CreateProcess not showing window

[Vivek]

Hello,
I am trying to create a process on a remote machine. I am able to
successfully do so but i cant get the process to show its window. I can see
it running in Task Manager. I have tried setting the processStartup
parameter to 1, 5 etc. but to no avail. Could someone help please?

Thanks
Vivek

Heres my code:

public bool StartProcessByName1(string ProcessName)

{

string Path = string.Format(@"\\{0}\root\cimv2",SystemName);


ManagementScope ms = new ManagementScope(Path);

ManagementPath ProcessMgmtpath = new ManagementPath( "Win32_Process");

ManagementClass processClass = new ManagementClass(ms,ProcessMgmtpath,null);

ManagementPath ProcessStartupMgmtpath = new
ManagementPath("Win32_ProcessStartup");

ManagementClass processStartupClass = new
ManagementClass(ms,ProcessStartupMgmtpath,null);

processStartupClass.SetPropertyValue("ShowWindow", 1);


ManagementBaseObject inParams = processClass.GetMethodParameters("Create");

inParams["CommandLine"] = ProcessName;

inParams["ProcessStartupInformation"] = processStartupClass;


ManagementBaseObject ReturnObj =
processClass.InvokeMethod("Create",inParams,null);

return (ReturnObj["returnValue"].ToString() == "0");

}

 

[Hugo M. Ranea]

You can not start a process that has a GUI using WMI, for "security reasons". There must be some reason I do not understand, for me
it is much more "unsafe" to run a process without GUI than one that has, for at least the user is aware that someone started a
process in h(er)is machine, but, I am sure there is a good explanation somewhere why is this a security threat.

 

[Gerry Hickman]

Hi,

In my view this is the correct behaviour. You don't want stupid windows
popping up while the user is trying to get on with their work. Instead
you want the maintenance task to be done silently in the background.

WMI is for managing networks, not for annoying users.

The security boils down to this:

In theory, only the network admin can start these types of processes, so
the user should not need to know if a process has been started. If
someone other than the NetAdmin can start these processes then your
security is blown anyway.

The reason it can be a security risk (the other way) is that the user
could hijak one of these windows and start running priviledged tasks as
if they're the NetAdmin guy.

You can not start a process that has a GUI using WMI, for "security
reasons". There must be some reason I do not understand, for me it is
much more "unsafe" to run a process without GUI than one that has, for
at least the user is aware that someone started a process in h(er)is
machine, but, I am sure there is a good explanation somewhere why is
this a security threat.

Hello,
I am trying to create a process on a remote machine. I am able to
successfully do so but i cant get the process to show its window. I
can see it running in Task Manager. I have tried setting the
processStartup parameter to 1, 5 etc. but to no avail. Could someone
help please?

Thanks
Vivek

Heres my code:

public bool StartProcessByName1(string ProcessName)

{

string Path = string.Format(@"\\{0}\root\cimv2",SystemName);


ManagementScope ms = new ManagementScope(Path);

ManagementPath ProcessMgmtpath = new ManagementPath( "Win32_Process");

ManagementClass processClass = new
ManagementClass(ms,ProcessMgmtpath,null);

ManagementPath ProcessStartupMgmtpath = new
ManagementPath("Win32_ProcessStartup");

ManagementClass processStartupClass = new
ManagementClass(ms,ProcessStartupMgmtpath,null);

processStartupClass.SetPropertyValue("ShowWindow", 1);


ManagementBaseObject inParams =
processClass.GetMethodParameters("Create");

inParams["CommandLine"] = ProcessName;

inParams["ProcessStartupInformation"] = processStartupClass;


ManagementBaseObject ReturnObj =
processClass.InvokeMethod("Create",inParams,null);

return (ReturnObj["returnValue"].ToString() == "0");

}

 

[Torgeir Bakken \(MVP\)]

You can not start a process that has a GUI using WMI, for "security
reasons". There must be some reason I do not understand, for me it is
much more "unsafe" to run a process without GUI than one that has, for
at least the user is aware that someone started a process in h(er)is
machine, but, I am sure there is a good explanation somewhere why is
this a security threat.

Hi

From a previous thread that discussed this issue, with examples on how
both the local and the remote user can be the "bad" guy/girl:

From: Ivan Brugiolo [MS] ([email protected])
Subject: Re: Win32_Process, create process
Newsgroups: microsoft.public.win32.programmer.wmi
Date: 2002-06-23 11:36:07 PST

<quote>
Just imagine the security implications of opening a program remotely on
somebody else interactive windowstation.
If you spawn explorer.exe for User1 in the interactive windowstation of
User2, you can induce User2 to think it's its own copy of explorer.exe,
and you can track it's activities, install message hooks, get its
password by faking the UI of the prompt-for-credentials.
</quote>


From: Ivan Brugiolo [MS] ([email protected])
Subject: Re: Win32_Process, create process
Newsgroups: microsoft.public.win32.programmer.wmi
Date: 2002-06-24 07:21:43 PST

<quote>
You open Notepad.exe to leave a message to the user, and the user uses
the open/save-as dialogs to delete/replace all the logon scripts on the
DC, since he has a process running as a domain admin.

If by any chance this process is, let's say, Word.exe, I can run
VBScript code as a Domain Admin, maybe using it to grant myself an
admin account.
</quote>