Runs a program using the parameters specified in a named file mapping
Syntax
int WINAPI RunAsNewUser_RunDLLW (
HWND unusedHwnd,
HINSTANCE unusedHinstance,
LPCWSTR pMappingName,
int nCmdShow
)
Parameters
- unusedHwnd
- Unused
- unusedHinstance
- Unused
- pMappingName
- The name of the file mapping that contains the parameters
- nCmdShow
- The SW_ value to pass to ShellExecuteEx
Return Value
HRESULT_FROM_WIN32(GetLastError()) if opening the shared mapping fails, otherwise the return value of ShellExecuteEx
Remarks
Despite its name, this function does nothing to run the program named by execFile as any different user. As it currently stands, it's only use is as a more cumbersome interface to ShellExecuteEx
The shared mapping must be at least 0xc80 (3200) bytes long and contain a RUNASNEWUSERPARAM structure defined as follows:
struct RUNASNEWUSERPARAM { WCHAR eventName[0x38]; // offsets WCHAR execFile[MAX_PATH]; // 0x70 WCHAR arguments[MAX_PATH]; // 0x278 UCHAR padding[0x600]; // 0x478 WCHAR directory[MAX_PATH - 4]; // 0xa78 }; eventName is the name of an event that the function sets after it is done copying the struct from the mapping into a local buffer. It is not optional. execFile is the path of the file to execute. It is not optional arguments are those to be passed to execFile. Optional padding is unused space in current versions directory is the 'start in' directory. Optional
Example
#define WIN32_LEAN_AND_MEAN #include <windows.h> #include <stdio.h> struct RUNASNEWUSERPARAM { WCHAR eventName[0x38]; WCHAR execFile[MAX_PATH]; WCHAR arguments[MAX_PATH]; UCHAR padding[0x600]; WCHAR directory[MAX_PATH - 4]; }; typedef int (WINAPI*pfnShell)(HWND, HINSTANCE, LPCWSTR, int); int main() { LPCWSTR fileMapName = L"MyMap"; LPCWSTR eventName = L"MyEvent"; HMODULE hShell = LoadLibrary(L"shell32.dll"); pfnShell runAsNewUserRunDLLW = (pfnShell)GetProcAddress(hShell, "RunAsNewUser_RunDLLW"); HANDLE hFileMap = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, sizeof(RUNASNEWUSERPARAM), fileMapName); HANDLE hEvent = CreateEvent(NULL, FALSE, FALSE, eventName); RUNASNEWUSERPARAM* pParam = reinterpret_cast(MapViewOfFile(hFileMap, FILE_MAP_WRITE, 0, 0, 0)); wcscpy(pParam->name, eventName); wcscpy(pParam->execFile, L"C:\\Windows\\System32\\winver.exe"); runAsNewUserRunDLLW(NULL, NULL, fileMapName, SW_SHOW); UnmapViewOfFile(pParam); CloseHandle(hEvent); CloseHandle(hFileMap); FreeLibrary(hShell); return 0; }