Re: Win32 Service App for Terminal services
From: Ivan Brugiolo [MSFT] (ivanbrug_at_online.microsoft.com)
Date: 02/04/05
- Next message: Victor Liu: "Re: URL Moniker Notification Window"
- Previous message: vipin: "Re: Win32 service starting application (OpenProcessToken and ImpersonateLoggedOnUser)"
- In reply to: vipin: "Re: Win32 Service App for Terminal services"
- Next in thread: vipin: "Re: Win32 Service App for Terminal services"
- Reply: vipin: "Re: Win32 Service App for Terminal services"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 4 Feb 2005 02:02:07 -0800
Winlogon always share the same Memory-Manager session
of the process-es created by itself.
So, your usage seems legitimate and non necessary at the same time.
Maybe we are talking about different things.
Mm sessions are descriptors of a region in the kernel address space where
display drivers and other few things are loaded.
A Mm session is the "logical" union of:
csrss.exe, winlogon.exe, a user shell and it's children processes,
and on instance of the window manager (win32k.sys) and it's display drivers.
For example, in the FUS case, the display driver for the physical terminal
is mapped in session space for each connected user.
In the TS case, one session (session 0 in XP-W2K3, a non zero session in LH)
has the display driver of the physical terminal, one other session may have
the TS display driver,
one other session the "disconnected" display driver
(and all the processes that belongs to each one of them that).
-- This posting is provided "AS IS" with no warranties, and confers no rights. Use of any included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "vipin" <vipin@nospam.com> wrote in message news:#f5yV7mCFHA.2620@tk2msftngp13.phx.gbl... > Hi, > let me make it clear, I think I am not putting it rightly:- > > 1) In winlogon.exe(in the GINA dll), immediately after the creation of the > shell.At this point > the userinit.exe is running. > 2) CreateProcessUser is called with the hToken returned by the > LogonUser(...) during windows login. > > The CreateProcessAsUser is called in the WlxActivateUserShell(...) GINA > entry point > > The result is the application is created and the icon is placed in the > taskbar. > > This I checked on windows 2000,XP and (via RDP session to XP SP1) and all > seemed to show the same behaviour > > So I am wondering this is happening out of luck and something undocumented > is happening > at this point. I had like to know so as to avoid customers from shouting at > a later point. > > Thanks > Vipin > > > "Ivan Brugiolo [MSFT]" <ivanbrug@online.microsoft.com> wrote in message > news:%23Rr3tXmCFHA.3936@TK2MSFTNGP09.phx.gbl... > > Cross session process creation is possible in Longhorn, > > with a method similar to what you describe > > (AKA, the session id of the token is honored, > > and that session is joined if the current security context > > has the SeAssignPrimary privilege). > > I cannot see how that can happen in other OS-es. > > > > > > -- > > This posting is provided "AS IS" with no warranties, and confers no > > rights. > > Use of any included script samples are subject to the terms specified at > > http://www.microsoft.com/info/cpyright.htm > > > > > > "vipin" <vipin@nospam.com> wrote in message > > news:e$Aec$kCFHA.3728@TK2MSFTNGP14.phx.gbl... > >> Hi Ivan, > >> GUI is coming up with the terminal services with > >> CreateProcessAsUser(...). Do you think it is happening out of luck? > >> > >> Thanks > >> Vipin > >> > >> "Ivan Brugiolo [MSFT]" <ivanbrug@online.microsoft.com> wrote in message > >> news:OPBCZ6hCFHA.3740@TK2MSFTNGP09.phx.gbl... > >> > No, that will not work. > >> > Session Creation is done by smss.exe. > >> > Smss.exe then temporarly joins a session to > >> > create csrss.exe and winlogon.exe, and then departs the session. > >> > After that point, the session is inherited. > >> > > >> > -- > >> > This posting is provided "AS IS" with no warranties, and confers no > >> > rights. > >> > Use of any included script samples are subject to the terms specified > >> > at > >> > http://www.microsoft.com/info/cpyright.htm > >> > > >> > > >> > "Pavel Lebedinsky" <m_pll at hotmail com> wrote in message > >> > news:uYfMNncCFHA.2876@TK2MSFTNGP12.phx.gbl... > >> >> "Ivan Brugiolo [MSFT]" wrote: > >> >> > >> >> > Cross session process creation is not possible > >> >> > >> >> If you have the user's token from the right session then > >> >> you can use CreateProcessAsUser and I think it will > >> >> work. > >> >> > >> >> If you want the process to have the same identity as > >> >> your service, you could also try something like this: > >> >> > >> >> OpenProcessToken(GetCurrentProcess()) > >> >> DuplicateToken > >> >> SetTokenInformation(TokenSessionId) > >> >> CreateProcessAsUser > >> >> > >> >> but this will probably work only if the service is running > >> >> as System, and has obvious security problems. > >> >> > >> >> > The correct approach is to have the service to run without > >> >> > the need of a GUI, and, if any GUI is needed, this must > >> >> > be regular user launched application > >> >> > (via the Startup Folder, for example, or the Run\RunOnce keys.) > >> >> > >> >> This is definitely the easiest (and most flexible) approach. > >> >> > >> >> > >> > > >> > > >> > >> > > > > > >
- Next message: Victor Liu: "Re: URL Moniker Notification Window"
- Previous message: vipin: "Re: Win32 service starting application (OpenProcessToken and ImpersonateLoggedOnUser)"
- In reply to: vipin: "Re: Win32 Service App for Terminal services"
- Next in thread: vipin: "Re: Win32 Service App for Terminal services"
- Reply: vipin: "Re: Win32 Service App for Terminal services"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
