Question : WTSGetActiveConsoleSessionId and Windows 2000

Hi,

Iam using WTSGetActiveConsoleSessionId and other functions to get users console token and then run process in its users space. Is there similary functionality in Windows 2000?

In msdn i see that WTSGetActiveConsoleSessionId is from Windows XP and Windows Server 2003

Answer : WTSGetActiveConsoleSessionId and Windows 2000

No, the requirements clearly state Xp as the minimum expected Windows version. If you want to execute an application in the context of the logged on user, you can use the following code, see also http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Q_25282045.html

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211:

#include <windows.h> #include <tlhelp32.h> #include <stdio.h> #include <malloc.h> #include <lmcons.h> #pragma comment(lib,"kernel32.lib") #pragma comment(lib,"user32.lib") #pragma comment(lib,"advapi32.lib") void __cdecl DbgReport ( char* __pszFormat, ...) { static char s_acBuf [ 2048]; va_list _args; va_start ( _args, __pszFormat); vsprintf ( s_acBuf, __pszFormat, _args); OutputDebugStringA ( s_acBuf); va_end ( _args); } DWORD ExecuteCmd ( LPSTR pszCmd, BOOL bShow, HANDLE hToken) { STARTUPINFO si; PROCESS_INFORMATION pi; BOOL bRes; DWORD dwCode = 0; MSG msg; ZeroMemory ( &si, sizeof ( STARTUPINFO)); si.cb = sizeof ( STARTUPINFO); si.dwFlags = STARTF_USESHOWWINDOW; si.wShowWindow = bShow ? SW_SHOWNORMAL : SW_HIDE; bRes = CreateProcessAsUser ( hToken, NULL, pszCmd, NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi ); CloseHandle ( pi.hProcess); CloseHandle ( pi.hThread); return ( 0); } DWORD GetExplorerProcessID() { HANDLE hSnapshot; PROCESSENTRY32 pe32; ZeroMemory(&pe32,sizeof(pe32)); DWORD temp; hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL); pe32.dwSize = sizeof(PROCESSENTRY32); if(Process32First(hSnapshot,&pe32)) { do { if(!strcmp(pe32.szExeFile,"explorer.exe")) { temp = pe32.th32ProcessID; break; } }while(Process32Next(hSnapshot,&pe32)); } DbgReport("Explorer PID: %d\n", temp); return temp; } BOOL EnableDebugPriv ( BOOL bEnable) { HANDLE hToken; TOKEN_PRIVILEGES tp; if ( !OpenProcessToken ( GetCurrentProcess (), TOKEN_ADJUST_PRIVILEGES, &hToken ) ) return ( FALSE); tp.PrivilegeCount = 1; LookupPrivilegeValue ( NULL, SE_DEBUG_NAME, &tp.Privileges [ 0].Luid ); tp.Privileges [ 0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0; AdjustTokenPrivileges ( hToken, FALSE, &tp, sizeof ( tp), NULL, NULL ); return ( GetLastError() == ERROR_SUCCESS); } void GetSidUser(PSID psid,char*pName, DWORD dwNameSize) { char acReferencedDomain [ LM20_DNLEN + 1]; DWORD dwDomainBufSize = sizeof ( acReferencedDomain); SID_NAME_USE eUse; // lookup clear text name of the owner if ( !LookupAccountSid ( NULL, psid, pName, &dwNameSize, acReferencedDomain, &dwDomainBufSize, &eUse ) ) { DWORD dwErr = GetLastError (); DbgReport("LookupAccountSid() failed: %d\n", dwErr); } else DbgReport("SID represents %s\\%s\n", acReferencedDomain, pName); } void ImpersonateInteractiveUser(LPSTR pCmd, BOOL bShow) { HANDLE hToken = NULL; HANDLE hProcess = NULL; char acName [ LM20_DNLEN + 1]; DWORD dwNameSize = sizeof ( acName); DWORD processID = GetExplorerProcessID(); if( processID) { hProcess = OpenProcess( PROCESS_ALL_ACCESS, TRUE, processID ); if( hProcess) { if( OpenProcessToken( hProcess, TOKEN_ALL_ACCESS, &hToken)) { TOKEN_USER* ptu; DWORD dw; GetTokenInformation(hToken,TokenUser,NULL,0,&dw); ptu = (TOKEN_USER*) _alloca(dw); if (!GetTokenInformation(hToken,TokenUser,ptu,dw,&dw)) DbgReport("GetTokenInformation() failed, reason: %d\n", GetLastError()); GetSidUser(ptu->User.Sid,acName,dwNameSize); if (!ImpersonateLoggedOnUser( hToken)) DbgReport("ImpersonateLoggedOnUser() failed, reason: %d\n", GetLastError()); DbgReport("Launching command: %s as \'%s\'\n", pCmd, acName); ExecuteCmd(pCmd,bShow,hToken); CloseHandle( hToken ); } else DbgReport("OpenProcessToken() failed, reason: %d\n", GetLastError()); CloseHandle( hProcess ); } else DbgReport("OpenProcess() failed, reason: %d\n", GetLastError()); } } int main (int argc, char** argv) { if (2 > argc) return -1; EnableDebugPriv(TRUE); BOOL bShow = TRUE; if (argc == 3) bShow = strcmp(argv[2],"/HIDE"); ImpersonateInteractiveUser(argv[1], bShow); return 0; }