using Microsoft.Win32.SafeHandles;using System;using System.Collections.Generi

1. using Microsoft.Win32.SafeHandles;
2. using System;
3. using System.Collections.Generic;
4. using System.IO;
5. using System.Linq;
6. using System.Runtime.InteropServices;
7. using System.Text;
8. using System.Threading.Tasks;
9.  
10. namespace ConsoleApp1
11. {
12. public class pipeMaker
13. {
14. public static void CreatePipe(out SafeFileHandle parentHandle, out SafeFileHandle childHandle, bool parentInputs)
15. {
16. SECURITY_ATTRIBUTES lpPipeAttributes = new SECURITY_ATTRIBUTES();
17. lpPipeAttributes.bInheritHandle = true;
18. SafeFileHandle hWritePipe = null;
19. try
20. {
21. if (parentInputs)
22. CreatePipeWithSecurityAttributes(out childHandle, out hWritePipe, lpPipeAttributes, 0);
23. else
24. CreatePipeWithSecurityAttributes(out hWritePipe, out childHandle, lpPipeAttributes, 0);
25. if (!DuplicateHandle(GetCurrentProcess(), hWritePipe, GetCurrentProcess(), out parentHandle, 0, false, 2))
26. throw new Exception();
27. }
28. finally
29. {
30. if ((hWritePipe != null) && !hWritePipe.IsInvalid)
31. {
32. hWritePipe.Close();
33. }
34. }
35. }
36.  
37. [StructLayout(LayoutKind.Sequential)]
38. public class SECURITY_ATTRIBUTES
39. {
40. public int nLength;
41. public IntPtr lpSecurityDescriptor;
42. public bool bInheritHandle;
43. public SECURITY_ATTRIBUTES()
44. {
45. nLength = 12;
46. lpSecurityDescriptor = IntPtr.Zero;
47. }
48. }
49.  
50. [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
51. public static extern bool CreatePipe(out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe,
52. SECURITY_ATTRIBUTES lpPipeAttributes, int nSize);
53. [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
54. public static extern bool DuplicateHandle(IntPtr hSourceProcessHandle, SafeHandle hSourceHandle,
55. IntPtr hTargetProcess, out SafeFileHandle targetHandle, int dwDesiredAccess,
56. bool bInheritHandle, int dwOptions);
57. [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
58. public static extern IntPtr GetCurrentProcess();
59.  
60. public static void CreatePipeWithSecurityAttributes(out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe,
61. SECURITY_ATTRIBUTES lpPipeAttributes, int nSize)
62. {
63. hReadPipe = null;
64. if ((!CreatePipe(out hReadPipe, out hWritePipe, lpPipeAttributes, nSize) || hReadPipe.IsInvalid) || hWritePipe.IsInvalid)
65. throw new Exception();
66. }
67.  
68.  
69. class RunAs
70. {
71. //public const UInt32 Infinite = 0xffffffff;
72. public const Int32 Startf_UseStdHandles = 0x00000101;
73. //public const Int32 StdOutputHandle = -11;
74. //public const Int32 StdErrorHandle = -12;
75. //private static string inputHandle;
76. //public static IntPtr outputHandle;
77. //private static string errorHandle;
78.  
79. [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
80. public struct StartupInfo
81. {
82. public int cb;
83. public String reserved;
84. public String desktop;
85. public String title;
86. public int x;
87. public int y;
88. public int xSize;
89. public int ySize;
90. public int xCountChars;
91. public int yCountChars;
92. public int fillAttribute;
93. public int flags;
94. public UInt16 showWindow;
95. public UInt16 reserved2;
96. public byte reserved3;
97. public IntPtr stdInput;
98. public IntPtr stdOutput;
99. public IntPtr stdError;
100. }
101.  
102. internal struct ProcessInformation
103. {
104. public IntPtr process;
105. public IntPtr thread;
106. public int processId;
107. public int threadId;
108. }
109.  
110.  
111. [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
112. public static extern bool CreateProcessWithLogonW(
113. String userName,
114. String domain,
115. String password,
116. UInt32 logonFlags,
117. String applicationName,
118. String commandLine,
119. UInt32 creationFlags,
120. UInt32 environment,
121. String currentDirectory,
122. ref StartupInfo startupInfo,
123. out ProcessInformation processInformation);
124.  
125. [DllImport("kernel32.dll", SetLastError = true)]
126. public static extern bool GetExitCodeProcess(IntPtr process, ref UInt32 exitCode);
127.  
128. [DllImport("Kernel32.dll", SetLastError = true)]
129. public static extern UInt32 WaitForSingleObject(IntPtr handle, UInt32 milliseconds);
130. [DllImport("Kernel32.dll", SetLastError = true)]
131. public static extern bool CreatePipe(out IntPtr hreadPipe, out IntPtr hWritePipe, ref SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize);
132.  
133. [DllImport("Kernel32.dll", SetLastError = true)]
134. public static extern IntPtr GetStdHandle(IntPtr handle);
135.  
136. [DllImport("Kernel32.dll", SetLastError = true)]
137. public static extern bool CloseHandle(IntPtr handle);
138.  
139. [STAThread]
140. static void Main(string[] args)
141. {
142.  
143. StartupInfo startupInfo = new StartupInfo();
144. startupInfo.reserved = null;
145. startupInfo.flags &= Startf_UseStdHandles;
146. //startupInfo.showWindow = SW_SHOW;
147. // SafeFileHandle inputHandle = null;
148. SafeFileHandle outputHandle = null;
149. SafeFileHandle errorHandle = null;
150. SafeFileHandle handleOutValue = new SafeFileHandle(startupInfo.stdOutput, true);
151. SafeFileHandle handleErrValue = new SafeFileHandle(startupInfo.stdError, false);
152. SafeFileHandle handleInValue = new SafeFileHandle(startupInfo.stdInput, false);
153. //pipeMaker.CreatePipe(out inputHandle, out startupInfo.stdInput, true);
154. //pipeMaker.CreatePipe(out outputHandle, out startupInfo.stdOutput, false);
155. pipeMaker.CreatePipe(out outputHandle, out handleOutValue, false);
156. pipeMaker.CreatePipe(out errorHandle, out handleErrValue, false);
157. //pipeMaker.CreatePipe(out outputHandle, out handleInValue, true);
158.  
159.  
160. UInt32 exitCode = 123456;
161. ProcessInformation processInfo = new ProcessInformation();
162.  
163. String command = @"cmd.exe";
164. String user = "test1";
165. String domain = System.Environment.MachineName;
166. String password = "SOME_PASSWORD";
167. String currentDirectory = "C:\windows\system32\";
168. String Params = "/k echo test";
169. UInt32 LogonFlags = 2; //login netonly
170.  
171. try
172. {
173. CreateProcessWithLogonW(
174. user,
175. domain,
176. password,
177. LogonFlags,
178. command,
179. Params,
180. (UInt32)0, //dw creation flags
181. (UInt32)0, //environment
182. currentDirectory,
183. ref startupInfo,
184. out processInfo);
185. }
186. catch (Exception e)
187. {
188. Console.WriteLine(e.ToString());
189.  
190. }
191.  
192. StreamReader srOut = new StreamReader(new FileStream(handleOutValue, FileAccess.Read, 4096, false));
193. //StreamReader srErr = new StreamReader(new FileStream(handleErrValue, FileAccess.Read, 0x1000, false));
194. //StreamReader sw = new StreamReader(new FileStream(handleOutValue, FileAccess.Read, 0x1000, false));
195. while (!srOut.EndOfStream)
196. {
197. string line = srOut.ReadLine();
198. if (line.Length > 0)
199. Console.WriteLine(line);
200. }
201. Console.WriteLine(handleOutValue.ToString());
202. Console.WriteLine("Exit code: {0}", exitCode);
203. CloseHandle(processInfo.process);
204. CloseHandle(processInfo.thread);
205. CloseHandle(startupInfo.stdOutput);
206.  
207.  
208. }
209. }
210.  
211. }
212. }