Function Reference

_Security__CreateProcessWithToken

Show description in

Creates a new process and its primary thread running in the security context of the specified token

#include <Security.au3>
_Security__CreateProcessWithToken ( $hToken, $iLogonFlags, $sCommandLine, $iCreationFlags, $sCurDir, $tSTARTUPINFO, $tPROCESS_INFORMATION )

Parameters

$hToken A handle to the primary token that represents a user
$iLogonFlags The logon option
$sCommandLine The command line to be executed
$iCreationFlags The flags that control how the process is created
$sCurDir The full path to the current directory for the process
$tSTARTUPINFO A (pointer to a) STARTUPINFO structure
$tPROCESS_INFORMATION A (pointer to a) PROCESS_INFORMATION structure that receives identification information for the new process

Return Value

Success: True.
Failure: False.

Remarks

The module name must be the first white space–delimited token in the $sCommandLine parameter.

Related

_Security__DuplicateTokenEx

See Also

Search CreateProcessWithTokenW in MSDN Library.

Example

#RequireAdmin ; for this example to have sense

#include <MsgBoxConstants.au3>
#include <ProcessConstants.au3>
#include <Security.au3>
#include <SecurityConstants.au3>
#include <StructureConstants.au3>
#include <WinAPIHObj.au3>
#include <WinAPIProc.au3>

Example_ProcessWithTok()

Func Example_ProcessWithTok()
        ; Run AutoIt non-elevated regardless of having full administrator rights obtained using #RequireAdmin or by any other means
        _RunNonElevated('"' & @AutoItExe & '" /AutoIt3ExecuteLine  "MsgBox(4096, ''RunNonElevated'', ''IsAdmin() = '' & "IsAdmin()" & '', PID = '' & "@AutoItPID")"')
EndFunc   ;==>Example_ProcessWithTok

Func _RunNonElevated($sCommandLine = "")
        If Not IsAdmin() Then Return Run($sCommandLine) ; if current process is run non-elevated then just Run new one.

        ; Structures needed for creating process
        Local $tSTARTUPINFO = DllStructCreate($tagSTARTUPINFO)
        Local $tPROCESS_INFORMATION = DllStructCreate($tagPROCESS_INFORMATION)

        ; Process handle of some process that's run non-elevated. For example "Explorer"
        Local $hProcess = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, 0, ProcessExists("explorer.exe"))

        ; If successful
        If $hProcess Then
                ; Token...
                Local $hTokOriginal = _Security__OpenProcessToken($hProcess, $TOKEN_ALL_ACCESS)
                ; Process handle is no longer needed. Close it
                _WinAPI_CloseHandle($hProcess)
                ; If successful
                If $hTokOriginal Then
                        ; Duplicate the original token
                        Local $hTokDuplicate = _Security__DuplicateTokenEx($hTokOriginal, $TOKEN_ALL_ACCESS, $SECURITYIMPERSONATION, $TOKENPRIMARY)
                        ; Close the original token
                        _WinAPI_CloseHandle($hTokOriginal)
                        ; If successful
                        If $hTokDuplicate Then
                                ; Create process with this new token
                                _Security__CreateProcessWithToken($hTokDuplicate, 0, $sCommandLine, 0, @ScriptDir, $tSTARTUPINFO, $tPROCESS_INFORMATION)

                                ; Close that token
                                _WinAPI_CloseHandle($hTokDuplicate)
                                ; Close get handles
                                _WinAPI_CloseHandle(DllStructGetData($tPROCESS_INFORMATION, "hProcess"))
                                _WinAPI_CloseHandle(DllStructGetData($tPROCESS_INFORMATION, "hThread"))
                                ; Return PID of newly created process
                                Return DllStructGetData($tPROCESS_INFORMATION, "ProcessID")
                        EndIf
                EndIf
        EndIf
EndFunc   ;==>_RunNonElevated