using WIN32 API CreateProcessAsUser in Python

Question

I have been trying to find a good example of how to use the CreateProcessAsUser() WIN32 API in Python along side the LogonUser() API, but to no avail.

Any help on this would be greatly appreciated.

score 5 · Accepted Answer · edited Sep 04 '18 at 14:56

First, you should know that the Python extensions for Windows API is closely mapped to the Windows API. In this use case, the following links should prove very useful to you:

Discusses LogonUser() function
- http://msdn.microsoft.com/en-us/library/windows/desktop/aa378184(v=vs.85).aspx
Discusses CreateProcessAsUser() function
- http://msdn.microsoft.com/en-us/library/windows/desktop/ms682429(v=vs.85).aspx
Discusses STARTUPINFO structure
- http://msdn.microsoft.com/en-us/library/windows/desktop/ms686331(v=vs.85).aspx

If you study these documents together with the pywin documentation, you'll learn quite a ton.

That being written, note that in order to use CreateProcessAsUser(), you must hold the privilege SE_INCREASE_QUOTA_NAME, and possibly SE_ASSIGNPRIMARYTOKEN_NAME. These can be assigned on your local workstation (assuming you're admin) via secpol.msc > User Rights Assignment.

To understand how these privileges map to rights shown in secpol.msc, use this link:

http://msdn.microsoft.com/en-us/library/windows/desktop/bb530716(v=vs.85).aspx

Now on to the code:

# First create a token. We're pretending this user actually exists on your local computer or Active Directory domain.
user = "ltorvalds"
pword = "IAMLINUXMAN"
domain = "." # means current domain
logontype = win32con.LOGON32_LOGON_INTERACTIVE
provider = win32con.LOGON32_PROVIDER_WINNT50
token = win32security.LogonUser(user, domain, pword , logontype, provider)

# Now let's create the STARTUPINFO structure. Read the link above for more info on what these can do.
startup = win32process.STARTUPINFO()

# Finally, create a cmd.exe process using the "ltorvalds" token.
appname = "c:\\windows\\system32\\cmd.exe"
priority = win32con.NORMAL_PRIORITY_CLASS
win32process.CreateProcessAsUser(token, appname, None, None, None, True, priority, None, None, startup)

Hope this helps.

For those who suffer from `error: (87, 'CreateProcessAsUser', 'The parameter is incorrect.')` when passing custom environment in Windows: pass dict in unicode. E.g. you have a dictionary `dict` (like `dict=os.environ.copy()`). Instead passing `env=dict` pass `env={unicode(k): unicode(v) for k,v in dict.iteritems()}` — flam3, Oct 09 '18 at 14:03

using WIN32 API CreateProcessAsUser in Python

1 Answers1

Linked