CreateProcessAsUser - Create process with a different parent?

Question

I was reading about UAC's implementation on MSDN: http://technet.microsoft.com/en-us/magazine/2007.06.uac.aspx

Chanced upon this interesting line:

Although AIS is technically the parent of the elevated process, AIS uses new support in the CreateProcessAsUser API that sets the process’s parent process ID to that of the process that originally launched it (see Figure 13).

Here is the MSDN page for CreateProcessAsUser:

http://msdn.microsoft.com/en-us/library/windows/desktop/ms682429(v=vs.85).aspx

BOOL WINAPI CreateProcessAsUser(
  _In_opt_     HANDLE hToken,
  _In_opt_     LPCTSTR lpApplicationName,
  _Inout_opt_  LPTSTR lpCommandLine,
  _In_opt_     LPSECURITY_ATTRIBUTES lpProcessAttributes,
  _In_opt_     LPSECURITY_ATTRIBUTES lpThreadAttributes,
  _In_         BOOL bInheritHandles,
  _In_         DWORD dwCreationFlags,
  _In_opt_     LPVOID lpEnvironment,
  _In_opt_     LPCTSTR lpCurrentDirectory,
  _In_         LPSTARTUPINFO lpStartupInfo,
  _Out_        LPPROCESS_INFORMATION lpProcessInformation
);

The exert says we can create a process and set a different parent by using options in the API. I am not sure how to do this? Do I need to dig into the token?

score 4 · Accepted Answer · answered Nov 05 '14 at 02:15

This functionality is documented in the MSDN entries for the InitializeProcThreadAttributeList and UpdateProcThreadAttribute functions.

In particular see the PROC_THREAD_ATTRIBUTE_PARENT_PROCESS attribute:

The lpValue parameter is a pointer to a handle to a process to use instead of the calling process as the parent for the process being created. The process to use must have the PROCESS_CREATE_PROCESS access right.

CreateProcessAsUser - Create process with a different parent?

1 Answers1