Reputation: 1168
How to invoke a function impersonating another user instead of SYSTEM
A Win32 API was invoked in my DLL, which will be loaded by SYSTEM user, and that API returns different results depending on current user, so I cannot get the results corresponding to the current user, how can I invoke that API under current logon user context when the DLL is running in SYSTEM context?
Upvotes: 5
Views: 10627
Answers (1)
Reputation: 4078
I've made some research and concluded this (I'm not a Win32 API expert, but I'm really interested in it):
You can use ImpersonateLoggedOnUser, which asks for a primary or an impersonation token handle (with at least TOKEN_QUERY in both, TOKEN_DUPLICATE on a primary token, or TOKEN_IMPERSONATE on an impersonation token).
It would be very easy, if you had the current logged on user token, and the right privileges, you'd just use ImpersonateLoggedOnUser, call the API function that you want, and then call RevertToSelf to return to its original owner token.
But it's not that easy to get the current logged on user token. You'd have to either use LogonUser specifying the user's name and password (which doesn't seem right), or own a Windows service with sufficient privileges to let you call WTSQueryUserToken, which may differ from what type of project you are developing.
Or, if you are really willing to do this with an ordinary process, you could also explore the Authentication Functions, where you can take advantage of the newly Windows UAC and security contexts, which may be a little complex to work with.
There is also this method which I'm not sure if it works: Impersonate standard user (getting the token by using OpenProcessToken on explorer.exe).
Some links I found useful:
- MSDN - Client Impersonation (Windows)
- MSDN - Access Tokens (Windows)
- MSDN - LsaLogonUser function (Windows)
- A Simple Impersonation Program Example
- CodeProject - User Impersonation
- CodeProject - Vista UAC: The Definitive Guide
I suggest: make sure you really need to impersonate an user when calling the API function you mentioned, before going on. See if there is another path to accomplish what you want.
You could also specify which API function you are trying to use, which may redirect you to another simpler question.
Upvotes: 6
Related Questions
- Win32 API : User Impersonation technique to run a process as some other user?
- Run Code as a different user
- Impersonate and run any method using a logged in user context from SYSTEM level process (Windows Service):
- call function from dll to exe c++
- Windows Impersonation from C#
- Impersonate standard user
- How to impersonate a user from a service correctly?
- Invoking the application as system user(Windows)
- Impersonating a Windows user
- Impersonate SYSTEM (or equivalent) from Administrator Account