according blocking mouse input service in vista blockinput() requires high mandatory integrity level. also, service cannot make use of function since doesn't run on desktop. whenever occasional interaction desktop required, have service temporarily impersonateloggedonuser() , reverttoself() however, logged on user not administrator. how set integrity level high during impersonations can blockinput()? not figure out msdn documentation modifying token impersonateloggedonuser() takes. help?
thanks
[edit:] tried modifying impersonation code follows:
previously, had code impersonates user access user's registry , files (and @ later point start user program createprocessasuser()):
if (!wtsqueryusertoken(sid, &token)) throw "error: not logged on user token"; if (!duplicatetokenex(token, token_assign_primary | token_duplicate | token_query | token_adjust_default | token_impersonate, 0, securityimpersonation, tokenprimary, &usertok)) { closehandle(token); throw "error: not duplicate user token"; } closehandle(token); if (!impersonateloggedonuser(usertok)) throw "error: not impersonate logged on user"; ... // stuff needing impersonation if (!reverttoself()) throw "error: not revert self";
doing blockinput(1); sleep(5000); right after impersonateloggedonuser() doesn't block input. tried adding following right before impersonateloggedonuser():
psid sid(0); if (!convertstringsidtosid(sddl_ml_high, &sid)) throw "error: not convert string sid"; token_mandatory_label tml; tml.label.attributes = se_group_integrity | se_group_integrity_enabled; tml.label.sid = sid; if (!settokeninformation(usertok, tokenintegritylevel, &tml, sizeof(tml) + getlengthsid(sid)))) throw "error: not set token information"; localfree(sid);
i no errors during execution, indicating should setting right. input still doesn't blocked!
i solved launching separate process service administrator user , service asks block input.
Comments
Post a Comment