'Creating process with elevated privileges using CreateProcessAsUserW from system service

I'm trying to launch a process from a system service using the token handle of the currently active user with elevated privileges (if user is in admin. group). My current attempt looks like this:

  1. I'm getting the active session ID using WTSEnumerateSessionsW.
  2. I'm getting the user token handle using WTSQueryUserToken.
  3. I'm verifiying that the user is in the administrators group.
  4. ???
  5. Launch the process with the user token using CreateProcessAsUserW

How do I need to modify the token so that the process will have elevated privileges? I'm aware that similar questions have been asked already, but none of them contain properly explained answers.

cwindowswinapi


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Implicit declaration of functions srand, rand and system

Implicit declaration of functions srand, rand and system

Implicit declaration of functions srand, rand and system

hex code implementation for spawning a shell

hex code implementation for spawning a shell

hex code implementation for spawning a shell

warning: format ‘%s’ expects type ‘char *’, but argument 2 has type ‘char (*)’

Minimal implementation of sprintf or printf

warning: format ‘%s’ expects type ‘char *’, but argument 2 has type ‘char (*)’

Minimal implementation of sprintf or printf

How to hide helper functions from public API in c

VS Code C Error - Invalid Active Developer Path

In C is it faster to use the standard library or write your own function?

Finding consecutive bit string of 1 or 0

What is the simplest way of implementing bigint in C?