CreateProcessWithLogon and managed Processes

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Sample code below:

Dim iRet As Integer
Dim si As New STARTUPINFO
Dim pi As PROCESS_INFORMATION

si.cb = Marshal.SizeOf(si)

iRet = CreateProcessWithLogonW(UserName, DomainName, Password, _
LOGON_WITH_PROFILE, Nothing, CommandLine, _
NORMAL_PRIORITY_CLASS, 0, StartIn, si, pi)

If iRet = 0 Then
Throw New System.ComponentModel.Win32Exception
Else
Try
p = Process.GetProcessById(pi.dwProcessId)
AddHandler p.Exited, AddressOf ProcessExitHandler
p.EnableRaisingEvents = True

Catch ex As ArgumentException
'Process ID no longer exists. Don't worry about it.
End Try

CloseHandle(pi.hThread)
CloseHandle(pi.hProcess)

End If

CreateProcessWithLogonW is called with credentials for an account belonging
to the Administrators group. The code above is run from a non-administrative
account. The problem is, I cannot get the managed Process class to access
any of the exit information for the process. Setting EnableRaisingEvents
generates another Win32Exception, as well as calling WaitForExit or checking
the HasExited property of the process class.

Is there any way to check the exit state of the process in this situation?
I have other code that needs to execute, but only after the process has
finished.

Thanks!
 
Hi

What is the concret win32exception do you get?

Is it similar with below?

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.ComponentModel.Win32Exception: Access is denied


If so I think it is because the user accout did not have the enough
privilegeto open the process.
In the underlying level, the Process class will try to call the OpenProcess
API so that it can monitor the Process status.

You can look into the OpenProcess API in MSDN.
Remarks
To open a handle to another another process and obtain full access rights,
you must enable the SeDebugPrivilege privilege. For more information, see
Changing Privileges in a Token.

The handle returned by the OpenProcess function can be used in any function
that requires a handle to a process, such as the wait functions, provided
the appropriate access rights were requested.

When you are finished with the handle, be sure to close it using the
CloseHandle function.

I think you may try to Impersonalte the administrator account to do the
privilege job.
319615 PRB: "Unable to Impersonate User" Error Message When You Use
http://support.microsoft.com/?id=319615

248187 How to impersonate a user from Active Server Pages
http://support.microsoft.com/?id=248187


Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
I also managed to get it to work as needed by calling the native
WaitForSingleObject using the process handle. This caused my current thread
to wait until the process had completed, then I was able to fire an event
after that call to do what I need.

Thanks for the help!
 
Back
Top