This simple example shows how you can change the target session of a new process.

  1. uses
  2.   JwaWindows,
  3.   JwsclToken,
  4.   JwsclComUtils;
  5.  
  6. var
  7.    NewToken,
  8.    UserToken : TJwSecurityToken;
  9.  
  10.    S : TStartupInfo;
  11.    P : TProcessInformation;
  12. begin
  13.   UserToken := TJwSecurityToken.CreateWTSQueryUserTokenEx(nil, 1);
  14.   TJwAutoPointer.Wrap(UserToken); //automatic destroy
  15.  
  16.   NewToken := TJwSecurityToken.CreateDuplicateExistingToken(UserToken.TokenHandle, MAXIMUM_ALLOWED);
  17.   TJwAutoPointer.Wrap(NewToken);  
  18.  
  19.   //needs TCB privilege -> Service
  20.   JwEnablePrivilege(SE_TCB_NAME, pst_Enable);
  21.   NewToken.TokenSessionId := 2;
  22.  
  23.   //simple CreateProcessAsUser
  24.   ZeroMemory(@S, Sizeof(S));
  25.   S.cb := sizeof(S);
  26.   CreateProcessAsUser(T2.TokenHandle,‘C:\Windows\system32\cmd.exe’,nil,nil,nil,false, 0, nil, nil, S,P);

All the source is doing is to get a user’s token by calling CreateWTSQueryUserToken and then duplicate so it will become possible to change the Token SessionID. The session ID is changed by setting the property TokenSessionID which is only possible with the TCB privilege (we need it, but it needn’t to be active).
You can do the CreateProcess part a little better if you read this: “CreateProcess in full glory“.

Did you know?
1. You can test this example in your own Delphi environment without writing a service first.

2. It is not possible to change the session ID of a running process.

Send post as PDF to www.pdf24.org
convert this post to pdf.