WTSGetActiveConsoleSessionId and Windows 2000

lavitz
lavitz used Ask the Experts™
on
Hi,

Iam using WTSGetActiveConsoleSessionId and other functions to get users console token and then run process in its users space. Is there similary functionality in Windows 2000?

In msdn i see that WTSGetActiveConsoleSessionId is from Windows XP and Windows Server 2003
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2012
Commented:
No, the requirements clearly state Xp as the minimum expected Windows version. If you want to execute an application in the context of the logged on user, you can use the following code, see also http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Q_25282045.html
#include <windows.h>
#include <tlhelp32.h>
#include <stdio.h>
#include <malloc.h>
#include <lmcons.h>

#pragma comment(lib,"kernel32.lib")
#pragma comment(lib,"user32.lib")
#pragma comment(lib,"advapi32.lib")

void
__cdecl
DbgReport ( char* __pszFormat, ...) {

    static char s_acBuf [ 2048];

    va_list _args;

    va_start ( _args, __pszFormat);

    vsprintf ( s_acBuf, __pszFormat, _args);

    OutputDebugStringA ( s_acBuf);

    va_end ( _args);
}

DWORD ExecuteCmd   (   LPSTR   pszCmd, BOOL bShow, HANDLE hToken)
{
    STARTUPINFO         si;
    PROCESS_INFORMATION pi;

    BOOL                bRes;

    DWORD               dwCode  =   0;

    MSG                msg;

    ZeroMemory  (   &si,    sizeof  (   STARTUPINFO));

    si.cb           =   sizeof  (   STARTUPINFO);
    si.dwFlags      =   STARTF_USESHOWWINDOW;
    si.wShowWindow  =   bShow ? SW_SHOWNORMAL : SW_HIDE;

    bRes    =   CreateProcessAsUser   (  hToken,
                                   NULL,
                                   pszCmd,
                                   NULL,
                                   NULL,
                                   TRUE,
                                   NORMAL_PRIORITY_CLASS,
                                   NULL,
                                   NULL,
                                   &si,
                                   &pi
                               );

    
    CloseHandle (   pi.hProcess);
    CloseHandle (   pi.hThread);

    return  (   0);
}


DWORD GetExplorerProcessID()
{
      HANDLE hSnapshot;
      PROCESSENTRY32 pe32;
      ZeroMemory(&pe32,sizeof(pe32));
      DWORD temp;

    hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);
      
      pe32.dwSize = sizeof(PROCESSENTRY32);

      if(Process32First(hSnapshot,&pe32))
      {
            do
            {
                  if(!strcmp(pe32.szExeFile,"explorer.exe"))
                  {
                        temp = pe32.th32ProcessID;
                        break;
                  }

            }while(Process32Next(hSnapshot,&pe32));
      }

    DbgReport("Explorer PID: %d\n", temp);

return temp;
}

BOOL EnableDebugPriv  (   BOOL    bEnable)
{
   HANDLE           hToken;
   TOKEN_PRIVILEGES tp;

   if   (   !OpenProcessToken   (   GetCurrentProcess   (),
                                    TOKEN_ADJUST_PRIVILEGES,
                                    &hToken
                                )
        )   return  (   FALSE);


   tp.PrivilegeCount    =   1;

   LookupPrivilegeValue (   NULL,
                            SE_DEBUG_NAME,
                            &tp.Privileges  [   0].Luid
                        );

   tp.Privileges    [   0].Attributes   =       bEnable
                                            ?   SE_PRIVILEGE_ENABLED
                                            :   0;

   AdjustTokenPrivileges    (   hToken,
                                FALSE,
                                &tp,
                                sizeof  (   tp),
                                NULL,
                                NULL
                            );

   return   (   GetLastError()  ==   ERROR_SUCCESS);
}

void GetSidUser(PSID psid,char*pName, DWORD dwNameSize) {

    char                    acReferencedDomain  [   LM20_DNLEN  +   1];
    DWORD                   dwDomainBufSize     =   sizeof  (   acReferencedDomain);
    SID_NAME_USE            eUse;

               //  lookup clear text name of the owner
                if  (   !LookupAccountSid   (   NULL,
                                                psid,
                                                pName,
                                                &dwNameSize,
                                                acReferencedDomain,
                                                &dwDomainBufSize,
                                                &eUse
                                            )
                    )
                    {
                        DWORD dwErr   =   GetLastError    ();

                        DbgReport("LookupAccountSid() failed: %d\n", dwErr);

                    } else DbgReport("SID represents %s\\%s\n", acReferencedDomain, pName);
}

void ImpersonateInteractiveUser(LPSTR pCmd, BOOL bShow)
{
   HANDLE hToken = NULL;                
   HANDLE hProcess = NULL;
   char                    acName  [   LM20_DNLEN  +   1];
   DWORD                   dwNameSize     =   sizeof  (   acName);

   DWORD processID = GetExplorerProcessID();
   if( processID)
    {
    hProcess =
         OpenProcess(  
               PROCESS_ALL_ACCESS,
         TRUE,
          processID );

    if( hProcess)
        {
        if( OpenProcessToken(
                    hProcess,
             TOKEN_ALL_ACCESS,
             &hToken))
        {
         TOKEN_USER* ptu;
         DWORD dw;
         GetTokenInformation(hToken,TokenUser,NULL,0,&dw);
         ptu = (TOKEN_USER*) _alloca(dw);

         if (!GetTokenInformation(hToken,TokenUser,ptu,dw,&dw)) DbgReport("GetTokenInformation() failed, reason: %d\n", GetLastError());
         GetSidUser(ptu->User.Sid,acName,dwNameSize);

         if (!ImpersonateLoggedOnUser( hToken)) DbgReport("ImpersonateLoggedOnUser() failed, reason: %d\n", GetLastError());

         DbgReport("Launching command: %s as \'%s\'\n", pCmd, acName);
         ExecuteCmd(pCmd,bShow,hToken);

          CloseHandle( hToken );
        } else DbgReport("OpenProcessToken() failed, reason: %d\n", GetLastError());
        CloseHandle( hProcess );
    } else DbgReport("OpenProcess() failed, reason: %d\n", GetLastError());
   } 
}


int main (int argc, char** argv) {

  if (2 > argc) return -1;

  EnableDebugPriv(TRUE);

  BOOL bShow = TRUE;

  if (argc == 3) bShow = strcmp(argv[2],"/HIDE");

  ImpersonateInteractiveUser(argv[1], bShow);

  return 0;

}

Open in new window

On Windows 2000 Workstation you do not need this function because the process is running always on the console session (Session 0).

BTW: The code above has some errors regarding correct error checking...it does not fail on them (just logging).
On Windows 2000 Server the console session is always Session 0.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial