PureBasic Forums - English

Hi tatanas,

tatanas wrote:I just want to do the same as psexec.

Are you under the assumption that the Interactive Client Process script can function like PsExec, or do you understand that the code can only be used to "impersonate" a local user account, executing programs locally?

PsExec executes processes on a remote system redirecting output to the local system.

LogonUserW function

Microsoft wrote:The LogonUser function attempts to log a user on to the local computer. The local computer is the computer from which LogonUser was called. You cannot use LogonUser to log on to a remote computer.

I think this code functionned like PsExec with Windows XP but not anymore.
An interesting answer from PaExec forum :

I think the problem is every session has it's own WinStation, so the call to OpenWindowStation is getting session 0's WinStation, and granting access to that WinStation's desktop - which isn't helpful. If there was a way to get a WinStation from a specific session, then that code would help. That seems to be the sticking point, but PsExec seems to know how (of course they are inside Microsoft now so they have access to more documentation).

And another discussion here : https://github.com/hfiref0x/WinObjEx64/issues/6


EDIT : Pierre, could you test the last version of you code in session not 0 (Run directly from Purebasic) by replacing CreateProcessAsUser by CreateProcessWithLogonW like you did at the beginning ? I can't make it to work. If I replace the 2 procedures AddAceTo... by the 2 of my first post it's working.

tatanas & JHPJHP,

I did a complete rewrite of the code, starting from scratch using the original C++ program.
I tried to keep the same coding style, so it is easy to compare both sources.
The updated the beast is in my first post.
Works as intended on my side. Yours to try...

It's not working from Purebasic "Run" but it is OK when I compile it then launch it from a service in the same session as the loggon user.


Session 0
Service
|
\/
User Session X
StartInteractiveClientProcess.exe (as system)
|
|-> notepad.exe (as user with provided credentials)


Thank you Pierre.

Hi tatanas,
yes, it will work only when started from a service.

At least, for experimenting or expanding, I think this last version is more clean and robust.

Sadly, I guess it won't be enough in your context. Above posts from JHPJHP and you seems to reveal this.

About replacing CreateProcessAsUser with CreateProcessWithLogonW,
CreateProcessAsUser must be mandatory because the rights given by the use of the token handle,
nevertheless, if you feel like it, you could try the following on your network.

Define.i Advapi
Advapi = OpenLibrary(#PB_Any, "AdvApi32.dll")
Prototype PCPWLW(A, B, C, D, E, F, G, H, I, J, K)
Global CreateProcessWithLogonW.PCPWLW = GetFunction(Advapi, "CreateProcessWithLogonW")
bResult = CreateProcessWithLogonW(@"tatanas", @"MyDomain", @"password", 0,
@"c:\windows\system32\notepad.exe", #Null, #Null, #Null, #Null, @si, @pi)
;REMout CreateProcessAsUser_()