Hi,

I have read many questions on this forum about this problem, unfortunately unsolved. When executing "paexec.exe \HOST -u localadmin -p password -i -d c:windowssystem32notepad.exe" you get no gui of notepad.exe because it is launched on session 0. The same command with PsExec works fine, notepad window is visible and started in logged in user session.

I have studied the source code of PaExec and the part which is supposed to manage the problem is commented and therefore not used. Plus the code used is old and probably obsolete. I read a lot about tests for executing an interactive program inside another session from windows service but found nothing functionnal.

From your side, is it a discontinued feature ?

Thanks for your time.

asked 02 Feb '23, 03:49

tatanas's gravatar image

tatanas
31116
accept rate: 0%

edited 02 Feb '23, 06:14


Same here. I converted the Microsoft code from here ( https://learn.microsoft.com/en-us/previous-versions/aa379608(v=vs.85) ) in Purebasic and forced the session with SetTokenInformation() but when I try to start notepad.exe (for example) it appears in a weird way (black background, nothing readable). Microsoft made everything to prevent executing interactive program from session 0 to another session...

link

answered 03 Feb '23, 02:04

tatanas's gravatar image

tatanas
31116
accept rate: 0%

Hi Tatanas -

We spent some time today working on this again. If you use -i with no credentials, or -s -i it is working well now. We still aren't having success getting it to work when passing credentials (-u). If you add -h to the mix, it launches in the proper session, but in my testing the target process has major painting problems and we don't know why. I notice the latest PsExec doesn't show up unless you give a specific session value with the -i.

In the end, we'd love to support interactive with a specific user, but we can't figure out how to get it to work :(

You can take a look at version 1.30 that we just put out with a few changes (where -i and -i -s work well).

link

answered 02 Feb '23, 17:24

Doug's gravatar image

Doug ♦♦
10.2k122138
accept rate: 21%

Yes, that approach from the link you give is essentially what you saw commented out in our code since it doesn't seem to work any more. I think the problem is every session has it's own WinStation, so the call to OpenWindowStation is getting session 0's WinStation, and granting access to that WinStation's desktop - which isn't helpful. If there was a way to get a WinStation from a specific session, then that code would help. That seems to be the sticking point, but PsExec seems to know how (of course they are inside Microsoft now so they have access to more documentation).

link

answered 03 Feb '23, 09:26

Doug's gravatar image

Doug ♦♦
10.2k122138
accept rate: 21%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×60
×3
×1

Asked: 02 Feb '23, 03:49

Seen: 10,975 times

Last updated: 23 Feb, 12:30