I'm trying to launch powershell /cmd as 'LocalService' from 'LocalSystem' context in order to use lower privileges in the called script. I'm calling the P/Invoke in the following order:
LogonUser()
// logon of 'LocalService' - success
CreateEnvironmentBlock()
// success
DuplicateTokenEx()
// in order to create PrimaryToken
CreateProcessWithTokenW()
// create the ps / cmd
CreateProcessWithTokenW() C# code :
PROCESS_INFORMATION pi = new PROCESS_INFORMATION { };
STARTUPINFO st = new STARTUPINFO();
st.cb = (uint)Marshal.SizeOf(st);
st.wShowWindow = 0;
st.lpDesktop = ""; // creates automatically
const int CREATE_UNICODE_ENVIRONMENT = 0x00000400;
const int CREATE_NO_WINDOW = 0x08000000;
const UInt32 FLAGS = (CREATE_NO_WINDOW |CREATE_UNICODE_ENVIRONMENT) ;
const int LOGON_WITH_PROFILE = 0x00000001;
CreateProcessWithTokenW(token, LOGON_WITH_PROFILE ,path, args,FLAGS, IntPtr.Zero, null, ref st, out pi)
This code return success on process creation but throws this error:
Does anyone encountered this error ? I have also tried using CreateProcessAsUser() but it also returns success, launches the process but the process immediately closes(possible crash).
User contributions licensed under CC BY-SA 3.0