CODEWITHSUNDEEP
c#winapicreateprocessasuser
manton
manton

Reputation: 561

CreateProcessAsUser, call dll function

With CreateProcessAsUser I can call an .exe file somewhere on the hard disk:

CreateProcessAsUser(IntPtr hToken, string lpApplicationName, string lpCommandLine,
                      ref SECURITY_ATTRIBUTES lpProcessAttributes, ref SECURITY_ATTRIBUTES lpThreadAttributes,
                      bool bInheritHandle, Int32 dwCreationFlags, IntPtr lpEnvrionment,
                      string lpCurrentDirectory, ref STARTUPINFO lpStartupInfo,
                      ref PROCESS_INFORMATION lpProcessInformation);

Each single example I have found in the web uses the lpCommandLine argument to call a program. I would like to call a function in a dll. Does anyone know if this is possible? Would be nice to have kind of an example ...

Thank you!

Upvotes: 0

Views: 648

Answers (2)

Deanna
Deanna

Reputation: 24253

You can't directly call a DLL as a different user as the user/execution level is per process, not DLL or thread. You must start a new process that then calls the DLL. This is the technique used by COM elevation, etc. If the DLL has the right signature, you can try calling it with rundll32.exe.

Upvotes: 2

alf
alf

Reputation: 18530

I don't think it's possible with that function. The standard way of calling a method in a dll is with the LoadLibrary and GetProcAddress methods, like in this example:

(Taken from the MSDN)

// A simple program that uses LoadLibrary and 
// GetProcAddress to access myPuts from Myputs.dll. 

#include <windows.h> 
#include <stdio.h> 

typedef int (__cdecl *MYPROC)(LPWSTR); 

int main( void ) 
{ 
    HINSTANCE hinstLib; 
    MYPROC ProcAdd; 
    BOOL fFreeResult, fRunTimeLinkSuccess = FALSE; 

    // Get a handle to the DLL module.

    hinstLib = LoadLibrary(TEXT("MyPuts.dll")); 

    // If the handle is valid, try to get the function address.

    if (hinstLib != NULL) 
    { 
        ProcAdd = (MYPROC) GetProcAddress(hinstLib, "myPuts"); 

        // If the function address is valid, call the function.

        if (NULL != ProcAdd) 
        {
            fRunTimeLinkSuccess = TRUE;
            (ProcAdd) (L"Message sent to the DLL function\n"); 
        }
        // Free the DLL module.

        fFreeResult = FreeLibrary(hinstLib); 
    } 

    // If unable to call the DLL function, use an alternative.
    if (! fRunTimeLinkSuccess) 
        printf("Message printed from executable\n"); 

    return 0;

}

Upvotes: 0

Related Questions