i have been working on few days now. appears can login administrator, when try run program error when create object. @ wqleventquery q = new wqleventquery("win32_processstarttrace"); or of them matter.
"error: 80070542 either required impersonation level not provided, or provided impersonation level invalid." included cs file below.
at whoami varables expected before logonuser myself , after whoami shows administrator. , logonuser return true. logging in administrator still don't have rights?
using system; using system.collections.generic; using system.componentmodel; using system.data; using system.drawing; using system.linq; using system.text; using system.windows.forms; using mysql.data; using system.management; using system.runtime.interopservices; using system.security.principal; using system.security.permissions; using microsoft.win32.safehandles; using system.runtime.constrainedexecution; using system.security; namespace wta5 { public partial class form1 : form { [dllimport("advapi32.dll", setlasterror = true, charset = charset.unicode)] public static extern bool logonuser(string lpszusername, string lpszdomain, string lpszpassword, int dwlogontype, int dwlogonprovider, out safetokenhandle phtoken); [dllimport("kernel32.dll", charset = charset.auto)] public extern static bool closehandle(intptr handle); safetokenhandle safetokenhandle; public form1() { initializecomponent(); try { try { string whoami = windowsidentity.getcurrent().name; //whoami login name const int logon32_logon_interactive = 2, logon32_logon_network = 3, logon32_logon_batch = 4, logon32_logon_service = 5, logon32_logon_unlock = 7, logon32_logon_network_cleartext = 8, logon32_logon_new_credentials = 9; const int logon32_provider_default = 0, logon32_provider_winnt35 = 1, logon32_provider_winnt40 = 2, logon32_provider_winnt50 = 3; string username = "\\\\administrator"; string domainname = "\\\\localhost"; bool returnvalue = logonuser(username, domainname, "happyhappy", logon32_logon_interactive, logon32_provider_default, out safetokenhandle); using (safetokenhandle) { using (windowsidentity newid = new windowsidentity(safetokenhandle.dangerousgethandle())) { using (windowsimpersonationcontext impersonateduser = newid.impersonate()) { whoami = windowsidentity.getcurrent().name; //whoami administrator //managementscope scope = new managementscope("root\\cimv2"); //scope.options.enableprivileges = true; //scope.options.impersonation = impersonationlevel.impersonate; wqleventquery q = new wqleventquery("win32_processstarttrace"); using (managementeventwatcher w = new managementeventwatcher(q)) //removed scope testing (scope,q) { w.eventarrived += new eventarrivedeventhandler(processeventstarted); w.start(); } wqleventquery r = new wqleventquery("win32_processstoptrace"); using (managementeventwatcher w = new managementeventwatcher(r)) //removed scope testing (scope,q) { w.eventarrived += new eventarrivedeventhandler(processeventexited); w.start(); } } } } } catch (exception xe) { xe = xe; } } catch (exception ex) { console.writeline("exception occurred. " + ex.message); } } public void processeventstarted(object sender, eventarrivedeventargs e) { } private void processeventexited(object sender, eventarrivedeventargs e) { } public sealed class safetokenhandle : safehandlezeroorminusoneisinvalid { private safetokenhandle() : base(true) { } [dllimport("kernel32.dll")] [reliabilitycontract(consistency.willnotcorruptstate, cer.success)] [suppressunmanagedcodesecurity] [return: marshalas(unmanagedtype.bool)] private static extern bool closehandle(intptr handle); protected override bool releasehandle() {return closehandle(handle);} } } }thanks dave.
Comments
Post a Comment