.
#include <array.au3>

; Set the executable to run.
$Executable = "C:\windows\system32\cmd.exe"

$tag_WTS_PROCESS_INFO= _
  "DWORD SessionId;" & _
  "DWORD ProcessId;" & _
  "PTR pProcessName;" & _
  "PTR pUserSid"

$SessionID = _ProcessListOWNER_WTS("Explorer.exe")
$return = RunWait(@ScriptDir & "\psexec.exe -s -i "&$SessionID[0]& " " & $Executable,"",@SW_HIDE)
ConsoleWrite("Username" & @TAB & "SessionID" & @TAB & "ReturnCode" & @CR)
ConsoleWrite($SessionID[1] & @TAB & @TAB & $SessionID[0] & @TAB & @TAB & $return & @CR)


;===============================================================================
; Function Name:    _ProcessListOWNER_WTS
; Description:      Get the SessionID of the current logged on user
; Parameter(s):     Processname
; Return Value(s):  On Success  An array with 0 SessionID and 1 username
;                   On Failure  0
; Author(s):        Polymath (autoit forum)
; URL               http://www.autoitscript.com/forum/topic/90572-winapi-processlistowner-wts/
;===============================================================================
Func _ProcessListOWNER_WTS($PID=0)
    Local $i, $ret, $ret1, $mem, $Session[2]
    $ret=DllCall("WTSApi32.dll", "int", "WTSEnumerateProcesses", "int", 0, "int", 0, "int", 1, "ptr*", 0, "int*", 0)
    Local $array[$ret[5]][4]
    $mem=DllStructCreate($tag_WTS_PROCESS_INFO,$ret[4])
    for $i=0 to $ret[5]-1
        $mem=DllStructCreate($tag_WTS_PROCESS_INFO, $ret[4]+($i*DllStructGetSize($mem)))
        ;if DllStructGetData($mem, "pProcessName") Then
            $string=DllStructCreate("char[256]", DllStructGetData($mem, "pProcessName"))
            $array[$i][0]=DllStructGetData($string,1)
        ;EndIf
        $array[$i][1]=DllStructGetData($mem, "ProcessId")
        $array[$i][2]=DllStructGetData($mem, "SessionId")
        ;if DllStructGetData($mem, "pUserSid") Then
            $ret1 = _Security__LookupAccountSid(DllStructGetData($mem, "pUserSid"))
            if IsArray($ret1) Then $array[$i][3]=$ret1[0]
        ;EndIf
    Next

    DllCall("WTSApi32.dll", "int", "WTSFreeMemory", "int", $ret[4])

    if $PID Then
        if IsInt($PID) Then
            for $i=0 to UBound($array, 1) - 1
                if $array[$i][1] = $PID Then
                    Return $array[$i][3]
                EndIf
            Next
        Else
            for $i=0 to UBound($array, 1) - 1
                if $array[$i][0] = $PID Then
                    $Session[0] = $array[$i][2]
                    $Session[1] = $array[$i][3]
                    Return $Session
                EndIf
            Next
        EndIf
    EndIf

    Return 0
EndFunc
;################################ END FUNC ##########################################
Edited by ilogic

Share this post


Link to post
Share on other sites

Noob question: Can l run it with PAexec?

Yes.  They have the same params.

PAExec is a freely-redistributable re-implementation of
SysInternal/Microsoft's popular PsExec program.  PAExec aims to be a drop
in replacement for PsExec, so the command-line usage is identical, with
additional options also supported.  This work was originally inspired by
Talha Tariq's RemCom.

Usage: PAExec [\\computer[,computer2[,...]] | @file][-u user [-p psswd]][-n s]
[-l][-s|-e][-x][-i [session]][-c [-f|-v] [-csrc path]][-lo path][-rlo path]
[-ods][-w directory][-d][-<priority>][-a n,n,...][-dfr][-noname]
[-to seconds] cmd [arguments]

Standard PAExec\PsExec command line options:
Edited by jdelaney

IEbyXPATH-Grab IE DOM objects by XPATH IEscriptRecord-Makings of an IE script recorder ExcelFromXML-Create Excel docs without excel installed GetAllWindowControls-Output all control data on a given window.

Share this post


Link to post
Share on other sites

does not work here:

Username SessionID ReturnCode
adminmiin 1 5
 
 
return code is 5.
Edited by legend

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...