为什么CreateProcessWithTokenW失败并显示ERROR_ACCESS_DENIED

本文介绍了为什么CreateProcessWithTokenW失败并显示ERROR_ACCESS_DENIED的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我有一个对CreateProcessWithTokenW的调用，但失败，访问被拒绝.有什么想法可以调试吗?

I have a call to CreateProcessWithTokenW that is failing with access denied. Any ideas how to debug this?

对CreateProcessWithTokenW的调用在这里: https://github.com/fschwiet/PShochu/blob/master/PShochu/PInvoke/NetWrappers/ProcessUtil.cs

The call to CreateProcessWithTokenW is here: https://github.com/fschwiet/PShochu/blob/master/PShochu/PInvoke/NetWrappers/ProcessUtil.cs

目前，我正在为当前进程使用访问令牌，最终我将使用其他用户的令牌.现在，我现在使用的是 https://github. com/fschwiet/PShochu/blob/master/PShochu/PInvoke/NetWrappers/AccessToken.cs 来获取访问令牌.

For now I'm using a access token for the current process, eventually I'll use a token from another user. For now then I'm using https://github.com/fschwiet/PShochu/blob/master/PShochu/PInvoke/NetWrappers/AccessToken.cs to get the access token.

如果要调试，请拉下源代码并运行build_and_test.ps1.错误堆栈为:

If you want to debug, pull down the sourcecode and run build_and_test.ps1. The error stack is:

1) Test Error : PShochu.Tests.can_run_remote_interactive_tasks, given a psake script which writes the current process id to output, when that script is invoked interactively, then the script succeeds
   System.ComponentModel.Win32Exception : Access is denied
   at PShochu.PInvoke.NetWrappers.ProcessUtil.CreateProcessWithToken(IntPtr userPrincipalToken, String applicationName,
String applicationCommand, Boolean dontCreateWindow, Boolean createWithProfile, StreamReader& consoleOutput, StreamReader& errorOutput) in c:\src\PShochu\PShochu\PInvoke\NetWrappers\ProcessUtil.cs:line 52
   at PShochu.ProcessHandling.RunNoninteractiveConsoleProcessForStreams2(String command, String commandArguments, String& newLine) in c:\src\PShochu\PShochu\ProcessHandling.cs:line 36
   at PShochu.ProcessHandling.RunNoninteractiveConsoleProcess(String command, String commandArguments) in c:\src\PShochu\PShochu\ProcessHandling.cs:line 20
   at PShochu.Tests.can_run_remote_interactive_tasks.<>c__DisplayClass16.<>c__DisplayClass18.<Specify>b__2() in c:\src\PShochu\PShochu.Tests\can_run_remote_interactive_tasks.cs:line 27
   at NJasmine.Core.Execution.DescribeState.<>c__DisplayClass7`1.<visitBeforeEach>b__3() in c:\src\NJasmine\NJasmine\Core\Execution\DescribeState.cs:line 62

最新更新:我在某些文档中看到需要其他特权( http://msdn.microsoft.com/en-us/library/aa374905%28v=vs.85%29.aspx ).我无法通过测试来验证我是否拥有这些单独的证券(它们在secpol.msc重启前设置)

Later update: I saw in some docs that additional privileges are needed (http://msdn.microsoft.com/en-us/library/aa374905%28v=vs.85%29.aspx). I am having trouble getting tests to verify I have these individual securities (they are set in secpol.msc pre-reboot)

SE_ASSIGNPRIMARYTOKEN_NAME  "Replace a process level token"
SE_TCB_NAME "Act as part of the operatin system"
SE_INCREASE_QUOTA_NAME  "Adjust memory quotas for a process"

这些测试不断告诉我我没有在UI中设置的权限， https://github.com/fschwiet/PShochu/blob/master/PShochu.Tests/verify_privileges.cs

These tests keep telling me I don't have the permissions I've set in the UI, https://github.com/fschwiet/PShochu/blob/master/PShochu.Tests/verify_privileges.cs

推荐答案

通过反复试验，我发现传递给CreateProcessWithTokenW()的令牌需要以下访问标志(至少在Windows 7 SP1 64位上):

Through trial and error I figured out that the token you pass to CreateProcessWithTokenW() needs the following access flags (at least on Windows 7 SP1 64-bit):

TOKEN_ASSIGN_PRIMARY
TOKEN_DUPLICATE
TOKEN_QUERY
TOKEN_ADJUST_DEFAULT
TOKEN_ADJUST_SESSIONID

TOKEN_ASSIGN_PRIMARY
TOKEN_DUPLICATE
TOKEN_QUERY
TOKEN_ADJUST_DEFAULT
TOKEN_ADJUST_SESSIONID

在CreateProcessWithTokenW()的文档中根本没有提到最后两个粗体字.

The last two in bold are very helpfully not mentioned at all in the documentation for CreateProcessWithTokenW().

编辑:以下代码对我来说运行正常(提升运行时):

EDIT: The following code works fine for me (when running elevated):

HANDLE hToken = NULL;
if(OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &hToken))
{
    HANDLE hDuplicate = NULL;
    if(DuplicateTokenEx(hToken, TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_QUERY | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID, NULL, SecurityImpersonation, TokenPrimary, &hDuplicate))
    {
        TCHAR szCommandLine[MAX_PATH];
        _tcscpy_s(szCommandLine, MAX_PATH, _T("C:\\Windows\\system32\\notepad.exe"));
        STARTUPINFO StartupInfo;
        ZeroMemory(&StartupInfo, sizeof(STARTUPINFO));
        StartupInfo.cb = sizeof(STARTUPINFO);
        PROCESS_INFORMATION ProcessInformation;
        ZeroMemory(&ProcessInformation, sizeof(PROCESS_INFORMATION));
        if(CreateProcessWithTokenW(hDuplicate, LOGON_WITH_PROFILE, NULL, szCommandLine, 0, NULL, NULL, &StartupInfo, &ProcessInformation))
        {
            WaitForSingleObject(ProcessInformation.hProcess, INFINITE);
            CloseHandle(ProcessInformation.hThread);
            ProcessInformation.hThread = NULL;
            CloseHandle(ProcessInformation.hProcess);
            ProcessInformation.hProcess = NULL;
        }
        CloseHandle(hDuplicate);
        hToken = hDuplicate;
    }
    CloseHandle(hToken);
    hToken = NULL;
}

这篇关于为什么CreateProcessWithTokenW失败并显示ERROR_ACCESS_DENIED的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！