爲什麼CreateProcessWithTokenW失敗，ERROR_ACCESS_DENIED

Question

我有一個CreateProcessWithTokenW調用失敗，拒絕訪問。任何想法如何調試？

到CreateProcessWithTokenW的通話是在這裏：https://github.com/fschwiet/PShochu/blob/master/PShochu/PInvoke/NetWrappers/ProcessUtil.cs

現在我使用一個訪問令牌當前進程，最終我將使用一個令牌從另一個用戶。現在，我使用https://github.com/fschwiet/PShochu/blob/master/PShochu/PInvoke/NetWrappers/AccessToken.cs來獲取訪問令牌。

如果您想調試，請拉下源代碼並運行build_and_test.ps1。錯誤堆棧：

1) Test Error : PShochu.Tests.can_run_remote_interactive_tasks, given a psake script which writes the current process id to output, when that script is invoked interactively, then the script succeeds 
    System.ComponentModel.Win32Exception : Access is denied 
    at PShochu.PInvoke.NetWrappers.ProcessUtil.CreateProcessWithToken(IntPtr userPrincipalToken, String applicationName, 
String applicationCommand, Boolean dontCreateWindow, Boolean createWithProfile, StreamReader& consoleOutput, StreamReader& errorOutput) in c:\src\PShochu\PShochu\PInvoke\NetWrappers\ProcessUtil.cs:line 52 
    at PShochu.ProcessHandling.RunNoninteractiveConsoleProcessForStreams2(String command, String commandArguments, String& newLine) in c:\src\PShochu\PShochu\ProcessHandling.cs:line 36 
    at PShochu.ProcessHandling.RunNoninteractiveConsoleProcess(String command, String commandArguments) in c:\src\PShochu\PShochu\ProcessHandling.cs:line 20 
    at PShochu.Tests.can_run_remote_interactive_tasks.<>c__DisplayClass16.<>c__DisplayClass18.<Specify>b__2() in c:\src\PShochu\PShochu.Tests\can_run_remote_interactive_tasks.cs:line 27 
    at NJasmine.Core.Execution.DescribeState.<>c__DisplayClass7`1.<visitBeforeEach>b__3() in c:\src\NJasmine\NJasmine\Core\Execution\DescribeState.cs:line 62 

後來更新：我在一些文檔所需要的額外特權（http://msdn.microsoft.com/en-us/library/aa374905%28v=vs.85%29.aspx）看到。我遇到了麻煩測試來驗證我的這些個別證券（它們在secpol.msc預先設定重啓）

SE_ASSIGNPRIMARYTOKEN_NAME "Replace a process level token" 
SE_TCB_NAME "Act as part of the operatin system" 
SE_INCREASE_QUOTA_NAME "Adjust memory quotas for a process" 

這些測試一直告訴我，我沒有，我在設置權限UI，https://github.com/fschwiet/PShochu/blob/master/PShochu.Tests/verify_privileges.cs

Answer 1

經過反覆試驗，我想通了，你傳遞給CreateProcessWithTokenW（）標記需要以下訪問的標誌（至少在Windows 7 SP1 64位）：

• TOKEN_ASSIGN_PRIMARY
• TOKEN_DUPLICATE
• TOKEN_QUERY
• TOKEN_ADJUST_DEFAULT
• TOKEN_ADJUST_SESSIONID

以粗體顯示的最後兩個是非常有益文檔中沒有提到在所有的CreateProcessWithTokenW（）。

編輯：（運行時升高）下面的代碼工作正常，我：

HANDLE hToken = NULL; 
if(OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &hToken)) 
{ 
    HANDLE hDuplicate = NULL; 
    if(DuplicateTokenEx(hToken, TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_QUERY | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID, NULL, SecurityImpersonation, TokenPrimary, &hDuplicate)) 
    { 
     TCHAR szCommandLine[MAX_PATH]; 
     _tcscpy_s(szCommandLine, MAX_PATH, _T("C:\\Windows\\system32\\notepad.exe")); 
     STARTUPINFO StartupInfo; 
     ZeroMemory(&StartupInfo, sizeof(STARTUPINFO)); 
     StartupInfo.cb = sizeof(STARTUPINFO); 
     PROCESS_INFORMATION ProcessInformation; 
     ZeroMemory(&ProcessInformation, sizeof(PROCESS_INFORMATION)); 
     if(CreateProcessWithTokenW(hDuplicate, LOGON_WITH_PROFILE, NULL, szCommandLine, 0, NULL, NULL, &StartupInfo, &ProcessInformation)) 
     { 
      WaitForSingleObject(ProcessInformation.hProcess, INFINITE); 
      CloseHandle(ProcessInformation.hThread); 
      ProcessInformation.hThread = NULL; 
      CloseHandle(ProcessInformation.hProcess); 
      ProcessInformation.hProcess = NULL; 
     } 
     CloseHandle(hDuplicate); 
     hToken = hDuplicate; 
    } 
    CloseHandle(hToken); 
    hToken = NULL; 
}