Creates a new process and its primary thread running in the security context of the specified token
#include <Security.au3>
_Security__CreateProcessWithToken ( $hToken, $iLogonFlags, $sCommandLine, $iCreationFlags, $sCurDir, $tSTARTUPINFO, $tPROCESS_INFORMATION )
$hToken | A handle to the primary token that represents a user |
$iLogonFlags | The logon option |
$sCommandLine | The command line to be executed |
$iCreationFlags | The flags that control how the process is created |
$sCurDir | The full path to the current directory for the process |
$tSTARTUPINFO | A (pointer to a) STARTUPINFO structure |
$tPROCESS_INFORMATION | A (pointer to a) PROCESS_INFORMATION structure that receives identification information for the new process |
Success: | True. |
Failure: | False. |
The module name must be the first white space–delimited token in the $sCommandLine parameter.
Search CreateProcessWithTokenW in MSDN Library.
#RequireAdmin ; for this example to have sense
#include <MsgBoxConstants.au3>
#include <ProcessConstants.au3>
#include <Security.au3>
#include <SecurityConstants.au3>
#include <StructureConstants.au3>
#include <WinAPIHObj.au3>
#include <WinAPIProc.au3>
Example_ProcessWithTok()
Func Example_ProcessWithTok()
; Run AutoIt non-elevated regardless of having full administrator rights obtained using #RequireAdmin or by any other means
_RunNonElevated('"' & @AutoItExe & '" /AutoIt3ExecuteLine "MsgBox(4096, ''RunNonElevated'', ''IsAdmin() = '' & "IsAdmin()" & '', PID = '' & "@AutoItPID")"')
EndFunc ;==>Example_ProcessWithTok
Func _RunNonElevated($sCommandLine = "")
If Not IsAdmin() Then Return Run($sCommandLine) ; if current process is run non-elevated then just Run new one.
; Structures needed for creating process
Local $tSTARTUPINFO = DllStructCreate($tagSTARTUPINFO)
Local $tPROCESS_INFORMATION = DllStructCreate($tagPROCESS_INFORMATION)
; Process handle of some process that's run non-elevated. For example "Explorer"
Local $hProcess = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, 0, ProcessExists("explorer.exe"))
; If successful
If $hProcess Then
; Token...
Local $hTokOriginal = _Security__OpenProcessToken($hProcess, $TOKEN_ALL_ACCESS)
; Process handle is no longer needed. Close it
_WinAPI_CloseHandle($hProcess)
; If successful
If $hTokOriginal Then
; Duplicate the original token
Local $hTokDuplicate = _Security__DuplicateTokenEx($hTokOriginal, $TOKEN_ALL_ACCESS, $SECURITYIMPERSONATION, $TOKENPRIMARY)
; Close the original token
_WinAPI_CloseHandle($hTokOriginal)
; If successful
If $hTokDuplicate Then
; Create process with this new token
_Security__CreateProcessWithToken($hTokDuplicate, 0, $sCommandLine, 0, @ScriptDir, $tSTARTUPINFO, $tPROCESS_INFORMATION)
; Close that token
_WinAPI_CloseHandle($hTokDuplicate)
; Close get handles
_WinAPI_CloseHandle(DllStructGetData($tPROCESS_INFORMATION, "hProcess"))
_WinAPI_CloseHandle(DllStructGetData($tPROCESS_INFORMATION, "hThread"))
; Return PID of newly created process
Return DllStructGetData($tPROCESS_INFORMATION, "ProcessID")
EndIf
EndIf
EndIf
EndFunc ;==>_RunNonElevated