[求助]进程如何切换会员（Session）-编程技术-看雪-安全社区|安全招聘|kanxue.com

最新回复 (6)
hulucc 雪币： 90 活跃值： (80) 能力值： ( LV3，RANK：20 ) 在线值：发帖 22 回帖 469 粉丝 1 关注私信	hulucc 2 楼能切吗？会话的目的不就是隔离吗 2016-8-3 11:03 0
OXFFFFFFFE 雪币： 18 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 57 粉丝 0 关注私信	OXFFFFFFFE 3 楼直接切换,感觉不行正规做法是createprocessasuser 2016-8-4 09:19 0
gaollxu 雪币： 1085 活跃值： (114) 能力值： ( LV8，RANK：120 ) 在线值：发帖 70 回帖 273 粉丝 1 关注私信	gaollxu 2 4 楼程序关闭，重新“启动”程序以新Session运行。 2016-8-5 12:13 0
lxsgbin 雪币： 1651 活跃值： (1425) 能力值： ( LV6，RANK：80 ) 在线值：发帖 39 回帖 147 粉丝 44 关注私信	lxsgbin 1 5 楼楼上的方法试过了可以的，没有办法不关进程，直接切换？附上楼上方法的源码 DWORD _stdcall LaunchAppIntoDifferentSession( LPTSTR lpCommand ) { DWORD dwRet = 0; PROCESS_INFORMATION pi; STARTUPINFO si; DWORD dwSessionId; HANDLE hUserToken = NULL; HANDLE hUserTokenDup = NULL; HANDLE hPToken = NULL; HANDLE hProcess = NULL; DWORD dwCreationFlags; HMODULE hInstKernel32 = NULL; typedef DWORD (WINAPI WTSGetActiveConsoleSessionIdPROC)(); WTSGetActiveConsoleSessionIdPROC WTSGetActiveConsoleSessionId = NULL; hInstKernel32 = LoadLibrary("Kernel32.dll"); if (!hInstKernel32) return FALSE; WTSGetActiveConsoleSessionId = (WTSGetActiveConsoleSessionIdPROC)GetProcAddress(hInstKernel32,"WTSGetActiveConsoleSessionId"); // Log the client on to the local computer. dwSessionId = WTSGetActiveConsoleSessionId(); do { typedef BOOL ((WINAPI WTSQueryUserToken)(ULONG SessionId,PHANDLE phToken)); WTSQueryUserToken WTSQueryUserTokenT=(WTSQueryUserToken)GetProcAddress(LoadLibrary("Wtsapi32.dll"),"WTSQueryUserToken"); WTSQueryUserTokenT(dwSessionId,&hUserToken ); dwCreationFlags = NORMAL_PRIORITY_CLASS \| CREATE_NEW_CONSOLE; ZeroMemory( &si, sizeof( STARTUPINFO ) ); si.cb= sizeof( STARTUPINFO ); si.lpDesktop = "winsta0\\default"; ZeroMemory( &pi, sizeof(pi) ); TOKEN_PRIVILEGES tp; LUID luid; if( !::OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES \| TOKEN_QUERY \| TOKEN_DUPLICATE \| TOKEN_ASSIGN_PRIMARY \| TOKEN_ADJUST_SESSIONID \| TOKEN_READ \| TOKEN_WRITE, &hPToken ) ) { dwRet = GetLastError(); break; } if ( !LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &luid ) ) { dwRet = GetLastError(); break; } tp.PrivilegeCount =1; tp.Privileges[0].Luid =luid; tp.Privileges[0].Attributes =SE_PRIVILEGE_ENABLED; if( !DuplicateTokenEx( hPToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hUserTokenDup ) ) { dwRet = GetLastError(); break; } //Adjust Token privilege if( !SetTokenInformation( hUserTokenDup,TokenSessionId,(void)&dwSessionId,sizeof(DWORD) ) ) { dwRet = GetLastError(); break; } if( !AdjustTokenPrivileges( hUserTokenDup, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, NULL ) ) { dwRet = GetLastError(); break; } LPVOID pEnv =NULL; DWORD (__stdcall CreateEnvironmentBlock)( LPVOID , HANDLE, BOOL ); CreateEnvironmentBlock = (DWORD (__stdcall )(LPVOID *, HANDLE,BOOL))GetProcAddress( LoadLibrary("UserEnv.dll"), "CreateEnvironmentBlock" ); if (!CreateEnvironmentBlock) break; if( CreateEnvironmentBlock( &pEnv, hUserTokenDup, TRUE ) ) { dwCreationFlags\|=CREATE_UNICODE_ENVIRONMENT; } else pEnv=NULL; // Launch the process in the client's logon session. if( CreateProcessAsUser( hUserTokenDup, // client's access token NULL, // file to execute lpCommand, // command line NULL, // pointer to process SECURITY_ATTRIBUTES NULL, // pointer to thread SECURITY_ATTRIBUTES FALSE, // handles are not inheritable dwCreationFlags,// creation flags pEnv, // pointer to new environment block NULL, // name of current directory &si, // pointer to STARTUPINFO structure &pi // receives information about new process ) ) { } else { dwRet = GetLastError(); break; } } while( 0 ); //Perform All the Close Handles task if( NULL != hUserToken ) { CloseHandle( hUserToken ); } if( NULL != hUserTokenDup) { CloseHandle( hUserTokenDup ); } if( NULL != hPToken ) { CloseHandle( hPToken ); } return dwRet; } 2016-8-5 12:24 0
OXFFFFFFFE 雪币： 18 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 57 粉丝 0 关注私信	OXFFFFFFFE 6 楼 win7可以说无解. 有解也可能很暴力,大范围用很难保证通用性,稳定性 2016-8-7 09:50 0
gaollxu 雪币： 1085 活跃值： (114) 能力值： ( LV8，RANK：120 ) 在线值：发帖 70 回帖 273 粉丝 1 关注私信	gaollxu 2 7 楼不关进程，直接切换Session，行不通。 2016-8-7 12:10 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

hulucc

雪币： 90

活跃值： (80)

能力值：

( LV3，RANK：20 )

在线值：

发帖

22

回帖

469

粉丝

1

关注

私信

hulucc: 2 楼

能切吗？会话的目的不就是隔离吗

2016-8-3 11:03

0

OXFFFFFFFE

雪币： 18

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

1

回帖

57

粉丝

0

关注

私信

OXFFFFFFFE: 3 楼

直接切换,感觉不行

正规做法是createprocessasuser

2016-8-4 09:19

0

gaollxu

雪币： 1085

活跃值： (114)

能力值：

( LV8，RANK：120 )

在线值：

发帖

70

回帖

273

粉丝

1

关注

私信

gaollxu 2: 4 楼

程序关闭，重新“启动”程序以新Session运行。

2016-8-5 12:13

0

lxsgbin

雪币： 1651

活跃值： (1425)

能力值：

( LV6，RANK：80 )

在线值：

发帖

39

回帖

147

粉丝

44

关注

私信

lxsgbin 1: 5 楼

楼上的方法试过了可以的，没有办法不关进程，直接切换？
附上楼上方法的源码
DWORD _stdcall LaunchAppIntoDifferentSession( LPTSTR lpCommand )
{
DWORD dwRet = 0;
PROCESS_INFORMATION pi;
STARTUPINFO si;
DWORD dwSessionId;
HANDLE hUserToken = NULL;
HANDLE hUserTokenDup = NULL;
HANDLE hPToken = NULL;
HANDLE hProcess = NULL;
DWORD dwCreationFlags;

HMODULE hInstKernel32 = NULL;
typedef DWORD (WINAPI *WTSGetActiveConsoleSessionIdPROC)();
WTSGetActiveConsoleSessionIdPROC WTSGetActiveConsoleSessionId = NULL;

hInstKernel32 = LoadLibrary("Kernel32.dll");

if (!hInstKernel32)
return FALSE;

WTSGetActiveConsoleSessionId = (WTSGetActiveConsoleSessionIdPROC)GetProcAddress(hInstKernel32,"WTSGetActiveConsoleSessionId");

// Log the client on to the local computer.
dwSessionId = WTSGetActiveConsoleSessionId();

do
{

   typedef BOOL ((WINAPI *WTSQueryUserToken)(ULONG SessionId,PHANDLE phToken));
      WTSQueryUserToken WTSQueryUserTokenT=(WTSQueryUserToken)GetProcAddress(LoadLibrary("Wtsapi32.dll"),"WTSQueryUserToken");
      WTSQueryUserTokenT(dwSessionId,&hUserToken );
      dwCreationFlags = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE;
      ZeroMemory( &si, sizeof( STARTUPINFO ) );
      si.cb= sizeof( STARTUPINFO );
      si.lpDesktop = "winsta0\\default";
      ZeroMemory( &pi, sizeof(pi) );
      TOKEN_PRIVILEGES tp;
      LUID luid;

      if( !::OpenProcessToken( GetCurrentProcess(),
                        TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY
                              | TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY | TOKEN_ADJUST_SESSIONID
                              | TOKEN_READ | TOKEN_WRITE, &hPToken ) )
   {
            dwRet = GetLastError();
            break;
   }

      if ( !LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &luid ) )
   {
            dwRet = GetLastError();
            break;
   }

      tp.PrivilegeCount =1;
      tp.Privileges[0].Luid =luid;
      tp.Privileges[0].Attributes =SE_PRIVILEGE_ENABLED;

      if( !DuplicateTokenEx( hPToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hUserTokenDup ) )
   {
            dwRet = GetLastError();
            break;
   }

         //Adjust Token privilege
      if( !SetTokenInformation( hUserTokenDup,TokenSessionId,(void*)&dwSessionId,sizeof(DWORD) ) )
   {
      dwRet = GetLastError();
      break;
   }

      if( !AdjustTokenPrivileges( hUserTokenDup, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, NULL ) )
   {
      dwRet = GetLastError();
      break;
   }

      LPVOID pEnv =NULL;

      DWORD (__stdcall *CreateEnvironmentBlock)( LPVOID *, HANDLE, BOOL );
      CreateEnvironmentBlock = (DWORD (__stdcall *)(LPVOID *, HANDLE,BOOL))GetProcAddress( LoadLibrary("UserEnv.dll"), "CreateEnvironmentBlock" );
      if (!CreateEnvironmentBlock) break;

      if( CreateEnvironmentBlock( &pEnv, hUserTokenDup, TRUE ) )
   {
            dwCreationFlags|=CREATE_UNICODE_ENVIRONMENT;
   }
      else pEnv=NULL;

         // Launch the process in the client's logon session.
      if( CreateProcessAsUser( hUserTokenDup, // client's access token
                                    NULL,       // file to execute
                                    lpCommand,       // command line
                                    NULL,          // pointer to process SECURITY_ATTRIBUTES
                                    NULL,          // pointer to thread SECURITY_ATTRIBUTES
                                    FALSE,          // handles are not inheritable
                                    dwCreationFlags,// creation flags
                                    pEnv,       // pointer to new environment block
                                    NULL,       // name of current directory
                                    &si,          // pointer to STARTUPINFO structure
                                    &pi          // receives information about new process
                                                   ) )
   {
   }
      else
   {
               dwRet = GetLastError();
               break;
   }
}
while( 0 );

//Perform All the Close Handles task
if( NULL != hUserToken )
{
         CloseHandle( hUserToken );
}

if( NULL != hUserTokenDup)
{
         CloseHandle( hUserTokenDup );
}

if( NULL != hPToken )
{
         CloseHandle( hPToken );
}

return dwRet;
}

2016-8-5 12:24

0