Search code examples
c++windowswinapicreateprocessasuser

CreateProcessAsUser - Error 1305


I have service and I need to run gui application with current user priveleges from this service. This is my code and it always returns GetLastError with 1305 CreateProcessAsUser fucntion. How I can fix it or may be my code isn't right and you can advice me something useful. Thx.

void ConnectionManager::LaunchDialer ()
{
    HANDLE currentToken;
    HANDLE primaryToken;

    int dwSessionId = 0;
    PHANDLE hUserToken = 0;
    PHANDLE hTokenDup = 0;

    PWTS_SESSION_INFO pSessionInfo = 0;
    DWORD dwCount = 0;

    // Get the list of all terminal sessions
    WTSEnumerateSessions (WTS_CURRENT_SERVER_HANDLE, 0, 1,
            &pSessionInfo, &dwCount);

    int dataSize = sizeof (WTS_SESSION_INFO);

    // look over obtained list in search of the active session
    for (DWORD i = 0; i < dwCount; ++i)
    {
        WTS_SESSION_INFO si = pSessionInfo [i];
        if (WTSActive == si.State)
        {
            // If the current session is active – store its ID
            dwSessionId = si.SessionId;
            break;
        }
    }

    WTSFreeMemory (pSessionInfo);

    // Get token of the logged in user by the active session ID
    BOOL bRet = WTSQueryUserToken (dwSessionId, &currentToken);
    if (!bRet)
    {
        ModemDetectorService::instance ()->logMessage (QString ("WTSQueryUserToken: %1")
                .arg (GetLastError ()));
        return;
    }

    bRet = DuplicateTokenEx (currentToken,
             TOKEN_ASSIGN_PRIMARY | TOKEN_ALL_ACCESS,
             0,
             SecurityImpersonation,
             TokenPrimary,
             &primaryToken);
    if (!bRet)
    {
        ModemDetectorService::instance ()->logMessage (QString ("DuplicateTokenEx: %1")
                    .arg (GetLastError ()));
        return;
    }

    if (!primaryToken)
    {
        ModemDetectorService::instance ()->logMessage ("Invalid user token");
        return;
    }

    STARTUPINFO StartupInfo;
    PROCESS_INFORMATION processInfo;
    ZeroMemory(&StartupInfo, sizeof(STARTUPINFO));
    StartupInfo.cb= sizeof(STARTUPINFO);
    StartupInfo.lpDesktop = TEXT("winsta0\\default");

    SECURITY_ATTRIBUTES Security1;
    SECURITY_ATTRIBUTES Security2;

    QSettings settings ("HKEY_LOCAL_MACHINE\\Software\\Olive\\OliveDialer",
                QSettings::NativeFormat);
    const QString path = QDir::toNativeSeparators (settings.value ("InstallationDirectory").toString ());
    QByteArray command = ("\"" + path + "\\" +
            ApplicationInfo::Olive::ShortApplicationName + ".exe" + "\"").toUtf8 ();

    void* lpEnvironment = NULL;
    // Get all necessary environment variables of logged in user
    // to pass them to the process
    BOOL resultEnv = CreateEnvironmentBlock (&lpEnvironment,
            primaryToken,
            FALSE);
    if (!resultEnv)
    {
        long nError = GetLastError ();
        ModemDetectorService::instance ()->logMessage (QString ("CreateEnvironmentBlock failed with: %1")
                .arg (nError));
    }

    // Start the process on behalf of the current user
    BOOL result = CreateProcessAsUser (primaryToken, 0,
            (LPSTR)(command.data ()),
            &Security1,
            &Security2,
            FALSE,
            NORMAL_PRIORITY_CLASS | CREATE_UNICODE_ENVIRONMENT,
            lpEnvironment,
            NULL,
            &StartupInfo,
            &processInfo);
    if (!result)
    {
        DWORD errorCode = GetLastError ();
        ModemDetectorService::instance ()->logMessage (QString ("Application start failed: %1 %2")
                .arg (errorCode)
                .arg (command.data ()));
    }
    else
        ModemDetectorService::instance ()->logMessage ("Application started successfully");
    DestroyEnvironmentBlock (lpEnvironment);
    CloseHandle (primaryToken);
}

Solution

  • Error 1305 is ERROR_UNKNOWN_REVISION ("The revision level is unknown"), which typically refers to security objects. Indeed, you're passing two SECURITY_ATTRIBUTES structures (Security1 and Security2) which have never been initialized.

    You need to either pass NULL instead of &Security1 and &Security2, or properly initialize the structures.