CreateProcessAsUser, call dll function

0
votes

With CreateProcessAsUser I can call an .exe file somewhere on the hard disk:

CreateProcessAsUser(IntPtr hToken, string lpApplicationName, string lpCommandLine,
                      ref SECURITY_ATTRIBUTES lpProcessAttributes, ref SECURITY_ATTRIBUTES lpThreadAttributes,
                      bool bInheritHandle, Int32 dwCreationFlags, IntPtr lpEnvrionment,
                      string lpCurrentDirectory, ref STARTUPINFO lpStartupInfo,
                      ref PROCESS_INFORMATION lpProcessInformation);

Each single example I have found in the web uses the lpCommandLine argument to call a program. I would like to call a function in a dll. Does anyone know if this is possible? Would be nice to have kind of an example ...

Thank you!

2
c#winapicreateprocessasuser
rundll32? - Remus Rusanu
@RemusRusanu I need to use CreateProcessAsUser because I need to call it from within a service and the program or method I have to call needs some user rights. - manton

2 Answers

2
votes

You can't directly call a DLL as a different user as the user/execution level is per process, not DLL or thread. You must start a new process that then calls the DLL. This is the technique used by COM elevation, etc. If the DLL has the right signature, you can try calling it with rundll32.exe.

0
votes

I don't think it's possible with that function. The standard way of calling a method in a dll is with the LoadLibrary and GetProcAddress methods, like in this example:

(Taken from the MSDN)

// A simple program that uses LoadLibrary and 
// GetProcAddress to access myPuts from Myputs.dll. 

#include <windows.h> 
#include <stdio.h> 

typedef int (__cdecl *MYPROC)(LPWSTR); 

int main( void ) 
{ 
    HINSTANCE hinstLib; 
    MYPROC ProcAdd; 
    BOOL fFreeResult, fRunTimeLinkSuccess = FALSE; 

    // Get a handle to the DLL module.

    hinstLib = LoadLibrary(TEXT("MyPuts.dll")); 

    // If the handle is valid, try to get the function address.

    if (hinstLib != NULL) 
    { 
        ProcAdd = (MYPROC) GetProcAddress(hinstLib, "myPuts"); 

        // If the function address is valid, call the function.

        if (NULL != ProcAdd) 
        {
            fRunTimeLinkSuccess = TRUE;
            (ProcAdd) (L"Message sent to the DLL function\n"); 
        }
        // Free the DLL module.

        fFreeResult = FreeLibrary(hinstLib); 
    } 

    // If unable to call the DLL function, use an alternative.
    if (! fRunTimeLinkSuccess) 
        printf("Message printed from executable\n"); 

    return 0;

}