bool GetWinlogonHandle(LPHANDLE lphUserToken, DWORD sessionid) { BOOL bResult = FALSE; HANDLE hAccessToken = NULL; HANDLE hTokenThis = NULL; // DWORD Id = GetProcessesByName(L"winlogon.exe"); DWORD Id = Find_winlogon(sessionid); HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Id); if (hProcess) { if (OpenProcessToken(hProcess, TOKEN_ASSIGN_PRIMARY | TOKEN_ALL_ACCESS, &hTokenThis)) { bResult = DuplicateTokenEx(hTokenThis, TOKEN_ASSIGN_PRIMARY | TOKEN_ALL_ACCESS, NULL, SecurityImpersonation, TokenPrimary, lphUserToken); CloseHandle(hTokenThis); } CloseHandle(hProcess); } return bResult == 1; }
BOOL get_winlogon_handle(OUT LPHANDLE lphUserToken, DWORD mysessionID) { BOOL bResult = FALSE; HANDLE hProcess; HANDLE hAccessToken = NULL; HANDLE hTokenThis = NULL; DWORD ID_session=0; ID_session=mysessionID; DWORD Id=0; if (W2K==0) Id=Find_winlogon(ID_session); else Id=GetwinlogonPid(); // fall back to old method if Terminal services is disabled if (W2K == 0 && Id == -1) Id=GetwinlogonPid(); #ifdef _DEBUG char szText[256]; DWORD error=GetLastError(); sprintf(szText," ++++++ Find_winlogon %i %i %d\n",ID_session,Id,error); SetLastError(0); OutputDebugString(szText); #endif hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, Id ); if (hProcess) { #ifdef _DEBUG char szText[256]; DWORD error=GetLastError(); sprintf(szText," ++++++ OpenProcess %i \n",hProcess); SetLastError(0); OutputDebugString(szText); #endif OpenProcessToken(hProcess, TOKEN_ASSIGN_PRIMARY|TOKEN_ALL_ACCESS, &hTokenThis); #ifdef _DEBUG error=GetLastError(); sprintf(szText," ++++++ OpenProcessToken %i %i\n",hTokenThis,error); SetLastError(0); OutputDebugString(szText); #endif { bResult = DuplicateTokenEx(hTokenThis, TOKEN_ASSIGN_PRIMARY|TOKEN_ALL_ACCESS,NULL, SecurityImpersonation, TokenPrimary, lphUserToken); #ifdef _DEBUG error=GetLastError(); sprintf(szText," ++++++ DuplicateTokenEx %i %i %i %i\n",hTokenThis,&lphUserToken,error,bResult); SetLastError(0); OutputDebugString(szText); #endif SetTokenInformation(*lphUserToken, TokenSessionId, &ID_session, sizeof(DWORD)); #ifdef _DEBUG error=GetLastError(); sprintf(szText," ++++++ SetTokenInformation( %i %i %i\n",hTokenThis,&lphUserToken,error); SetLastError(0); OutputDebugString(szText); #endif CloseHandle(hTokenThis); } CloseHandle(hProcess); } return bResult; }