0

I am working with sandbox project Spawner (https://github.com/klenin/Spawner) under Windows platform.

I encountered a problem: how I can assign process, created with CreateWithLogonW function, to job object, created by my process?

I've tried to create custom security descriptor allowing all actions to everyone and use it in CreateJobObject, but nothing happens. Result still the same: 

Access denied.

Can do I do it at all? Or there is no solution in such way?

MultiTeemer
  • 375
  • 2
  • 11
  • 1
    possible duplicate of [Job Control with CreateProcessWithLogonW](http://stackoverflow.com/questions/27339341/job-control-with-createprocesswithlogonw) – Harry Johnston May 30 '15 at 23:46
  • Unfortunately, It doesn't provide working solution for me. I've given needed rights to users and tried CreateProcessAsUser but still get "Access denied" in AssignProcessToJobObject. – MultiTeemer Jun 03 '15 at 09:10
  • It should work with CreateProcessAsUser, so far as I can recall. Can you post an MCVE? – Harry Johnston Jun 03 '15 at 21:49
  • I wrote a little separate program and... It Does Work! But there is strange bug: when I run it in VS (2013, Community), it works fine. When I run it from command line, it still gives me "Access Denied" in AssignProcessToJobObject. Code [here](http://pastebin.com/KJZtuay2). My account has SE_INCREASE_QUOTA_NAME and SE_ASSIGNPRIMARYTOKEN_NAME privileges. – MultiTeemer Jun 04 '15 at 00:28
  • Just now, I made experiment: create breakpoint on last if-statement, kill child process by hands and continue execution. I get Error code 5: Access denied. May be, problem is that process doesn't catch to initialize? I add sleep after process creation, run from cmd and still get error 5. – MultiTeemer Jun 04 '15 at 00:43
  • Since you've used CREATE_SUSPENDED that shouldn't be a problem. I can see a few minor bugs: you're passing an ANSI string instead of a Unicode string to the second argument of LogonUserW. It should be `L"."` and no cast. In a2w() you incorrectly assume that the length of the converted string must be the same as the source string. And `wprogram` has a forward slash instead of a backslash. Only the first one seems likely to be an actual problem in this context. – Harry Johnston Jun 04 '15 at 03:02
  • I can't try your MCVE out myself at the moment, but I may have a chance tomorrow or over the weekend. – Harry Johnston Jun 04 '15 at 03:03
  • Appreciate for Your help. [Fixed MCVE](http://pastebin.com/yMgqyNmZ). I will check stackoverflow every day for Your next answer :) – MultiTeemer Jun 04 '15 at 04:43
  • One more bug: in get_error() you output a string before calling GetLastError(), you should do this the other way around. Apart from that, your code works for me, i.e., no error message. (I did change the target executable from a.exe to c:\windows\system32\notepad.exe, and obviously changed the username and password to a local test account.) What output do you get? – Harry Johnston Jun 04 '15 at 23:54
  • Oh, when you say you are running the code from the command line - you aren't using the "runas" command by any chance? This strips the administrative privilege you would need, and I seem to recall it puts the process in a job as well, which might also break what you're doing. – Harry Johnston Jun 04 '15 at 23:59

0 Answers0