vb.net - 以管理员身份运行带有提升标志的命令(使用已知密码)
问题描述
我有一个需要由标准用户运行的 VB.net 应用程序,但有某些功能需要以本地管理员身份运行,并带有提升的标志(或 LSA、受信任的安装程序或其他我关心的系统帐户)。这是一个帮助程序,允许用户在不输入本地管理员凭据和通过 UAC 提示符的情况下运行内部应用程序。UAC 旨在防止程序自发获得管理员权限,但在我的情况下,我们打算将这些凭据嵌入程序中。我们不想禁用 UAC,只是绕过它已经以其他方式完成,我们只需要使用 run as admin 标志启动运行命令(例如 reg add 或 CMD)。简单地做一个 runas 是行不通的,因为这些是标准用户帐户,
澄清一下,基本程序永远不会以管理员身份运行。目的是使用它来调用另一个程序或带有嵌入式凭据的 cmd.exe。标准用户将使用它。
我已经尝试过 VB.Netsystem.diagnostics.process.start.flag = "runas"
属性,但没有奏效。
我也尝试了下面的代码,但这也不起作用并返回“1”。与
RunProgram("Administrator", "password", Environment.MachineName, "cmd.exe", "/c reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /f /v MyProgram /D " & System.Windows.Forms.Application.ExecutablePath())
任何想法如何进行?
我还尝试了一个使用 VB.Net 的简单 cmd runas
system.diagnostics.process.start.flag = "runas", and now Lib "Advapi32" Alias "CreateProcessWithLogonW".
下面是模块代码:
Public Module Impersonation
#Region "API Structures"
<StructLayout(LayoutKind.Sequential)>
Public Structure PROCESS_INFORMATION
Dim hProcess As System.IntPtr
Dim hThread As System.IntPtr
Dim dwProcessId As Integer
Dim dwThreadId As Integer
End Structure
<StructLayout(LayoutKind.Sequential)>
Public Structure STARTUPINFO
Dim cb As Integer
Dim lpReserved As System.IntPtr
Dim lpDesktop As System.IntPtr
Dim lpTitle As System.IntPtr
Dim dwX As Integer
Dim dwY As Integer
Dim dwXSize As Integer
Dim dwYSize As Integer
Dim dwXCountChars As Integer
Dim dwYCountChars As Integer
Dim dwFillAttribute As Integer
Dim dwFlags As Integer
Dim wShowWindow As Short
Dim cbReserved2 As Short
Dim lpReserved2 As System.IntPtr
Dim hStdInput As System.IntPtr
Dim hStdOutput As System.IntPtr
Dim hStdError As System.IntPtr
End Structure
#End Region
#Region "API Constants"
Private Const LOGON_NETCREDENTIALS_ONLY As Integer = &H2
Private Const NORMAL_PRIORITY_CLASS As Integer = &H20
Private Const CREATE_DEFAULT_ERROR_MODE As Integer = &H4000000
Private Const CREATE_NEW_CONSOLE As Integer = &H10
Private Const CREATE_NEW_PROCESS_GROUP As Integer = &H200
Private Const LOGON_WITH_PROFILE As Integer = &H1
#End Region
#Region "API Functions"
Public Declare Unicode Function CreateProcessWithLogon Lib "Advapi32" Alias "CreateProcessWithLogonW" _
(ByVal lpUsername As String,
ByVal lpDomain As String,
ByVal lpPassword As String,
ByVal dwLogonFlags As Integer,
ByVal lpApplicationName As String,
ByVal lpCommandLine As String,
ByVal dwCreationFlags As Integer,
ByVal lpEnvironment As System.IntPtr,
ByVal lpCurrentDirectory As System.IntPtr,
ByRef lpStartupInfo As STARTUPINFO,
ByRef lpProcessInfo As PROCESS_INFORMATION) As Integer
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As System.IntPtr) As Integer
#End Region
Public Function RunProgramold(ByVal UserName As String, ByVal Password As String, ByVal Domain As String, ByVal Application As String, ByVal CommandLine As String)
Dim siStartup As STARTUPINFO
Dim piProcess As PROCESS_INFORMATION
Dim intReturn As Integer
If CommandLine Is Nothing OrElse CommandLine = "" Then CommandLine = String.Empty
siStartup.cb = Marshal.SizeOf(siStartup)
siStartup.dwFlags = 0
intReturn = CreateProcessWithLogon(UserName, Domain, Password, LOGON_WITH_PROFILE, Application, CommandLine, NORMAL_PRIORITY_CLASS Or CREATE_DEFAULT_ERROR_MODE Or CREATE_NEW_CONSOLE Or CREATE_NEW_PROCESS_GROUP, IntPtr.Zero, IntPtr.Zero, siStartup, piProcess)
If intReturn = 0 Then
Dim errorMessage As New Win32Exception(Marshal.GetLastWin32Error())
MsgBox("Cant start program:" & Application & CommandLine & errorMessage.Message)
Throw New System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error())
End If
CloseHandle(piProcess.hProcess)
CloseHandle(piProcess.hThread)
Return intReturn
End Function
End Module
它应该以管理员身份运行 Reg Add 并将新条目写入注册表中的运行文件夹。没有消息产生,我得到的唯一错误是“1”。
解决方案
推荐阅读
- amazon-s3 - 如何从 sagemaker jupyter notebook 读取存储在 S3 中的大文本文件?
- python - Python Lists 如何合并两个或多个推导式?
- python - Pandas 按行号分组产生意外输出
- python - 想在数据库中存储html代码,并让它在您单击按钮时出现
- laravel-sanctum - Laravel Sanctum API 令牌安全性
- ios - 为面向 IOS 10 的框架添加 swift UI 支持,
- java - 如何从单选按钮获取值并显示在另一个片段的编辑文本上?
- beautifulsoup - 查找有序的结果列表会显示“未找到结果”和 Beautiful soup
- android - Android - 出现软键盘时 VideoView 隐藏的图像
- javascript - ESLint 未定义/被赋值但未使用