0

I have a simple program, just an empty GUI, that is launched from a SYSTEM service (mine) in the following way:

    DWORD creationFlags = CREATE_NEW_PROCESS_GROUP | CREATE_UNICODE_ENVIRONMENT | DETACHED_PROCESS | EXTENDED_STARTUPINFO_PRESENT;

    auto returnCode = ::CreateProcessAsUser(
        *m_userToken,
        nullptr,
        LPWSTR(commandLineUtf16),
        nullptr,
        nullptr,
        FALSE, // lets not inherit any handles from the service!
        creationFlags,
        environmentBuffer,
        LPWSTR(effectiveWorkingDirectory.utf16()),
        reinterpret_cast<LPSTARTUPINFO>(&startupInfo),
        &processInformation
    );

If the program's manifest has a requestedExecutionLevel="asInvoker" all is fine. It can be started from a admin and non admin user. Otherwise, if not "asInvoker", CreateProcessAsUser(...) returns FALSE and GetLastError() is 0.

I'm totally stuck. If there's no error, why does it fail? If I run the program directly, it always works (admin, non admin, asInvoker, requireAdministrator...).

How can I find the reason of the fail?

Running on Windows 10 Enterprise Evaluation 64 bits VM, UAC full on

marco
  • 1,686
  • 1
  • 25
  • 33
  • 2
    It can also fail during process initialisation (after CreateProcess has returned) see the last para in the __Return Value__ section here: https://learn.microsoft.com/en-us/windows/desktop/api/processthreadsapi/nf-processthreadsapi-createprocessasusera – Richard Critten Jun 19 '19 at 10:07
  • @Richard exitCode = 0 – marco Jun 19 '19 at 10:15
  • @VTT I don't see where the opposite is. The title says **fails** with no error. It fails. – marco Jun 19 '19 at 10:17
  • @Richard Critten With your hint I ran all from a cmd and checked if something was written there. _"FATAL in ProcessService Test: Error calling method via RPC: Exception occurred: Could not start process as user due to an unexpected error"_. At least now I have a trace. Thanks – marco Jun 19 '19 at 10:22
  • Ah no, the exception is thrown because `CreateProcessAsUser()` returns false. So no trace, still stuck – marco Jun 19 '19 at 10:25
  • What happens if you have a asInvoker middle-man process that then does the elevation? – Anders Jun 19 '19 at 10:35
  • @Anders Didn't try that but I gave up. I used `ProcMon` to see if at least it tries to start the process but nope. I switched to `ShellExecuteEx` that is starting the process but not showing the gui. So I think that the service has no access to the desktop even thought _"Allow service to interact with the desktop"_ is enabled – marco Jun 19 '19 at 12:18
  • A system should not be manually configured to allow services to use interactive WinSta0 in Session 0. Allowing interactive services was a transitional step when Vista was released 13 years ago. Relying on that nowadays is wrong. The token should be associated with an interactive session (e.g. from `WTSQueryUserToken`) if the application needs an interactive graphical or console user interface. – Eryk Sun Jun 19 '19 at 20:16
  • That doesn't explain why `CreateProcessAsUser` would return `FALSE` without setting an error. Are you calling another function in between? Anyway, if elevation is required, and we have a UAC-limited token (`TokenElevationTypeLimited`), then we need to get the full token (`TokenElevationTypeFull`) by querying the `TokenLinkedToken` information. – Eryk Sun Jun 19 '19 at 20:18
  • @RichardCritten, it's stated that `CreateProcessAsUser` returns false. If it were a failure during process initialization, `CreateProcessAsUser` would return true. Initialization occurs in the main thread after `CreateProcess[AsUser]` resumes the thread and returns. It doesn't wait around for a signal from the child process that it initialized successfully. – Eryk Sun Jun 19 '19 at 20:25

0 Answers0