This is a portion of a POC code that I wrote in (I'd say) 2009. It demoes the use of impersonation to get user-specific information.
Note: that most likely, in the age of Win64 you'd have to slightly do other things to get there.
Code written by myself, in my spare time on my own hardware - no work code was used to demo Impersonation.
Get handle and pid, will impersonate. Once again - most likely this won't work on newer Windows versions.
Prelude:
We had a product based on RedMon (GhostScript/printer driver) that allowed some portions to be printed to a PDF file. It worked pretty good - and then it was handed over to someone within the company who
- had a hard time communicating
- added crazy features to the installer (spinning hourglass??)
- forced the installer to restart/reboot servers
It was so bad - that our company support team would spend hours to try to fix up customers - and - it just didn't work. I joined some of the calls as well. The biggest hint I got was: the files were always delivered to the wrong folder location - or even server share.
I talked to my manager - and he asked how long it would take. I said 'one week of coding and maybe another week scripting' (there was a proprietary scripting effort associated with this as well).
Conversation:
- Manager: "it's going to be too expensive".
- Me: 'It's already costing the support team money to fix installations after hours and it will only get worse..'.
- Manager giving in: "What do you need?"
- Me: "I need Trent (the original product developer) for the scripting and installer part"1
- Manager: "We're going to redo the installer??"
- Me: "We need to get rid of that crazy ass hourglass"
1 I'm not 100% certain if Trent worked on the new installer but I'm pretty certain I talked to him about this.
The issue was that redmon/ghostscript typically runs under a system account because (tadaa) it's a driver. A system account does not have any knowledge of a user's account, let alone user specific directory information. The idea was:
- Get a user session from RedMon
- Pass this session to the (new) software
- Find the associated user
- Get a pid/handle from any executable that is being run by the user (in our case this was "The Product").
- Pass that handle on to the Windows Impersonation API
- When logged on as user (sorry, impersonated) - get user specific information...
- Write PDF information
- Hand userfolder information over to the code that Trent would work on (registry I think?)
- The script code would do the essential part by pointing "The Product" to the location of the PDF information.
- The script code would also provide compatibility with older versions of the software and "The Product"
- Test with customer
- Done and deploy to prod
- Happy support and customers
Anyway - I have the feeling it took less than the two weeks but we did take out that crazy ass hourglass. Personally - The project itself was seen as one of the best projects we worked on. I think that this was because it was an extremely high-risk change: we had sort of an idea what was happening but were not totally certain. Additionally, we were to throw out old code and replace it with a new set of executables, installer and scripts. Eventually, the POC proved we were on the right track and managed to fix the software and push "The Product" for many other years.