Hi,
i want to execute a program with other user priviliges so I must use LogonUser api ant then CreateProcessAsUser,but the LogonUser API alway returns "0".Why? i am using WinXP and i don't log to a domain.
; #########################################################################
.386
.model flat, stdcall
option casemap :none ; case sensitive
; #########################################################################
include \masm32\include\windows.inc

include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\masm32.inc
include \masm32\include\advapi32.inc
include \masm32\include\debug.inc

includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\masm32.lib
includelib \masm32\lib\advapi32.lib
includelib \masm32\lib\debug.lib
; #########################################################################
.data
user db "Administrator",0
pass db "123454",0
domain db 0 ;i don't have a domain to log on / BTW: i am using WinXP
tok dd 0

; #########################################################################
.code

start:
invoke LogonUser,ADDR user,ADDR pass,ADDR domain,LOGON32_LOGON_INTERACTIVE,LOGON32_PROVIDER_DEFAULT,ADDR tok
;PrintHex eax ;GetLastError function will work only if this line is commented(removed)
invoke GetLastError
PrintHex eax

invoke ExitProcess,0

end start
; #########################################################################
Posted on 2002-02-02 08:34:07 by Unregistered123454
either supply your username in UPN format (user@domain) or use "." as domain
Posted on 2002-02-02 10:36:42 by Hiroshimator
If you aren't on a network domain, the domain name is then the name of your local computer.
Posted on 2002-02-02 12:10:59 by rdaneel
I get some error:"Invalid user or password".Could someone make a good example that works from this program?
Thanks
Posted on 2002-02-04 04:45:04 by Unregggggg
After some searching, it appears that only NT services can call LogonUser and my tests bear this out. The process calling LogonUser must have the SeTcbPrivilege token priv. and this privilege is not assignable from a user mode program. Here is a snippet from an article about it:



First, not just anyone is allowed to call LogonUser or CreateProcessAsUser. Generally, only code running in the System logon session is allowed to make these calls.


Here is a link to the article:

http://www.microsoft.com/msj/0200/logon/logon.asp

There may be some way around this but it probably wouldn't be appropriate on these forums since it would most likely be badware.
Posted on 2002-02-04 12:00:21 by rdaneel
And if there is "a way around", it will be fixed by micro$oft, so there's
no point in using hacky stuff :).
Posted on 2002-02-04 12:27:21 by f0dder
I CAN use LogonUser, in the example program I didn't give the arguments in the right order. Where i should HAVE put the domain i HAVE put the password and the reverse and it WORKED! tHE FUNCTION RETURNED 1.

NOW I MUST SEE WHATS THE PROBLEM WITH CreateProcessAsUser
Posted on 2002-02-07 03:06:00 by Unregistered123454
When I run your corrected sample code I get a return value of ERROR_PRIVILEGE_NOT_HELD and if you try to set the seTcbPrivilege prior to the call to LogonUser I always get a return value of ERROR_NOT_ALL_ASSIGNED. You must be the operating system or something. This forum is for humans only.
Posted on 2002-02-07 08:37:10 by rdaneel