I connect to my PC (Windows XP Pro, which runs 24/7) through RDP on an off through the day.
I have a background process that should do some things upon RDP connection, but I couldn't figure a way to make it detect the establishing of the RDP connection.
No new processes are created, WTSQuerySessionInformation doesn't help (I connect to the same eternal Windows session).
The answer is WTSRegisterSessionNotification() from wtsapi32.dll.
This signs you up for receiving WM_WTSSESSION_CHANGE notifications, whose WParam could be WTS_REMOTE_CONNECT, WTS_REMOTE_DISCONNECT. That does it.
Here is the simplest AutoIt implementation:
#include <GUIConstantsEx.au3>
#include <Date.au3>
#include <WindowsConstants.au3>
Global Const $hWTSAPI32 = DllOpen("wtsapi32.dll")
Global $i = 0, $tTime
_Main()
Func _Main()
Local $hGUI
; Create GUI
$hGUI = GUICreate("Session change detection", 600, 400)
;~ GUISetState() ; show the window
DllCall($hWTSAPI32, "int", "WTSRegisterSessionNotification", "hwnd", $hGUI, "dword", 1) ; NOTIFY_FOR_ALL_SESSIONS
If #error Then
MsgBox(0,"", "Error calling WTSRegisterSessionNotification()")
Exit
EndIf
GUIRegisterMsg(0x2B1, "WTSSESSION_CHANGE") ; WM_WTSSESSION_CHANGE <=====================
; Loop until user exits
Do
Until GUIGetMsg() = $GUI_EVENT_CLOSE
EndFunc ;==>_Main
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
Func WTSSESSION_CHANGE($hWndGUI, $MsgID, $WParam, $LParam)
; WTS_REMOTE_CONNECT = 0x3, WTS_REMOTE_DISCONNECT = 0x4
; WTS_SESSION_UNLOCK = 0x8, WTS_SESSION_LOGON = 0x5
If $WParam = 3 Then
$tTime = _Date_Time_GetSystemTime()
MsgBox(0, "Caught a notification", "Remote session connected at " & _Date_Time_SystemTimeToDateTimeStr($tTime) )
Exit
EndIf
EndFunc
Related
How can I launch an Universal App as another user using CreateProcessWithLogonW()? I cannot get it to launch using C:\\Windows\\System32\\cmd.exe /c start skype: even though start skype: does launch in the terminal.
#include <stdio.h>
#include <windows.h>
#include <lmcons.h>
int main(void)
{
PROCESS_INFORMATION pi = { 0 };
STARTUPINFOW si = { 0 };
si.cb = sizeof(STARTUPINFOW);
/*
not working:
L"C:\\Windows\\System32\\cmd.exe /c start skype" error: "The filename, directory name, or volume label syntax is incorrect."
L"C:\\Windows\\System32\\cmd.exe /c start skype:" no error but a pop-up with text: "You'll need a new app to open this"
*/
wchar_t lpCommandLine[] = L"C:\\Windows\\System32\\cmd.exe /c start skype:"; // lpCommandLine must be writable memory
if (!CreateProcessWithLogonW(L"username", L".", L"password", LOGON_WITH_PROFILE, NULL, lpCommandLine, 0, NULL, NULL, &si, &pi))
{
printf("GetLastError(): %i\n", GetLastError());
char buf[UNLEN + 1] = { 0 };
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)&buf, sizeof(buf), NULL);
puts(buf);
return 1;
}
else
{
// do stuff only while skype is running
puts("skype is running.");
if (WaitForSingleObject(pi.hProcess, INFINITE) == WAIT_FAILED)
puts("WaitForSingleObject() failed");
// do stuff only after skype exits
puts("skype is NOT running.");
}
return 0;
}
This is impossible. No matter what user the UWP app is run under, it will always run under a sandboxed AppContainer user that is different for every user session. You can't run a UWP app as another user using the Win32 api.
This is possible depending on what you mean by different user. For example, in our product we have a windows service which runs under 'Local System' account and from this we are able to launch a UWP app in the currently logged on user account. For this, we have used CreateProcessAsUser to launch a process in the logged on user account with command to open the protocol supported by the UWP app. Sample code :
string uwpAppLaunchCmdLine = string.Format("/c start {0}", PROTOCOL_SUPPORTED_BY_UWP_APP);
int processId;
IntPtr hErrorReadOut = IntPtr.Zero;
ProcessMetadata processMetadata;
if (!StartAsCurrentUser("cmd.exe", false, out processId,out processMetadata, coreAppLaunchCmdLine))
{
//Failed to launch
}
else
{
//success!
}
My application has ablities to turn network adaptors of or enable them for either DHCP or static configuration. IP configuration is done via WMI Win32_NetworkApapterConfiguration class and disabling/enabling adapters is done via SetupApi for some reasons. Starting at the point where the adapter was enabled, I noticed following (Windows 7 SP1, 32bit):
EnableDHCP method return with error 84 (IP not enabled). So I thought I need to wait that property the "IpEnabled" becomes true and polled it every second - but it always returned false (BTW: I monitored the value using WMIC and could see that it has actually became true).
Next - in order to avoid and inifinite loop - I changed my "poll 'IpEnabled == true' loop" to jump out after 10 trials, and do the remaining stuff. And see: EnableDHCP succeeded (ret == 0), and also IpEnabled suddely became true.
EDIT
Situation 1:
int ret;
// ...
// Returns error 84
ret = wmiExecMethod(clsName, "EnableDHCP", true, objPath);
// ...
Situation 2:
int ret;
// ...
// Will never get out of this
while (!wmiGetBool(pWMIObj, "IPEnabled"))
{
printf("Interface.IpEnabled=False\n");
Sleep(1000);
}
// ...
ret = wmiExecMethod(clsName, "EnableDHCP", true, objPath);
Situation 3:
int count = 10;
int ret;
// ...
// Will occur until count becomes 0
while (wmiGetBool(pWMIObj, "IPEnabled") && count--)
{
printf("Interface.IpEnabled=False - remaining trials: %d\n", count);
Sleep(1000);
}
// ...
// After this "delay", EnableDHCP returns 0 (SUCCESS)
ret = wmiExecMethod(clsName, "EnableDHCP", true, objPath);
// wmiGetBool(pWMIObj, "IPEnabled") now returns true too...
Do you have any ideas what is going wrong here? Thanks in before for help.
Best regards
Willi K.
The "real" problem behind this is that the Win32_NetworkApapterConfiguration::EnableDHCP method fails if the interface is not connected to a network (offline). The only way I found to configure the interface for DHCP is to modify the registry....
I have written some C++ code to automatically rename the Network Connection in ncpa.cpl. It works fine on Win7 and Win8 but fails in Win10. The function I used is INetConnection::Rename, its return value is 0x80071a90, which means:
HRESULT_FROM_WIN32(ERROR_TRANSACTIONAL_CONFLICT) : The function attempted to use a name that is reserved for use by another transaction.
But the new connection name I used is something like "Npcap Loopback Adapter", which doesn't seem to be a "reserved" name for Windows.
Someone told me that the built-in netsh.exe tool also uses this way to rename an interface, I have tried the command as "netsh.exe interface set interface name="Ethernet 5" newname="Npcap Loopback Adapter"" and the interface "Ethernet 5" is successfully renamed to "Npcap Loopback Adapter". So I think this way should work out, there must be something wrong in my code.
I want to implement this in C/C++, so don't tell me to wrap the netsh.exe command, I wonder what's wrong with my function call code? Thanks.
My code is:
/*++
Copyright (c) Nmap.org. All rights reserved.
Module Name:
LoopbackRename.cpp
Abstract:
This is used for enumerating our "Npcap Loopback Adapter" using NetCfg API, if found, we changed its name from "Ethernet X" to "Npcap Loopback Adapter".
Also, we need to make a flag in registry to let the Npcap driver know that "this adapter is ours", so send the loopback traffic to it.
This code is modified based on example: https://msdn.microsoft.com/en-us/library/windows/desktop/aa364686.aspx
--*/
#pragma warning(disable: 4311 4312)
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <objbase.h>
#include <netcon.h>
#include <stdio.h>
#include "LoopbackRename.h"
#pragma comment(lib, "ole32.lib")
#pragma comment(lib, "oleaut32.lib")
#define NPCAP_LOOPBACK_INTERFACE_NAME NPF_DRIVER_NAME_NORMAL_WIDECHAR L" Loopback Adapter11"
#define BUF_SIZE 255
BOOL DoTheWork(INetSharingManager *pNSM, wchar_t strDeviceName[])
{ // add a port mapping to every firewalled or shared connection
BOOL bFound = FALSE;
INetSharingEveryConnectionCollection * pNSECC = NULL;
HRESULT hr = pNSM->get_EnumEveryConnection (&pNSECC);
if (!pNSECC)
wprintf (L"failed to get EveryConnectionCollection!\r\n");
else {
// enumerate connections
IEnumVARIANT * pEV = NULL;
IUnknown * pUnk = NULL;
hr = pNSECC->get__NewEnum (&pUnk);
if (pUnk) {
hr = pUnk->QueryInterface (__uuidof(IEnumVARIANT),
(void**)&pEV);
pUnk->Release();
}
if (pEV) {
VARIANT v;
VariantInit (&v);
while ((S_OK == pEV->Next (1, &v, NULL)) && (bFound == FALSE)) {
if (V_VT (&v) == VT_UNKNOWN) {
INetConnection * pNC = NULL;
V_UNKNOWN (&v)->QueryInterface (__uuidof(INetConnection),
(void**)&pNC);
if (pNC) {
NETCON_PROPERTIES *pNETCON_PROPERTIES;
pNC->GetProperties(&pNETCON_PROPERTIES);
wchar_t currentGUID[BUF_SIZE];
GUID guid = pNETCON_PROPERTIES->guidId;
wsprintf(currentGUID, L"{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}",
guid.Data1, guid.Data2, guid.Data3,
guid.Data4[0], guid.Data4[1], guid.Data4[2], guid.Data4[3],
guid.Data4[4], guid.Data4[5], guid.Data4[6], guid.Data4[7]);
if (wcscmp(currentGUID, strDeviceName) == 0)
{
hr = pNC->Rename(NPCAP_LOOPBACK_INTERFACE_NAME);
bFound = TRUE;
if (hr != S_OK)
{
wprintf(L"failed to create rename NPCAP_LOOPBACK_INTERFACE_NAME\r\n");
}
}
pNC->Release();
}
}
VariantClear(&v);
}
pEV->Release();
}
pNSECC->Release();
}
return bFound;
}
BOOL RenameLoopbackNetwork(wchar_t strDeviceName[])
{
BOOL bResult = FALSE;
/* CoInitialize (NULL);*/
// init security to enum RAS connections
CoInitializeSecurity (NULL, -1, NULL, NULL,
RPC_C_AUTHN_LEVEL_PKT,
RPC_C_IMP_LEVEL_IMPERSONATE,
NULL, EOAC_NONE, NULL);
INetSharingManager * pNSM = NULL;
HRESULT hr = ::CoCreateInstance (__uuidof(NetSharingManager),
NULL,
CLSCTX_ALL,
__uuidof(INetSharingManager),
(void**)&pNSM);
if (!pNSM)
{
wprintf (L"failed to create NetSharingManager object\r\n");
return bResult;
}
else {
// add a port mapping to every shared or firewalled connection.
bResult = DoTheWork(pNSM, strDeviceName);
pNSM->Release();
}
/* CoUninitialize ();*/
return bResult;
}
Update:
I have tried this function call 100 times in a loop, but all failed.
if (wcscmp(currentGUID, strDeviceName) == 0)
{
int iTime = 0;
aaa:
hr = pNC->Rename(NPCAP_LOOPBACK_INTERFACE_NAME);
bFound = TRUE;
if (hr == HRESULT_FROM_WIN32(ERROR_TRANSACTIONAL_CONFLICT) && iTime < 100)
{
iTime ++;
goto aaa;
}
else if (hr != S_OK)
{
wprintf(L"failed to create rename NPCAP_LOOPBACK_INTERFACE_NAME\r\n");
}
}
pNC->Release();
The code is open-source in github:
https://github.com/nmap/npcap/tree/master/packetWin7/NPFInstall, it's a Visual Studio 2005 project, but actually you can build it in other Visual Studio versions. After compiling out NPFInstall.exe, use command "NPFInstall.exe -il" to install a new loopback adapter and rename it to "Npcap Loopback Adapter", "NPFInstall.exe -ul" to uninstall. the source to rename the adapter is: LoopbackRename.cpp. I hope this can help solve the problem.
Im having trouble setting error level in an autohotkey script.
As of now, it works fine unless the putty session closes unexpectedly.
I am calling a sub after setting ip and password to reboot equipment via telnet.
Basically I need a message box to pop up and a return command instead of a crash
like
MsgBox, reboot of %IP% failed
return
havent been able to get it to work myself, so figured i'd ask here
Proximreboot:
{
SetKeyDelay, 10, 10
Run, C:\Program Files\PuTTY\putty.exe -load "script" telnet://%IP%, , , NewPID ; ------------run putty.exe also get a new PID
WinWaitActive, ahk_pid %NewPID%
Loop ;---------------------------- loop to look for password prompt in putty
{
Loop, read, C:\Program Files\PuTTY\%IP%.script.log ;----------loop to read the log file
last_line := A_LoopReadLine
IfInString, last_line, password
{
break
}
}
ControlSend, ,%PASS%{Enter},ahk_pid %NewPID%, , ,
Sleep, 1000
ControlSend, ,reboot 30{Enter},ahk_pid %NewPID%, , ,
Sleep, 1563
ControlSend, ,exit{Enter},ahk_pid %NewPID%, , ,
Sleep, 1000
filedelete, C:\Program Files\PuTTY\*.script.log
last_line := blank
}
return
I finally figured it out
Loop
{
Process, Exist, %NewPID%
Loop, read, C:\Program Files\PuTTY\%IP%.script.log
last_line := A_LoopReadLine
IfInString, last_line, password
{
break
}
if !errorlevel
{
MsgBox, Reboot of %IP% Failed.
Return
}
}
I don't know if I'm happier that I figured it out, or that a device timed out the first time I tested it.
I asked this in CreateDesktop() with Vista UAC (C Windows)
I set a bounty but in trying to vote down the only answer the "accept" was pressed by mistake (i've been awake for more than 48 hs). so I am asking it again.
I'm using CreateDesktop() to create a temporary desktop where an application will run, perform a cleanup action (while remaining out of the way) and terminate. I'm closing that desktop once the application is gone. Everything is fine when using Windows XP and even Vista. The problem arises when you enable the (annoying) UAC.
Everything is OK when you create a desktop, but when you call CreateProcess() to open a program on that desktop it causes the opened application to crash with an exception on User32.dll.
I've been reading a lot about the different desktops and layers on Windows and the restrictions of memory. However, most of the programs I open (as test scenarios) are OK, but a few (like IE, Notepad, Calc and my own application) cause the crash.
Anyone has any idea why this happen on Vista with UAC, or more specifically for those specific programs? and how to fix this?
Anyone has a good solid example on how to create a desktop and open an application there without switching to it under Vista with UAC on?
Code is appreciated.
Thanks
The code used is
SECURITY_ATTRIBUTES sa;
HDESK dOld;
HDESK dNew;
BOOL switchdesk, switchdesk2, closedesk;
int AppPid;
sa.bInheritHandle = TRUE;
sa.lpSecurityDescriptor = NULL;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
//Get handle to current desktop
dOld = OpenDesktopA("default", 0, TRUE, DESKTOP_SWITCHDESKTOP|
DESKTOP_WRITEOBJECTS|
DESKTOP_READOBJECTS|
DESKTOP_ENUMERATE|
DESKTOP_CREATEWINDOW|
DESKTOP_CREATEMENU);
if(!dOld)
{
printf("Failed to get current desktop handle !!\n\n");
return 0;
}
//Make a new desktop
dNew = CreateDesktopA("kaka", 0, 0, 0, DESKTOP_SWITCHDESKTOP|
DESKTOP_WRITEOBJECTS|
DESKTOP_READOBJECTS|
DESKTOP_ENUMERATE|
DESKTOP_CREATEWINDOW|
DESKTOP_CREATEMENU, &sa);
if(!dNew)
{
printf("Failed to create new desktop !!\n\n");
return 0;
}
AppPid = PerformOpenApp(SomeAppPath);
if(AppPid == 0)
{
printf("failed to open app, err = %d\n", GetLastError());
}
else
{
printf("App pid = %d\n", AppPid);
}
closedesk = CloseDesktop(dNew);
if(!closedesk)
{
printf("Failed to close new desktop !!\n\n");
return 0;
}
return 0;
The correct solution is given as a short comment by ChristianWimmer above:
The desktop must have a security descriptor that allows access to lower integrity level like IE has. Otherwise the GUI cannot access the desktop. – ChristianWimmer Jul 22 '10 at 17:00
Since the answer is a little bit hidden and there's no source code example, let me state it clearly here:
If IE runs in protected mode then the browser tabs are created as low integrity processes. The low integrity tab process will fail to initialize if the desktop does not have a low integrity mandatory label.
As a consequence, the main IE process terminates, too. An interesting observation is that if you start IE providing a command line URL from the secure zone, then IE will succeed to start, because protected mode is disabled by default for the secure zone.
I checked the integrity level of the default desktop, and indeed I was able to verify that the default desktop has a low integrity level! So the easiest solution to the problem is to (1) create the new desktop, (2) get the mandatory label from the default desktop, and (3) copy it into the new desktop. For (2) and (3), you can use the following code
PACL pSacl;
PSECURITY_DESCRIPTOR pSecurityDescriptor;
DWORD dwResult;
dwResult = GetSecurityInfo(hDefaultDesktop, SE_WINDOW_OBJECT, LABEL_SECURITY_INFORMATION, NULL, NULL, NULL, &pSacl, &pSecurityDescriptor);
if (dwResult == ERROR_SUCCESS) {
if (pSacl != NULL) {
dwResult = SetSecurityInfo(hNewDesktop, SE_WINDOW_OBJECT, LABEL_SECURITY_INFORMATION, NULL, NULL, NULL, pSacl);
if (dwResult != ERROR_SUCCESS)
_tprintf(_T("SetSecurityInfo(hNewDesktop) failed, error = %d"), dwResult);
}
LocalFree(pSecurityDescriptor);
} else {
_tprintf(_T("GetSecurityInfo(hDefaultDesktop) failed, error = %d"), dwResult);
}
#CristianWimmer: Thanks for providing the hint to the correct solution. This saved my a lot of time!!
You appear to have come across a bug in IE as it interacts with UAC. If protected mode is set to on you cannot run IE as an ordinary user in any desktop except the default one. In order to run IE in an alternate desktop you must be running as administrator or have protected mode set to off. This is true for Vista, W2K8 and Win7.
As to the other programs that you cannot run, unfortunately I can't confirm anything. I tried upwards of thirty different programs including notepad, calc, all the office apps, visual studio 2005, 2008 and 2010, MSDN help and a number of others and all worked as expected with the noted exception of IE. Is there something truly unusual about your app that might make it behave in an unexpected manner?
One note - if you attempt to run an application like this that needs elevation (such as regedit, etc.) it will fail in CreateProcess with the last error set to ERROR_ELEVATION_REQUIRED.
For your reference, in case I'm doing something different from you, the code I used is:
#ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista.
#define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows.
#endif
#include <stdio.h>
#include <tchar.h>
#include "windows.h"
HANDLE PerformOpenApp(TCHAR* appPath);
int _tmain(int argc, _TCHAR* argv[])
{
HDESK dNew;
BOOL closedesk;
HANDLE hApp;
//Make a new desktop
dNew = CreateDesktop(_T("kaka"), 0, 0, 0, DESKTOP_SWITCHDESKTOP|
DESKTOP_WRITEOBJECTS|
DESKTOP_READOBJECTS|
DESKTOP_ENUMERATE|
DESKTOP_CREATEWINDOW|
DESKTOP_CREATEMENU, NULL);
if(!dNew)
{
_tprintf(_T("Failed to create new desktop !!\n\n"));
return 0;
}
TCHAR path[MAX_PATH];
_putts(_T("Enter the path of a program to run in the new desktop:\n"));
_getts(path);
while(_tcslen(path) > 0)
{
hApp = PerformOpenApp(path);
if(hApp == 0)
{
_tprintf(_T("Failed to open app, err = %d\n"), GetLastError());
}
else
{
_tprintf(_T("App pid = %d\n"), GetProcessId(hApp));
_putts(_T("Press any key to close the app.\n"));
_gettchar();
TerminateProcess(hApp, 0);
CloseHandle(hApp);
}
_putts(_T("Enter the path of a program to run in the new desktop:\n"));
_getts(path);
}
closedesk = CloseDesktop(dNew);
if(!closedesk)
{
_tprintf(_T("Failed to close new desktop !!\n\n"));
return 0;
}
return 0;
}
HANDLE PerformOpenApp(TCHAR* appPath)
{
STARTUPINFO si = {0};
PROCESS_INFORMATION pi;
si.cb = sizeof(si);
si.lpDesktop = _T("kaka");
BOOL retVal = CreateProcess(NULL, appPath, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL,
NULL, &si, &pi);
if (retVal)
{
CloseHandle(pi.hThread);
}
return pi.hProcess;
}