0

I want to create new process from an MFC application where it runs in admin mode, and in this the new process should have less privilege so that I can run another application with less privilege. If try running with high privilege I am not able to launch application. That is why I want to create a new process where it should have less privilege so that I can launch xxxxxx application(which is launched in standalone user mode i.e. without admin) without any hitch.

To be more precise let me clearly explain you the scenarion: I am trying send an email using "MAPISendMail" of MAPI32.dll from an MFC application(This is being ran as an "Run as Administrator" mode) with outlook already opened in standalone user mode. The code somehow looks like MAPISendMail_Implementation

In the above link if we could observe the below snippet:

ULONG nSent = lpfnMAPISendMail(0, 0, 
    &MAPImsg, MAPI_LOGON_UI | MAPI_DIALOG, 0);

As it is trying to access to a low privilege application(outlook) from an high privilege application(MFC application) it is failing.

As googled I have seen some post in Microsoft forum MAPISendMail_MSDN, they suggested to do this so called "lpfnMAPISendMail" by creating a new process you will be able to call that procedure successfully. But I could not get how can I call the above function in that new process.

Could anyone please guide me how can do this?

Siva
  • 1,281
  • 2
  • 19
  • 41
  • I don't know it `lpfnMapiSendMail` works behind the scenes, but check http://stackoverflow.com/questions/40122964/cross-process-postmessage-uipi-restrictions-and-uiaccess-true for a potential answer. – MSalters Mar 10 '17 at 12:18

1 Answers1

2

You can create restricted version of existing access token using CreateRestrictedToken and use it to spawn new process with CreateProcessAsUser.

mpiatek
  • 1,313
  • 15
  • 16
  • Thanks for your reply. I edited my post which gives details in more. Could you please once recheck my post and give me any suggestions. – Siva Mar 10 '17 at 07:40