Borwinius Wissensdatenbank

Navigation

CreateProcessAsUser

createProcessAsUser
// programm zum ausführen von Programmen als admin und auswerten des returncodes / rb 2009
#include <windows.h>
#include <stdio.h>
#include <string.h>
#include <wchar.h>
#include <tchar.h>
 
#define Buffers	0x200
#define LOGON_WITH_PROFILE	0x00000001
 
typedef BOOL (WINAPI *CREATEPROCESSWITHLOGONWD)(LPCWSTR lpUsername,
					LPCWSTR lpDomain,LPCWSTR lpPassword,DWORD dwLogonFlags,
					LPCWSTR lpApplicationName,LPWSTR lpCommandLine,
					DWORD dwCreationFlags,LPVOID lpEnvironment,
					LPCWSTR lpCurrentDirectory,LPSTARTUPINFOW lpStartupInfo,
					LPPROCESS_INFORMATION lpProcessInformation);
 
CREATEPROCESSWITHLOGONWD CreateProcessWithLogonWD = NULL;
 
//----------------------------------------------------------
int createProc(char* prog)
{	
	WCHAR cmd[Buffers];
	WCHAR user[Buffers];
	WCHAR domain[Buffers];
	WCHAR pass[Buffers];
	STARTUPINFOW	si;
	PROCESS_INFORMATION pi;
	HMODULE hADVAPI32;
 
	hADVAPI32 = LoadLibrary("ADVAPI32.DLL");
	if(hADVAPI32 < (HINSTANCE)HINSTANCE_ERROR)
		return(-3);
	CreateProcessWithLogonWD = (CREATEPROCESSWITHLOGONWD)
		GetProcAddress(hADVAPI32,"CreateProcessWithLogonW");
	if ( CreateProcessWithLogonWD == NULL )
		return(-2);
 
	char host[128],ch1[16],ch2[16],ch3[16],ch4[16],ch5[128];
	DWORD dwExitcode;
	strcpy(host,"DomainOrHostname");
	strcpy(ch2,"administrator");
        strcpy(ch3,"geheim"); // wird nicht verschlüsselt!
 
	MultiByteToWideChar(CP_ACP,MB_PRECOMPOSED,ch2,-1,user,sizeof user);
	MultiByteToWideChar(CP_ACP,MB_PRECOMPOSED,host,-1,domain,sizeof domain);//lokaler Rechner?
	MultiByteToWideChar(CP_ACP,MB_PRECOMPOSED,prog,-1,cmd,sizeof cmd);
	MultiByteToWideChar(CP_ACP,MB_PRECOMPOSED,ch3,-1,pass,sizeof pass);
 
 
	si.cb		= sizeof(si);
	si.lpReserved	= NULL;
	si.lpDesktop	= NULL;
	si.lpTitle	= L"Updates installieren"; // NULL;
	//si.dwFlags	= 0;
	si.dwFlags      = STARTF_USESHOWWINDOW ; //rb
	si.wShowWindow  = SW_SHOW; //HIDE; // rb
	si.cbReserved2	= 0;
	si.lpReserved2	= NULL;
 
	if ( CreateProcessWithLogonWD(user,domain,pass,LOGON_WITH_PROFILE,NULL,cmd,
			CREATE_DEFAULT_ERROR_MODE  | CREATE_NEW_CONSOLE |
			CREATE_NEW_PROCESS_GROUP  | CREATE_SEPARATE_WOW_VDM,
			NULL,NULL,&si,&pi) == FALSE ){
		printf("Fehler : %d \n",GetLastError());
		return(-1);
	}
		//printf("%d\n",pi.dwProcessId);
		strcpy(ch2,"\0");strcpy(ch3,"\0");
		WaitForSingleObject(pi.hProcess, INFINITE); // warte auf Rückkehr...
		GetExitCodeProcess(pi.hProcess,  &dwExitcode);
		//printf("%d\n",dwExitcode);
 
	return dwExitcode;
 
}
//---------------------------------------------------------------------------
int main(int argc, char* argv[])
{
	int ret;
 
	ret = createProc("wuauclt /detectnow");
 
	return ret;
}
//---------------------------------------------------------------------------