1

I'm currently using this code to restore a minimized window, and it works perfectly when I try to restore a window that runs under my own user account.

ShowWindow(wHandle, SW_RESTORE);

The problem arises when I try to restore a window that runs under the SYSTEM account. I found out that ShowWindow() always returns a false value to me. Also, in my manifest, I have tried setting it to both "Requires Administrator" and "As Invoker", but it still yields the same result.

Is there another function that works similarly to ShowWindow() and is able to restore a window that is running under the SYSTEM account?

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
  • 1
    You may have to [ChangeWindowMessageFilterEx](https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-changewindowmessagefilterex), though running a GUI application under the local SYSTEM account on random users' desktops is probably the real problem you need to solve. There doesn't seem to be a convincing reason to do this. What problem is that trying to solve? – IInspectable Dec 04 '20 at 09:19
  • I'm actually writing a program to help me call an external application and if the application is already running, I would like to restore the window and bring it forward. But the problem that I'm facing is that the external application tend to run on SYSTEM instead on my own username. –  Dec 04 '20 at 09:52
  • 1
    Run your application under system account and it will work. Probably the way to design such a solution is to write a Windows service running under the system account and write a front end GUI application sending commands to the service. – fpiette Dec 04 '20 at 09:55
  • @IInspectable only the process that created the target window can call `ChangeWindowMessageFilter/Ex()` for itself. You can't call that for someone else's window. "*running a GUI application under the local SYSTEM account on random users' desktops is probably the real problem you need to solve*" - agreed. – Remy Lebeau Dec 04 '20 at 17:04
  • Low privilege processes are blocked from various interactions with high privilege processes for security reasons. – Brian Dec 04 '20 at 18:26
  • @fpiette okay, I'll try it out. Thank you for the guidance –  Dec 07 '20 at 00:49

1 Answers1

1

You can create a thread with "local system" privileges in the user application. Then execute your ShowWindow in the thread.

Some steps:

  1. Program sends session ID to service
  2. Service calls OpenProcessToken and DuplicateTokenEx to create a Local System token
  3. Service calls SetTokenInformation to change the token session ID to match the program's
  4. Service calls DuplicateHandle to create handle to the token
  5. Service sends handle to program
  6. Program calls SetThreadToken using the received handle

Refer: Run process as Local System

For the @fpiette's comment, Interacting with a User from a Service Indirectly shows more details.

Strive Sun
  • 5,988
  • 1
  • 9
  • 26