CreateProcessAsUser - create a process with a different parent?

Question

CreateProcessAsUser - create a process with a different parent?

I read about the UAC implementation on MSDN: http://technet.microsoft.com/en-us/magazine/2007.06.uac.aspx

Corrected along this interesting line:

While AIS is technically the parent of the promoted process, AIS takes advantage of new support in the CreateProcessAsUser API, which sets the process ID of the parent process to the same process ID that it originally had (see Figure 13).

Here is the MSDN page for CreateProcessAsUser:

http://msdn.microsoft.com/en-us/library/windows/desktop/ms682429(v=vs.85).aspx

BOOL WINAPI CreateProcessAsUser(
  _In_opt_     HANDLE hToken,
  _In_opt_     LPCTSTR lpApplicationName,
  _Inout_opt_  LPTSTR lpCommandLine,
  _In_opt_     LPSECURITY_ATTRIBUTES lpProcessAttributes,
  _In_opt_     LPSECURITY_ATTRIBUTES lpThreadAttributes,
  _In_         BOOL bInheritHandles,
  _In_         DWORD dwCreationFlags,
  _In_opt_     LPVOID lpEnvironment,
  _In_opt_     LPCTSTR lpCurrentDirectory,
  _In_         LPSTARTUPINFO lpStartupInfo,
  _Out_        LPPROCESS_INFORMATION lpProcessInformation
);

The statement says that we can create a process and set a different parent using options in the API. I'm not sure how to do this? Do I need to dig into a token?

+3

c ++ c winapi uac

MathOldTimer 04 nov. 14 at 6:52

source to share

1 answer

Harry johnston · Accepted Answer · 2014-11-05T02:15:23+0000

This feature is documented in the MSDN entries for InitializeProcThreadAttributeList and UpdateProcThreadAttribute .

In particular, see the attribute PROC_THREAD_ATTRIBUTE_PARENT_PROCESS

:

The lpValue parameter is a handle to a process handle to be used instead of the calling process as the parent of the process being created. To use the process, you must have the PROCESS_CREATE_PROCESS authority.

CreateProcessAsUser - create a process with a different parent?

More articles: