CreateFileMapping on Vista
Ben
my code is experiencing Vista-pains...hopefully someone can shed some
light :)
a C++ service is launching a secondary process in the user-session
(since i need to trap hotkeys from the user)... i'm trying to call
CreateFileMapping in that process so i can pass some info back to the
service, but get access denied...
i saw u need to enable SE_CREATE_GLOBAL_NAME, but when i do that it
fails with "Not all privileges or groups referenced are assigned to
the caller".
The service runs as local system and uses CreateProcessAsUser to
launch this second process on the user session.
This works in XP... in Vista it just fails if UAC is on. Any
suggested work-around? I see launching the process in elevated rights
is a bit complex based on this article:
http://www.codeproject.com/KB/vista-security/UAC__The_Definitive_Guide.aspx?df=100&forumid=428214&exp=0&select=2196846
thanks!
Larry Futrell
I have an application which used to work similarly to what you describe on
Windows XP. When I updated it for Windows Vista I had similar problems and
was advised that I needed to call CreateFileMapping() in the service,
setting the appropriate security to allow the user process the permissions
it needed, then to call OpenFileMapping() in the user process. That has
worked just fine for my purposes.
--
Larry Futrell
Ben
> Ben wrote:
> > Hi gurus,
>
> > my code is experiencing Vista-pains...hopefully someone can shed some
> > light :)
>
> > a C++ service is launching a secondary process in the user-session
> > (since i need to trap hotkeys from the user)... i'm trying to call
> > CreateFileMapping in that process so i can pass some info back to the
> > service, but get access denied...
>
> > i saw u need to enable SE_CREATE_GLOBAL_NAME, but when i do that it
> > fails with "Not all privileges or groups referenced are assigned to
> > the caller".
>
> > The service runs as local system and uses CreateProcessAsUser to
> > launch this second process on the user session.
>
> > This works in XP... in Vista it just fails if UAC is on. Any
> > suggested work-around? I see launching the process in elevated rights
> > is a bit complex based on this article:
>
> > thanks!
>
> I have an application which used to work similarly to what you describe on
> Windows XP. When I updated it for Windows Vista I had similar problems and
> was advised that I needed to call CreateFileMapping() in the service,
> setting the appropriate security to allow the user process the permissions
> it needed, then to call OpenFileMapping() in the user process. That has
> worked just fine for my purposes.
>
> --
> Larry Futrell
Thanks for the tip! i thought about that approach, but it seemed to
be messy to implement for my purpose, since i want to find the
secondary process if the service recovers from some crash.... so if
it dies, it'll have to recreate the file mapping and the secondary
process will need to re-write the pid?!? i didn't try it...maybe it
would of made more sense if i did :)
but u know, i found a way to launch this secondary process as Local
System fairly easily, which causes it to bypass UAC... it's basically
done by impersonating the winlogon process token as shown in this
article: http://www.codeproject.com/KB/vista-security/VistaSessions.aspx
lelteto
It is a very abd idea (and bad practice) to "work around" problems by simply
elevating the rights of a process to LOCALSYSTEM. That is really for
processes which absolutely need it, not just because it is easier to code
them that way.
Now your process runs with full system privileges, so if anything bad
happens in it, there is no protection against it. Please re-consider your
"solution" and go the proper (although more difficult) way which doesn't
require your process to run with full privileges...
Laszlo Elteto
SafeNet, Inc.