Develop Reference

Why FindNextFile is not working in my C# code?

The code is not working for me. I am using Visual Studio 2008 and .NET 3.5. I am not getting file name. The return value from FindNextFile is null. The reason not to use Directory.GetFiles() is that i want to traverse file one by one. For Directory.GetFiles(), i am gettign all the files in array at a time
struct WIN32_FIND_DATA
{
public uint dwFileAttributes;
public System.Runtime.InteropServices.ComTypes.FILETIME ftCreationTime;
public System.Runtime.InteropServices.ComTypes.FILETIME ftLastAccessTime;
public System.Runtime.InteropServices.ComTypes.FILETIME ftLastWriteTime;
public uint nFileSizeHigh;
public uint nFileSizeLow;
public uint dwReserved0;
public uint dwReserved1;
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)]
public string cFileName;
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 14)]
public string cAlternateFileName;
}
class Program
{
[DllImport("kernel32", CharSet = CharSet.Auto)]
public static extern IntPtr FindFirstFile(string lpFileName, out WIN32_FIND_DATA lpFindFileData);
[DllImport("kernel32", CharSet = CharSet.Auto)]
public static extern bool FindNextFile(IntPtr hFindFile, out WIN32_FIND_DATA lpFindFileData);
[DllImport("kernel32", CharSet = CharSet.Auto)]
public static extern bool FindClose(IntPtr hFindFile);
static void Main(string[] args)
{
StreamWriter sw = new StreamWriter("dir.txt", false);
string dir = Path.GetFullPath(System.IO.Directory.GetCurrentDirectory());
WIN32_FIND_DATA wfd = new WIN32_FIND_DATA();
IntPtr h = FindFirstFile((dir + #"\*.*"), out wfd);
while (FindNextFile(h, out wfd))
sw.WriteLine(wfd.cFileName);
FindClose(h);
sw.Flush();
sw.Close();
}
}

Many Windows APIs support two string types: ANSI (8-bit characters) and Wide (16-bit characters). The problem here seems to be that you are calling the wide version of the APIs but interpreting the results as ANSI.
You can fix this by marking the WIN32_FIND_DATA struct as unicode (or auto). CharSet.Auto and CharSet.Unicode seem to do the same thing here.
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Auto)]
struct WIN32_FIND_DATA {
UPDATE
Try adding an [Out] attribute to the imports as suggested by Hans Passant.
[DllImport("kernel32", CharSet = CharSet.Auto)]
public static extern IntPtr FindFirstFile(string lpFileName, [Out] out WIN32_FIND_DATA lpFindFileData);
[DllImport("kernel32", CharSet = CharSet.Auto)]
public static extern bool FindNextFile(IntPtr hFindFile, [Out] out WIN32_FIND_DATA lpFindFileData);

Can't read privileges from process access token

I'm trying to get the list of groups and privileges in a process access token and some info about them (name, flags and description).
To do this I'm using the GetTokenInfomation function and the TOKEN_GROUPS_AND_PRIVILEGES structure.
These are the structure definitions:
TOKEN_GROUPS_AND_PRIVILEGES
[StructLayout(LayoutKind.Sequential)]
public struct TOKEN_GROUPS_AND_PRIVILEGES
{
public uint SidCount;
public uint SidLength;
public IntPtr Sids;
public uint RestrictedSidCount;
public uint RestrictedSidLength;
public IntPtr RestrictedSids;
public uint PrivilegeCount;
public uint PrivilegeLength;
public IntPtr Privileges;
public LUID AuthenticationID;
}
LUID_AND_ATTRIBUTES
[StructLayout(LayoutKind.Sequential)]
public struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public uint Attributes;
}
LUID
[StructLayout(LayoutKind.Sequential)]
public struct LUID
{
public uint LowPart;
public int HighPart;
}
I can read the groups SIDs and get info on them fine but when I try to read the privileges I always get an Access violation.
This is the code that I use to read the privileges:
for (int i = 0; i < GroupsAndPrivilegesInfo.PrivilegeCount; i++)
{
Privilege = (Win32Structures.LUID_AND_ATTRIBUTES)Marshal.PtrToStructure(GroupsAndPrivilegesInfo.Privileges, typeof(Win32Structures.LUID_AND_ATTRIBUTES));
PrivilegeName = GetPrivilegeName(Privilege.Luid) ?? "Non disponibile";
PrivilegeStatus = GetPrivilegeFlags((Win32Enumerations.PrivilegeLUIDAttribute)Privilege.Attributes) ?? "Non disponibile";
PrivilegeDescription = GetPrivilegeDescription(PrivilegeName) ?? "Non disponibile";
Privileges.Add(new TokenPrivilegeInfo(PrivilegeName, PrivilegeStatus, PrivilegeDescription));
GroupsAndPrivilegesInfo.Privileges += Marshal.SizeOf(typeof(Win32Structures.LUID_AND_ATTRIBUTES));
}
The exception occurs when calling the GetPrivilegeName method which uses the function LookupPrivilegeNameW defined as follows:
[DllImport("Advapi32.dll", EntryPoint = "LookupPrivilegeNameW", CharSet = CharSet.Unicode, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool LookupPrivilegeName(string SystemName, Win32Structures.LUID LUID, StringBuilder PrivilegeName, ref uint NameLength);
I tried different methods to read the data such as:
Manually calculating the offset to the privileges array element from the start of the structure
Declare the privileges field as an array and set a SizeConst to an obviously oversized value
Even those methods threw an Access violation exception.
I don't undestand what is the problem given that I use the same code to read the SIDs and it works normally.

First, The second parameter of LookupPrivilegeNameW is A pointer to a LUID. You need to declare it as a reference type like ref Win32Structures.LUID LUID.
And then the TOKEN_GROUPS_AND_PRIVILEGES.Privileges is an array of the privileges.
Your code does not retrieve all Privileges, but repeatedly reads the first Privilege every time.
Here is the working sample:
namespace ConsoleApp2
{
class Program
{
[StructLayout(LayoutKind.Sequential)]
public struct TOKEN_GROUPS_AND_PRIVILEGES
{
public uint SidCount;
public uint SidLength;
public IntPtr Sids;
public uint RestrictedSidCount;
public uint RestrictedSidLength;
public IntPtr RestrictedSids;
public uint PrivilegeCount;
public uint PrivilegeLength;
public IntPtr Privileges;
public LUID AuthenticationID;
}
[StructLayout(LayoutKind.Sequential)]
public struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public uint Attributes;
}
[StructLayout(LayoutKind.Sequential)]
public struct LUID
{
public uint LowPart;
public int HighPart;
}
public enum TOKEN_INFORMATION_CLASS
{
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics,
TokenRestrictedSids,
TokenSessionId,
TokenGroupsAndPrivileges,
TokenSessionReference,
TokenSandBoxInert,
TokenAuditPolicy,
TokenOrigin
}
[DllImport("Advapi32.dll", EntryPoint = "LookupPrivilegeNameW", CharSet = CharSet.Unicode, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool LookupPrivilegeName(string SystemName, ref LUID LUID, StringBuilder PrivilegeName, ref uint NameLength);
[DllImport("advapi32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool OpenProcessToken(IntPtr ProcessHandle,
UInt32 DesiredAccess, out IntPtr TokenHandle);
[DllImport("kernel32.dll")]
public static extern IntPtr GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool GetTokenInformation(IntPtr TokenHandle,
TOKEN_INFORMATION_CLASS TokenInformationClass,
IntPtr TokenInformation,
Int32 TokenInformationLength,
out Int32 ReturnLength);
public static UInt32 TOKEN_QUERY = 0x0008;
static void Main(string[] args)
{
bool ret = false;
IntPtr token;
ret = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, out token);
Int32 ReturnLength;
ret = GetTokenInformation(token, TOKEN_INFORMATION_CLASS.TokenGroupsAndPrivileges, IntPtr.Zero, 0, out ReturnLength);
IntPtr pGroupsAndPrivilegesInfo = Marshal.AllocHGlobal(ReturnLength);
ret = GetTokenInformation(token, TOKEN_INFORMATION_CLASS.TokenGroupsAndPrivileges, pGroupsAndPrivilegesInfo, ReturnLength, out ReturnLength);
TOKEN_GROUPS_AND_PRIVILEGES GroupsAndPrivilegesInfo = (TOKEN_GROUPS_AND_PRIVILEGES)Marshal.PtrToStructure(pGroupsAndPrivilegesInfo, typeof(TOKEN_GROUPS_AND_PRIVILEGES));
for (int i = 0; i < GroupsAndPrivilegesInfo.PrivilegeCount; i++)
{
//IntPtr ptr = GroupsAndPrivilegesInfo.Privileges + i * Marshal.SizeOf(typeof(LUID_AND_ATTRIBUTES));
LUID_AND_ATTRIBUTES Privilege = (LUID_AND_ATTRIBUTES)Marshal.PtrToStructure(GroupsAndPrivilegesInfo.Privileges + i * Marshal.SizeOf(typeof(LUID_AND_ATTRIBUTES)), typeof(LUID_AND_ATTRIBUTES));
StringBuilder name = new StringBuilder(50);
uint cchName = 50;
ret = LookupPrivilegeName(null, ref Privilege.Luid, name, ref cchName);
Console.WriteLine(name);
}
Marshal.FreeHGlobal(pGroupsAndPrivilegesInfo);
}
}
}

Getting byte[] from GetClipboardData native method

I'm trying to get the Clipboard data using this native method with C#/.NET. The problem is I'm mangling the data. Here's my code:
IntPtr pointer = GetClipboardData(dataformat);
int size = Marshal.SizeOf(pointer);
byte[] buff = new byte[size];
Marshal.Copy(data, buff, 0, size);
Here's the pinvoke I'm using for the GetClipboardData method:
[DllImport("user32.dll")]
private static extern IntPtr GetClipboardData(uint uFormat);
Can anyone tell me where I'm going wrong?

If you want to get byte array from clipboard, which represents unicode text for example, the code will be something like this:
using System;
using System.Runtime.InteropServices;
using System.Text;
public class ClipboardHelper
{
#region Win32
[DllImport("User32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool IsClipboardFormatAvailable(uint format);
[DllImport("User32.dll", SetLastError = true)]
private static extern IntPtr GetClipboardData(uint uFormat);
[DllImport("User32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool OpenClipboard(IntPtr hWndNewOwner);
[DllImport("User32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CloseClipboard();
[DllImport("Kernel32.dll", SetLastError = true)]
private static extern IntPtr GlobalLock(IntPtr hMem);
[DllImport("Kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool GlobalUnlock(IntPtr hMem);
[DllImport("Kernel32.dll", SetLastError = true)]
private static extern int GlobalSize(IntPtr hMem);
private const uint CF_UNICODETEXT = 13U;
#endregion
public static string GetText()
{
if (!IsClipboardFormatAvailable(CF_UNICODETEXT))
return null;
try
{
if (!OpenClipboard(IntPtr.Zero))
return null;
IntPtr handle = GetClipboardData(CF_UNICODETEXT);
if (handle == IntPtr.Zero)
return null;
IntPtr pointer = IntPtr.Zero;
try
{
pointer = GlobalLock(handle);
if (pointer == IntPtr.Zero)
return null;
int size = GlobalSize(handle);
byte[] buff = new byte[size];
Marshal.Copy(pointer, buff, 0, size);
return Encoding.Unicode.GetString(buff).TrimEnd('\0');
}
finally
{
if (pointer != IntPtr.Zero)
GlobalUnlock(handle);
}
}
finally
{
CloseClipboard();
}
}
}

GDI Write Bitmap to File in C#

I'm trying to Capture an Image from a window given the Handle/DC. I want to capture the Image with all the transparency and pixels so I decided I'd use GDI/GDI+.
The below code is what I have, but when it "writes" the bitmap, it writes it wrong :S In other words, the file is unreadable. It is blank. Yet it is 20kb in size :S
Any ideas what is wrong?
Imports.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
namespace Imaging
{
static class Imports
{
public enum ObjectType : uint
{
OBJ_PEN = 1,
OBJ_BRUSH = 2,
OBJ_DC = 3,
OBJ_METADC = 4,
OBJ_PAL = 5,
OBJ_FONT = 6,
OBJ_BITMAP = 7,
OBJ_REGION = 8,
OBJ_METAFILE = 9,
OBJ_MEMDC = 10,
OBJ_EXTPEN = 11,
OBJ_ENHMETADC = 12,
OBJ_ENHMETAFILE = 13
}
public enum TernaryRasterOperations : uint
{
SRCCOPY = 0x00CC0020,
SRCPAINT = 0x00EE0086,
SRCAND = 0x008800C6,
SRCINVERT = 0x00660046,
SRCERASE = 0x00440328,
NOTSRCCOPY = 0x00330008,
NOTSRCERASE = 0x001100A6,
MERGECOPY = 0x00C000CA,
MERGEPAINT = 0x00BB0226,
PATCOPY = 0x00F00021,
PATPAINT = 0x00FB0A09,
PATINVERT = 0x005A0049,
DSTINVERT = 0x00550009,
BLACKNESS = 0x00000042,
WHITENESS = 0x00FF0062,
CAPTUREBLT = 0x40000000
}
[StructLayout(LayoutKind.Sequential)]
public struct Rect
{
public int Left, Top, Right, Bottom;
}
[StructLayout(LayoutKind.Sequential, Pack = 1)]
public struct BITMAPFILEHEADER
{
public ushort bfType;
public uint bfSize;
public ushort bfReserved1;
public ushort bfReserved2;
public uint bfOffBits;
}
[StructLayout(LayoutKind.Sequential)]
public struct BITMAPINFOHEADER
{
public uint biSize;
public int biWidth;
public int biHeight;
public ushort biPlanes;
public ushort biBitCount;
public uint biCompression;
public uint biSizeImage;
public int biXPelsPerMeter;
public int biYPelsPerMeter;
public uint biClrUsed;
public uint biClrImportant;
public void Init()
{
biSize = (uint)Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct BITMAPINFO
{
public uint biSize;
public int biWidth;
public int biHeight;
public ushort biPlanes;
public ushort biBitCount;
public uint biCompression;
public uint biSizeImage;
public int biXPelsPerMeter;
public int biYPelsPerMeter;
public uint biClrUsed;
public uint biClrImportant;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 256)]
public uint[] cols;
}
[StructLayout(LayoutKind.Sequential)]
public struct BITMAP
{
public int bmType;
public int bmWidth;
public int bmHeight;
public int bmWidthBytes;
public ushort bmPlanes;
public ushort bmBitsPixel;
public IntPtr bmBits;
};
[DllImport("user32.dll", SetLastError = true)]
public static extern IntPtr FindWindow(string lpClassName, string lpWindowName);
[DllImport("user32.dll", SetLastError = true)]
public static extern IntPtr FindWindowEx(IntPtr hwndParent, IntPtr hwndChildAfter, string lpszClass, string lpszWindow);
[DllImport("user32.dll")]
public static extern IntPtr GetDC(IntPtr WindowHandle);
[DllImport("user32.dll")]
public static extern void ReleaseDC(IntPtr WindowHandle, IntPtr DC);
[DllImport("user32.dll")]
public static extern IntPtr GetWindowRect(IntPtr WindowHandle, ref Rect rect);
[DllImport("user32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool PrintWindow(IntPtr hwnd, IntPtr DC, uint nFlags);
[DllImport("user32.dll")]
public static extern int SetForegroundWindow(IntPtr hWnd);
[DllImport("user32.dll")]
public static extern IntPtr ShowWindow(IntPtr hWnd, int nCmdShow);
[DllImport("user32.dll")]
public static extern int GetWindowRgn(IntPtr hWnd, IntPtr hRgn);
[DllImport("gdi32.dll")]
public static extern IntPtr GetCurrentObject(IntPtr DC, ObjectType uObjectType);
[DllImport("gdi32.dll")]
public static extern int GetObject(IntPtr hObject, int nCount, ref BITMAP lpObject);
[DllImport("gdi32.dll", SetLastError = true)]
public static extern IntPtr CreateCompatibleDC(IntPtr DC);
[DllImport("gdi32.dll", ExactSpelling = true, SetLastError = true)]
public static extern bool DeleteDC(IntPtr DC);
[DllImport("gdi32.dll")]
public static extern IntPtr CreateCompatibleBitmap(IntPtr DC, int nWidth, int nHeight);
[DllImport("gdi32.dll", ExactSpelling = true, PreserveSig = true, SetLastError = true)]
public static extern IntPtr SelectObject(IntPtr DC, IntPtr hgdiobj);
[DllImport("gdi32.dll")]
public static extern bool DeleteObject(IntPtr hObject);
[DllImport("gdi32.dll")]
public static extern IntPtr CreateRectRgn(int nLeftRect, int nTopRect, int nRightRect, int nBottomRect);
[DllImport("gdi32.dll")]
static extern bool FillRgn(IntPtr DC, IntPtr hrgn, IntPtr hbr);
[DllImport("gdi32.dll")]
public static extern IntPtr CreateSolidBrush(uint crColor);
[DllImport("gdi32.dll")]
public static extern int GetDIBits(IntPtr DC, IntPtr hbmp, uint uStartScan, uint cScanLines, [Out] byte[] lpvBits, ref BITMAPINFO lpbmi, uint uUsage);
[DllImport("gdi32.dll")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool BitBlt(IntPtr DC, int nXDest, int nYDest, int nWidth, int nHeight, IntPtr SrcDC, int nXSrc, int nYSrc, TernaryRasterOperations dwRop);
}
}
My PBitmap class:
using System;
using System.Collections.Generic;
using System.Drawing;
using System.Drawing.Imaging;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Windows.Forms;
namespace Imaging
{
class PBitmap
{
private Bitmap Img = null;
private Imports.BITMAPINFO Info;
private Imports.BITMAPFILEHEADER bFileHeader;
public PBitmap(IntPtr Window, int X, int Y, uint BitsPerPixel = 24)
{
IntPtr DC = Imports.GetDC(Window);
Imports.BITMAP Bmp = new Imports.BITMAP();
IntPtr hBmp = Imports.GetCurrentObject(DC, Imports.ObjectType.OBJ_BITMAP);
if (Imports.GetObject(hBmp, Marshal.SizeOf(Bmp), ref Bmp) == 0)
throw new Exception("ERROR_INVALID_WINDOW_HANDLE.");
Imports.Rect BMBox = new Imports.Rect();
Imports.GetWindowRect(Window, ref BMBox); //GetClientRect
int width = BMBox.Right - BMBox.Left;
int height = BMBox.Bottom - BMBox.Top;
IntPtr MemDC = Imports.GetDC(IntPtr.Zero);
IntPtr SDC = Imports.CreateCompatibleDC(MemDC);
IntPtr hSBmp = Imports.CreateCompatibleBitmap(MemDC, width, height);
Imports.DeleteObject(Imports.SelectObject(SDC, hSBmp));
Imports.BitBlt(SDC, 0, 0, width, height, DC, X, Y, Imports.TernaryRasterOperations.SRCCOPY);
long size = ((width * BitsPerPixel + 31) / 32) * 4 * height;
Info = new Imports.BITMAPINFO();
bFileHeader = new Imports.BITMAPFILEHEADER();
Info.biSize = (uint)Marshal.SizeOf(Info);
Info.biWidth = width;
Info.biHeight = height;
Info.biPlanes = 1;
Info.biBitCount = (ushort)BitsPerPixel;
Info.biCompression = 0;
Info.biSizeImage = (uint)size;
bFileHeader.bfType = 0x4D42;
bFileHeader.bfOffBits = (uint)(Marshal.SizeOf(bFileHeader) + Marshal.SizeOf(Info));
bFileHeader.bfSize = (uint)(bFileHeader.bfOffBits + size);
byte[] ImageData = new byte[size];
Imports.GetDIBits(SDC, hSBmp, 0, (uint)height, ImageData, ref Info, 0);
var bw = new BinaryWriter(File.Open("C:/Users/*******/Desktop/Foo.bmp", FileMode.OpenOrCreate));
bw.Write((short)0x4D42);
bw.Write((uint)(bFileHeader.bfOffBits + size));
bw.Write((uint)0);
bw.Write((uint)54);
bw.Write((uint)Info.biSize);
bw.Write(width);
bw.Write(height);
bw.Write((short)Info.biPlanes);
bw.Write(BitsPerPixel);
bw.Write((uint)0);
bw.Write((uint)size);
bw.Write((uint)0);
bw.Write((uint)0);
bw.Write((uint)0);
bw.Write((uint)0);
bw.Write(ImageData);
bw.Flush();
bw.Close();
bw.Dispose();
Imports.DeleteDC(SDC);
Imports.DeleteObject(hSBmp);
Imports.ReleaseDC(IntPtr.Zero, MemDC);
Imports.ReleaseDC(Window, DC);
}
}
}

If you're looking for a quick band-aid fix to get this done (it just needs to work, not used often, etc) consider just loading the image back into .NET and re-saving it with PNG compression enabled. The .NET framework will handle this for you and the file size will be a lot more optimal. Of course, if this is for a real-time application this isn't ideal.

How can I manipulate token privileges in .Net?

I'd like to use C# to determine which privileges are assigned to my process/thread token, and adjust them as necessary. For example, in order for my program to restart the computer, it must first enable the SeShutdownPrivilege privilege.
How can that be done safely from managed code?

This turns out to be non-trivial because there's no built-in mechanism for it. Not only is P/Invoke required, but you must code carefully to make sure that you don't "leak" privileges by enabling them and then not disabling them soon enough (though not an issue if you're restarting the computer).
For a complete code sample with description, read the MSDN magazine article from March 2005 "Manipulate Privileges in Managed Code Reliably, Securely, and Efficiently" by Mark Novak.
Here's the P/Invoke declarations:
using System;
using System.Runtime.InteropServices;
using System.Runtime.ConstrainedExecution;
namespace PrivilegeClass
{
[Flags]
internal enum TokenAccessLevels
{
AssignPrimary = 0x00000001,
Duplicate = 0x00000002,
Impersonate = 0x00000004,
Query = 0x00000008,
QuerySource = 0x00000010,
AdjustPrivileges = 0x00000020,
AdjustGroups = 0x00000040,
AdjustDefault = 0x00000080,
AdjustSessionId = 0x00000100,
Read = 0x00020000 | Query,
Write = 0x00020000 | AdjustPrivileges | AdjustGroups | AdjustDefault,
AllAccess = 0x000F0000 |
AssignPrimary |
Duplicate |
Impersonate |
Query |
QuerySource |
AdjustPrivileges |
AdjustGroups |
AdjustDefault |
AdjustSessionId,
MaximumAllowed = 0x02000000
}
internal enum SecurityImpersonationLevel
{
Anonymous = 0,
Identification = 1,
Impersonation = 2,
Delegation = 3,
}
internal enum TokenType
{
Primary = 1,
Impersonation = 2,
}
internal sealed class NativeMethods
{
internal const uint SE_PRIVILEGE_DISABLED = 0x00000000;
internal const uint SE_PRIVILEGE_ENABLED = 0x00000002;
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct LUID
{
internal uint LowPart;
internal uint HighPart;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct LUID_AND_ATTRIBUTES
{
internal LUID Luid;
internal uint Attributes;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct TOKEN_PRIVILEGE
{
internal uint PrivilegeCount;
internal LUID_AND_ATTRIBUTES Privilege;
}
internal const string ADVAPI32 = "advapi32.dll";
internal const string KERNEL32 = "kernel32.dll";
internal const int ERROR_SUCCESS = 0x0;
internal const int ERROR_ACCESS_DENIED = 0x5;
internal const int ERROR_NOT_ENOUGH_MEMORY = 0x8;
internal const int ERROR_NO_TOKEN = 0x3f0;
internal const int ERROR_NOT_ALL_ASSIGNED = 0x514;
internal const int ERROR_NO_SUCH_PRIVILEGE = 0x521;
internal const int ERROR_CANT_OPEN_ANONYMOUS = 0x543;
[DllImport(
KERNEL32,
SetLastError=true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
internal static extern bool CloseHandle(IntPtr handle);
[DllImport(
ADVAPI32,
CharSet=CharSet.Unicode,
SetLastError=true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
internal static extern bool AdjustTokenPrivileges (
[In] SafeTokenHandle TokenHandle,
[In] bool DisableAllPrivileges,
[In] ref TOKEN_PRIVILEGE NewState,
[In] uint BufferLength,
[In,Out] ref TOKEN_PRIVILEGE PreviousState,
[In,Out] ref uint ReturnLength);
[DllImport(
ADVAPI32,
CharSet=CharSet.Auto,
SetLastError=true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
internal static extern
bool RevertToSelf();
[DllImport(
ADVAPI32,
EntryPoint="LookupPrivilegeValueW",
CharSet=CharSet.Auto,
SetLastError=true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
internal static extern
bool LookupPrivilegeValue (
[In] string lpSystemName,
[In] string lpName,
[In,Out] ref LUID Luid);
[DllImport(
KERNEL32,
CharSet=CharSet.Auto,
SetLastError=true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
internal static extern
IntPtr GetCurrentProcess();
[DllImport(
KERNEL32,
CharSet=CharSet.Auto,
SetLastError=true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
internal static extern
IntPtr GetCurrentThread ();
[DllImport(
ADVAPI32,
CharSet=CharSet.Unicode,
SetLastError=true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
internal static extern
bool OpenProcessToken (
[In] IntPtr ProcessToken,
[In] TokenAccessLevels DesiredAccess,
[In,Out] ref SafeTokenHandle TokenHandle);
[DllImport
(ADVAPI32,
CharSet=CharSet.Unicode,
SetLastError=true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
internal static extern
bool OpenThreadToken(
[In] IntPtr ThreadToken,
[In] TokenAccessLevels DesiredAccess,
[In] bool OpenAsSelf,
[In,Out] ref SafeTokenHandle TokenHandle);
[DllImport
(ADVAPI32,
CharSet=CharSet.Unicode,
SetLastError=true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
internal static extern
bool DuplicateTokenEx(
[In] SafeTokenHandle ExistingToken,
[In] TokenAccessLevels DesiredAccess,
[In] IntPtr TokenAttributes,
[In] SecurityImpersonationLevel ImpersonationLevel,
[In] TokenType TokenType,
[In,Out] ref SafeTokenHandle NewToken);
[DllImport
(ADVAPI32,
CharSet=CharSet.Unicode,
SetLastError=true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
internal static extern
bool SetThreadToken(
[In] IntPtr Thread,
[In] SafeTokenHandle Token);
static NativeMethods()
{
}
}
}

Here's what I use. It is based off of the Mark Novak article, but with less paranoia for untrusted stack frames, CER's, or reentrance (since I assume you are not writing internet explorer or a SQL Server Add-in).
Privilege.cs:
using System;
using Microsoft.Win32.SafeHandles;
using System.Collections.Specialized;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Runtime.ConstrainedExecution;
using System.Threading;
using Luid = Esatto.Win32.Processes.NativeMethods.LUID;
using Win32Exception = System.ComponentModel.Win32Exception;
using PrivilegeNotHeldException = System.Security.AccessControl.PrivilegeNotHeldException;
using static Esatto.Win32.Processes.NativeMethods;
using System.Linq;
using System.Security.Principal;
// http://msdn.microsoft.com/en-us/magazine/cc163823.aspx
namespace Esatto.Win32.Processes
{
public static class Privilege
{
#region Privilege names
public const string
CreateToken = "SeCreateTokenPrivilege",
AssignPrimaryToken = "SeAssignPrimaryTokenPrivilege",
LockMemory = "SeLockMemoryPrivilege",
IncreaseQuota = "SeIncreaseQuotaPrivilege",
UnsolicitedInput = "SeUnsolicitedInputPrivilege",
MachineAccount = "SeMachineAccountPrivilege",
TrustedComputingBase = "SeTcbPrivilege",
Security = "SeSecurityPrivilege",
TakeOwnership = "SeTakeOwnershipPrivilege",
LoadDriver = "SeLoadDriverPrivilege",
SystemProfile = "SeSystemProfilePrivilege",
SystemTime = "SeSystemtimePrivilege",
ProfileSingleProcess = "SeProfileSingleProcessPrivilege",
IncreaseBasePriority = "SeIncreaseBasePriorityPrivilege",
CreatePageFile = "SeCreatePagefilePrivilege",
CreatePermanent = "SeCreatePermanentPrivilege",
Backup = "SeBackupPrivilege",
Restore = "SeRestorePrivilege",
Shutdown = "SeShutdownPrivilege",
Debug = "SeDebugPrivilege",
Audit = "SeAuditPrivilege",
SystemEnvironment = "SeSystemEnvironmentPrivilege",
ChangeNotify = "SeChangeNotifyPrivilege",
RemoteShutdown = "SeRemoteShutdownPrivilege",
Undock = "SeUndockPrivilege",
SyncAgent = "SeSyncAgentPrivilege",
EnableDelegation = "SeEnableDelegationPrivilege",
ManageVolume = "SeManageVolumePrivilege",
Impersonate = "SeImpersonatePrivilege",
CreateGlobal = "SeCreateGlobalPrivilege",
TrustedCredentialManagerAccess = "SeTrustedCredManAccessPrivilege",
ReserveProcessor = "SeReserveProcessorPrivilege";
#endregion
public static void RunWithPrivileges(Action action, params string[] privs)
{
if (privs == null || privs.Length == 0)
{
throw new ArgumentNullException(nameof(privs));
}
var luids = privs
.Select(e => new LUID_AND_ATTRIBUTES { Luid = GetLuidForName(e), Attributes = SE_PRIVILEGE_ENABLED })
.ToArray();
RuntimeHelpers.PrepareConstrainedRegions();
try { /* CER */ }
finally
{
using (var threadToken = new ThreadTokenScope())
using (new ThreadPrivilegeScope(threadToken, luids))
{
action();
}
}
}
private static LUID_AND_ATTRIBUTES[] AdjustTokenPrivileges2(SafeTokenHandle token, LUID_AND_ATTRIBUTES[] attrs)
{
var sizeofAttr = Marshal.SizeOf<LUID_AND_ATTRIBUTES>();
var pDesired = Marshal.AllocHGlobal(4 /* count */ + attrs.Length * sizeofAttr);
try
{
// Fill pStruct
{
Marshal.WriteInt32(pDesired, attrs.Length);
var pAttr = pDesired + 4;
for (int i = 0; i < attrs.Length; i++)
{
Marshal.StructureToPtr(attrs[i], pAttr, false);
pAttr += sizeofAttr;
}
}
// Call Adjust
const int cbPrevious = 16384 /* some arbitrarily high number */;
var pPrevious = Marshal.AllocHGlobal(cbPrevious);
try
{
if (!AdjustTokenPrivileges(token, false, pDesired, cbPrevious, pPrevious, out var retLen))
{
throw new Win32Exception();
}
// Parse result
{
var result = new LUID_AND_ATTRIBUTES[Marshal.ReadInt32(pPrevious)];
var pAttr = pPrevious + 4;
for (int i = 0; i < result.Length; i++)
{
result[i] = Marshal.PtrToStructure<LUID_AND_ATTRIBUTES>(pAttr);
}
return result;
}
}
finally { Marshal.FreeHGlobal(pPrevious); }
}
finally { Marshal.FreeHGlobal(pDesired); }
}
private static Luid GetLuidForName(string priv)
{
if (!LookupPrivilegeValue(null, priv, out var result))
{
throw new Win32Exception();
}
return result;
}
private class ThreadPrivilegeScope : IDisposable
{
private LUID_AND_ATTRIBUTES[] RevertTo;
private Thread OwnerThread;
private readonly ThreadTokenScope Token;
public ThreadPrivilegeScope(ThreadTokenScope token, LUID_AND_ATTRIBUTES[] setTo)
{
this.OwnerThread = Thread.CurrentThread;
this.Token = token ?? throw new ArgumentNullException(nameof(token));
this.RevertTo = AdjustTokenPrivileges2(token.Handle, setTo);
}
public void Dispose()
{
if (OwnerThread != Thread.CurrentThread)
{
throw new InvalidOperationException("Wrong thread");
}
if (RevertTo == null)
{
return;
}
AdjustTokenPrivileges2(Token.Handle, RevertTo);
}
}
private class ThreadTokenScope : IDisposable
{
private bool IsImpersonating;
private readonly Thread OwnerThread;
public readonly SafeTokenHandle Handle;
[ThreadStatic]
private static ThreadTokenScope Current;
public ThreadTokenScope()
{
if (Current != null)
{
throw new InvalidOperationException("Reentrance to ThreadTokenScope");
}
this.OwnerThread = Thread.CurrentThread;
if (!OpenThreadToken(GetCurrentThread(), TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, true, out var token))
{
var error = Marshal.GetLastWin32Error();
if (error != ERROR_NO_TOKEN)
{
throw new Win32Exception(error);
}
// No token is on the thread, copy from process
if (!OpenProcessToken(GetCurrentProcess(), TokenAccessLevels.Duplicate, out var processToken))
{
throw new Win32Exception();
}
if (!DuplicateTokenEx(processToken, TokenAccessLevels.Impersonate | TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges,
IntPtr.Zero, SecurityImpersonationLevel.Impersonation, TokenType.Impersonation, out token))
{
throw new Win32Exception();
}
if (!SetThreadToken(IntPtr.Zero, token))
{
throw new Win32Exception();
}
this.IsImpersonating = true;
}
this.Handle = token;
Current = this;
}
public void Dispose()
{
if (OwnerThread != Thread.CurrentThread)
{
throw new InvalidOperationException("Wrong thread");
}
if (Current != this)
{
throw new ObjectDisposedException(nameof(ThreadTokenScope));
}
Current = null;
if (IsImpersonating)
{
RevertToSelf();
}
IsImpersonating = false;
}
}
}
}
NativeMethods.cs:
using Microsoft.Win32.SafeHandles;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Esatto.Win32.Processes
{
internal static class NativeMethods
{
const string Advapi32 = "advapi32.dll";
const string Kernel32 = "kernel32.dll";
const string Wtsapi32 = "wtsapi32.dll";
const string Userenv = "userenv.dll";
#region constants
public const uint JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE = 0x00002000;
public const uint SE_PRIVILEGE_DISABLED = 0x00000000;
public const uint SE_PRIVILEGE_ENABLED = 0x00000002;
public const int ERROR_SUCCESS = 0x0;
public const int ERROR_ACCESS_DENIED = 0x5;
public const int ERROR_NOT_ENOUGH_MEMORY = 0x8;
public const int ERROR_NO_TOKEN = 0x3f0;
public const int ERROR_NOT_ALL_ASSIGNED = 0x514;
public const int ERROR_NO_SUCH_PRIVILEGE = 0x521;
public const int ERROR_CANT_OPEN_ANONYMOUS = 0x543;
public const uint STANDARD_RIGHTS_REQUIRED = 0x000F0000;
public const uint STANDARD_RIGHTS_READ = 0x00020000;
public const uint NORMAL_PRIORITY_CLASS = 0x0020;
public const uint CREATE_UNICODE_ENVIRONMENT = 0x00000400;
public const uint MAX_PATH = 260;
public const uint CREATE_NO_WINDOW = 0x08000000;
public const uint INFINITE = 0xFFFFFFFF;
#endregion
#region Advapi32
[DllImport(Advapi32, ExactSpelling = true, SetLastError = true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
public static extern bool AdjustTokenPrivileges(SafeTokenHandle TokenHandle, bool DisableAllPrivileges,
IntPtr NewState, uint BufferLength, IntPtr PreviousState, out uint ReturnLength);
[DllImport(Advapi32, ExactSpelling = true, SetLastError = true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
public static extern bool RevertToSelf();
[DllImport(Advapi32, CharSet = CharSet.Unicode, SetLastError = true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
public static extern bool LookupPrivilegeValue(string lpSystemName, string lpName, out LUID Luid);
[DllImport(Advapi32, ExactSpelling = true, SetLastError = true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
public static extern bool OpenProcessToken(IntPtr ProcessToken, TokenAccessLevels DesiredAccess, out SafeTokenHandle TokenHandle);
[DllImport(Advapi32, ExactSpelling = true, SetLastError = true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
public static extern bool OpenThreadToken(IntPtr ThreadToken, TokenAccessLevels DesiredAccess, bool OpenAsSelf, out SafeTokenHandle TokenHandle);
[DllImport(Advapi32, ExactSpelling = true, SetLastError = true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
public static extern bool DuplicateTokenEx(SafeTokenHandle ExistingToken, TokenAccessLevels DesiredAccess,
IntPtr TokenAttributes, SecurityImpersonationLevel ImpersonationLevel, TokenType TokenType, out SafeTokenHandle NewToken);
[DllImport(Advapi32, ExactSpelling = true, SetLastError = true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
public static extern bool SetThreadToken(IntPtr Thread, SafeTokenHandle Token);
[DllImport(Advapi32, CharSet = CharSet.Unicode, SetLastError = true)]
public static extern bool CreateProcessAsUser(SafeTokenHandle hToken,
StringBuilder appExeName, StringBuilder commandLine, IntPtr processAttributes,
IntPtr threadAttributes, bool inheritHandles, uint dwCreationFlags,
EnvironmentBlockSafeHandle environment, string currentDirectory, ref STARTUPINFO startupInfo,
out PROCESS_INFORMATION startupInformation);
[DllImport(Advapi32, CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool GetTokenInformation(IntPtr TokenHandle,
TokenInformationClass TokenInformationClass, out int TokenInformation,
uint TokenInformationLength, out uint ReturnLength);
#endregion
#region Kernel32
[DllImport(Kernel32, ExactSpelling = true, SetLastError = true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
public static extern bool CloseHandle(IntPtr handle);
[DllImport(Kernel32, ExactSpelling = true, SetLastError = true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
public static extern IntPtr GetCurrentProcess();
[DllImport(Kernel32, ExactSpelling = true, SetLastError = true)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
public static extern IntPtr GetCurrentThread();
[DllImport(Kernel32, CharSet = CharSet.Auto, SetLastError = true)]
public static extern SafeJobHandle CreateJobObject(IntPtr lpJobAttributes, string lpName);
[DllImport(Kernel32, SetLastError = true)]
public static extern bool SetInformationJobObject(SafeJobHandle hJob, JobObjectInfoType infoType,
ref JOBOBJECT_EXTENDED_LIMIT_INFORMATION lpJobObjectInfo, int cbJobObjectInfoLength);
[DllImport(Kernel32, SetLastError = true)]
public static extern bool AssignProcessToJobObject(SafeJobHandle job, IntPtr process);
#endregion
#region Wtsapi
[DllImport(Wtsapi32, ExactSpelling = true, SetLastError = true)]
public static extern bool WTSQueryUserToken(int sessionid, out SafeTokenHandle handle);
#endregion
#region Userenv
[DllImport(Userenv, CharSet = CharSet.Unicode, SetLastError = true)]
public static extern bool CreateEnvironmentBlock(out EnvironmentBlockSafeHandle lpEnvironment, SafeTokenHandle hToken, bool bInherit);
[DllImport(Userenv, ExactSpelling = true, SetLastError = true)]
public extern static bool DestroyEnvironmentBlock(IntPtr hEnvironment);
#endregion
#region Structs
[StructLayout(LayoutKind.Sequential)]
public struct IO_COUNTERS
{
public ulong ReadOperationCount;
public ulong WriteOperationCount;
public ulong OtherOperationCount;
public ulong ReadTransferCount;
public ulong WriteTransferCount;
public ulong OtherTransferCount;
}
[StructLayout(LayoutKind.Sequential)]
public struct JOBOBJECT_BASIC_LIMIT_INFORMATION
{
public long PerProcessUserTimeLimit;
public long PerJobUserTimeLimit;
public uint LimitFlags;
public UIntPtr MinimumWorkingSetSize;
public UIntPtr MaximumWorkingSetSize;
public uint ActiveProcessLimit;
public UIntPtr Affinity;
public uint PriorityClass;
public uint SchedulingClass;
}
[StructLayout(LayoutKind.Sequential)]
public struct SECURITY_ATTRIBUTES
{
public uint nLength;
public IntPtr lpSecurityDescriptor;
public int bInheritHandle;
}
[StructLayout(LayoutKind.Sequential)]
public struct JOBOBJECT_EXTENDED_LIMIT_INFORMATION
{
public JOBOBJECT_BASIC_LIMIT_INFORMATION BasicLimitInformation;
public IO_COUNTERS IoInfo;
public UIntPtr ProcessMemoryLimit;
public UIntPtr JobMemoryLimit;
public UIntPtr PeakProcessMemoryUsed;
public UIntPtr PeakJobMemoryUsed;
}
[StructLayout(LayoutKind.Sequential)]
internal struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public uint dwProcessId;
public uint dwThreadId;
}
[StructLayout(LayoutKind.Sequential)]
internal struct STARTUPINFO
{
public int cb;
public string lpReserved;
public string lpDesktop;
public string lpTitle;
public int dwX;
public int dwY;
public int dwXSize;
public int dwYSize;
public int dwXCountChars;
public int dwYCountChars;
public int dwFillAttribute;
public int dwFlags;
public short wShowWindow;
public short cbReserved2;
public IntPtr lpReserved2;
public IntPtr hStdInput;
public IntPtr hStdOutput;
public IntPtr hStdError;
}
[StructLayout(LayoutKind.Sequential)]
public struct LUID
{
public uint LowPart;
public uint HighPart;
}
[StructLayout(LayoutKind.Sequential)]
public struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public uint Attributes;
}
[StructLayout(LayoutKind.Sequential)]
public struct TOKEN_PRIVILEGE
{
public uint PrivilegeCount;
public LUID_AND_ATTRIBUTES Privilege;
}
#endregion
#region Enums
public enum JobObjectInfoType
{
AssociateCompletionPortInformation = 7,
BasicLimitInformation = 2,
BasicUIRestrictions = 4,
EndOfJobTimeInformation = 6,
ExtendedLimitInformation = 9,
SecurityLimitInformation = 5,
GroupInformation = 11
}
public enum SecurityImpersonationLevel
{
Anonymous = 0,
Identification = 1,
Impersonation = 2,
Delegation = 3,
}
public enum TokenType
{
Primary = 1,
Impersonation = 2,
}
public enum TokenInformationClass
{
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics,
TokenRestrictedSids,
TokenSessionId,
TokenGroupsAndPrivileges,
TokenSessionReference,
TokenSandBoxInert,
TokenAuditPolicy,
TokenOrigin,
TokenElevationType,
TokenLinkedToken,
TokenElevation,
TokenHasRestrictions,
TokenAccessInformation,
TokenVirtualizationAllowed,
TokenVirtualizationEnabled,
TokenIntegrityLevel,
TokenUIAccess,
TokenMandatoryPolicy,
TokenLogonSid,
TokenIsAppContainer,
TokenCapabilities,
TokenAppContainerSid,
TokenAppContainerNumber,
TokenUserClaimAttributes,
TokenDeviceClaimAttributes,
TokenRestrictedUserClaimAttributes,
TokenRestrictedDeviceClaimAttributes,
TokenDeviceGroups,
TokenRestrictedDeviceGroups,
// MaxTokenInfoClass should always be the last enum
MaxTokenInfoClass
}
#endregion
#region SafeHandles
public sealed class EnvironmentBlockSafeHandle : SafeHandleZeroOrMinusOneIsInvalid
{
public EnvironmentBlockSafeHandle()
: base(true)
{
}
protected override bool ReleaseHandle()
{
return DestroyEnvironmentBlock(handle);
}
}
public sealed class SafeTokenHandle : SafeHandleZeroOrMinusOneIsInvalid
{
public SafeTokenHandle()
: base(true)
{
}
override protected bool ReleaseHandle()
{
return CloseHandle(handle);
}
}
internal sealed class SafeJobHandle : SafeHandleZeroOrMinusOneIsInvalid
{
public SafeJobHandle()
: base(true)
{
}
protected override bool ReleaseHandle()
{
return CloseHandle(this.handle);
}
}
#endregion
}
}
Example Usage to create a process in another user's session:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace Esatto.Win32.Processes
{
using System.ComponentModel;
using System.Runtime.InteropServices;
using System.Security.Principal;
using static NativeMethods;
#if ESATTO_WIN32
public
#else
internal
#endif
static class ProcessInterop
{
public static void CreateProcessForSession(int sessionId, string exePath, string commandLine)
{
var privs = new[] { Privilege.TrustedComputingBase, Privilege.AssignPrimaryToken, Privilege.IncreaseQuota };
Privilege.RunWithPrivileges(() => CreateProcessForSessionInternal(sessionId, exePath, commandLine), privs);
}
private static void CreateProcessForSessionInternal(int sessionId, string exePath, string commandLine)
{
SafeTokenHandle hDupToken;
{
SafeTokenHandle hToken;
if (!WTSQueryUserToken(sessionId, out hToken))
{
throw new Win32Exception();
}
using (hToken)
{
if (!DuplicateTokenEx(hToken, TokenAccessLevels.AllAccess, IntPtr.Zero, SecurityImpersonationLevel.Impersonation, TokenType.Primary, out hDupToken))
{
throw new Win32Exception();
}
}
}
using (hDupToken)
{
EnvironmentBlockSafeHandle env;
if (!CreateEnvironmentBlock(out env, hDupToken, false))
{
throw new Win32Exception();
}
using (env)
{
STARTUPINFO si = new STARTUPINFO();
si.cb = Marshal.SizeOf(si);
PROCESS_INFORMATION procInfo;
if (!CreateProcessAsUser(hDupToken, new StringBuilder(exePath), new StringBuilder(commandLine),
IntPtr.Zero, IntPtr.Zero, false, NORMAL_PRIORITY_CLASS | CREATE_UNICODE_ENVIRONMENT, env,
null, ref si, out procInfo))
{
throw new Win32Exception();
}
CloseHandle(procInfo.hProcess);
CloseHandle(procInfo.hThread);
}
}
}
public static int GetSessionId(this WindowsIdentity ident)
{
if (ident == null)
{
throw new ArgumentNullException();
}
int sessionId;
uint unused;
if (!GetTokenInformation(ident.Token, TokenInformationClass.TokenSessionId, out sessionId, 4, out unused))
{
throw new Win32Exception();
}
// since we are not passing a SafeHandle, we need to keep our reference on the SafeHandle
// contained in the WindowsIdentity
GC.KeepAlive(ident);
return sessionId;
}
}
}