#1 11 Oct 2012 21:04

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 330

start a hidden process / start process as a different user

I've decided to abuse the SCHTASKS a little bit smile

1.Hidden process (it's almost the same).
There are a few solutions for this (http://superuser.com/questions/62525/run-a-completly-hidden-batch-file   , http://forums.techguy.org/dos-other/644 … -file.html ) , but I prefer a "pure" batch way . The idea is that if you schedule a task as "SYSTEM" user it will start
in hidden (as every process started form a service) . And deleting the task will not stop the already running process.The bad thing is that there is an unskippable  timeout of 1 minute because SCHTASKS does not take the second into account (as well the scheduler UI)  - despite what is written here : http://ss64.com/nt/schtasks.html  .  I'm now trying to workaround this with ONEVENT option  (is it even possible?EDIT: it is .Almost done).Here's the script:

@echo off
setlocal
if "%1" EQU "" (
	echo %~n0 path_to_executable
	goto :eof
)
 
if "%1" EQU "-help" (
	echo %~n0 path_to_executable
	goto :eof
)


set executable=%~sn1
set inpath=%~dp$PATH:1


::the idea behind this ugly if is
:: to get the path in 8.3 format because there are problems between
:: SCHTASKS and spaces
if not exist %executable% (
	if "%inpath%" equ "" (
		echo path to executable item does not exist
		exit /B 1		
	) else (
 	 	for %%f in ("%~dp$PATH:1%~1") do set executable=%%f 
	)
)

::getting the current time
FOR /F "skip=1 tokens=1-3" %%A IN ('WMIC Path Win32_LocalTime Get Hour^,Minute^,Second /Format:table') DO (
	SET /A hours=%%A > nul 2>&1
	SET /A minutes=%%B > nul 2>&1
	SET /A seconds=%%C > nul 2>&1	
)
  
set /a time_stamp=%hours%%minutes%%seconds%

if "%time_stamp%" equ "" (
	echo "some kind of error"
	exit /B 2
)


set /A start_minutes=%minutes% +1
set /A start_hours=%hours%

if %start_minutes% EQU 60 (
	set /A start_minutes=0
	set /A start_hours=%hours% +1
)
set eventual_sleep = 60

if %start_hours% GTR 23 (
	set /a start_hours=0
	sleep %eventual_sleep%
)
if %start_minutes% lss 10 (
	set start_minutes=0%start_minutes%
)

if %start_hours% lss 10 (
	set start_minutes=0%start_hours%
)
set start_time=%start_hours%:%start_minutes%


SCHTASKS /Create /SC ONCE /TN start_at_%time_stamp% /ST %start_time%  /TR %executable% /RU SYSTEM  /F
sleep 61
SCHTASKS /Delete /TN start_at_%time_stamp% /f 
endlocal

2.Run as a different user.
runas command does not allow you to feed it with password (pretty inconvenient) ,but SCHTASKS  does ! Isn't it wonderful smile

The startted process still will be invisible (unless the user is the same as the currently logged on ) and to stop it you might need its PID ,but  in some situations it could be useful (but to be honest I will continue using cpau -> http://www.joeware.net/freetools/tools/cpau/index.htm):

@echo off
setlocal

if [%1] EQU [] (
	echo %~n0 -exec path_to_exec  [-user user [-pass pass]] 
	goto :eof
)

if [%1] EQU [-help] (
	call %~n0 -exec path_to_exec  [-user user [-pass pass]] 
	goto :eof
)

set /A shifter=1
set workdir=.

:argParser
	if [%1] EQU [-exec] (
		set executable=%~2
	)
	if [%1] EQU [-user] (
		set user=%2
	) 
	if [%1] EQU [-pass] (
		set pass=%2
	)

	shift
	shift
	set /A shifter=%shifter% + 1
	
	if %shifter% EQU 3 (
		goto :endArgParser
	)

goto :argParser
:endArgParser



set inpath=%~dp$PATH:1

if not exist %executable% (
	if "%inpath%" equ "" (
		echo path to executable item does not exist
		exit /B 1		
	) else (
 	 	for %%f in ("%~dp$PATH:1%~1") do set executable=%%f 
	)
)

if "%user%" NEQ "" (
	set user_param=/RU %user%
	if "%pass%" NEQ ""(
		set pass_param=/RP %pass%
	) 
	
)

FOR /F "skip=1 tokens=1-3" %%A IN ('WMIC Path Win32_LocalTime Get Hour^,Minute^,Second /Format:table') DO (
	SET /A hours=%%A > nul 2>&1
	SET /A minutes=%%B > nul 2>&1
	SET /A seconds=%%C > nul 2>&1	
)
  
set /a time_stamp=%hours%%minutes%%seconds%

if "%time_stamp%" equ "" (
	echo "some kind of error"
	exit /B 2
)

set /A start_minutes=%minutes% +1
set /A start_hours=%hours%

if %start_minutes% EQU 60 (
	set /A start_minutes=0
	set /A start_hours=%hours% +1
)
set eventual_sleep = 60

if %start_hours% GTR 23 (
	set /a start_hours=0
	sleep %eventual_sleep%
)
if %start_minutes% lss 10 (
	set start_minutes=0%start_minutes%
)

if %start_hours% lss 10 (
	set start_minutes=0%start_hours%
)
set start_time=%start_hours%:%start_minutes%

SCHTASKS /Create /SC ONCE /TN start_at_%time_stamp% /ST %start_time%  /TR %executable% %user_param% %pass_param%  /F
sleep 61
SCHTASKS /Delete /TN start_at_%time_stamp% /f 
endlocal

For sure I'm not the only one that came out with this idea.Now wondering how this can be enhanced and what other problems I didn't saw .

Last edited by npocmaka (13 Oct 2012 11:24)


http://www.facebook.com/npocmaka

Online

#2 13 Oct 2012 21:55

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 330

Re: start a hidden process / start process as a different user

New versions without timeout.The schedulded task is triggered by event in the log which I'm writing with eventcreate (eventcreate is not available in any home edition of windows).

1.Start hidden:

@echo off
setlocal
if "%1" EQU "" (
	echo %~n0 path_to_executable
	goto :eof
)
 
if "%1" EQU "-help" (
	echo %~n0 path_to_executable
	goto :eof
)


set executable=%~sn1
set inpath=%~dp$PATH:1


::the idea behind this ugly if is
:: to get the path in 8.3 format because there are problems between
:: SCHTASKS and spaces


echo %inpath%
echo %executable% 
if not exist %executable% (
	echo --
	if "%inpath%" equ "" (
		echo path to executable item does not exist
		exit /B 1		
	) else (
 	 	for %%f in ("%~dp$PATH:1%~1") do set executable=%%f 
	)
)

::getting the current time
FOR /F "skip=1 tokens=1-3" %%A IN ('WMIC Path Win32_LocalTime Get Hour^,Minute^,Second /Format:table') DO (
	SET /A hours=%%A > nul 2>&1
	SET /A minutes=%%B > nul 2>&1
	SET /A seconds=%%C > nul 2>&1	
)
  
set /a time_stamp=%hours%%minutes%%seconds%

if "%time_stamp%" equ "" (
	echo "some kind of error"
	exit /B 2
)


SCHTASKS /Create /SC ONEVENT /EC Application /MO *[System/EventID=101] /TN start_at_%time_stamp%  /TR %executable%   /RU SYSTEM /F /RL HIGHEST
eventcreate /ID 101 /T INFORMATION /D start_task
SCHTASKS /Delete /TN start_at_%time_stamp% /f 
endlocal

2.Start as:

@echo off
setlocal

if [%1] EQU [] (
	echo %~n0 -exec path_to_exec  [-user user [-pass pass]] [-command commandline]
	echo to start a hidden process set user to SYSTEM
	goto :eof
)

if [%1] EQU [-help] (
	call %~n0 -exec path_to_exec  [-user user [-pass pass]] [-command commandline]
	echo to start a hidden process set user to SYSTEM
	goto :eof
)

set /A shifter=1
::set spaces to params that is possible to stay unused
set set user_param= 
set pass_param= 
set command= 

:argParser
	if [%1] EQU [-exec] (
		set executable=%~sn2
		set inpath=%~dp$PATH:2
	)
	if [%1] EQU [-user] (
		set user=%2
	)

	if [%1] EQU [-pass] (
		set pass=%2
	)

	if [%1] EQU [-command] (
		set command=%~2
	)
	
	shift
	shift
	set /A shifter=%shifter% + 1
	
	if %shifter% EQU 4 (
		goto :endArgParser
	)

goto :argParser
:endArgParser




::the idea behind this ugly if is
:: to get the path in 8.3 format because there are problems between
:: SCHTASKS and spaces
if not exist %executable% (
	if "%inpath%" equ "" (
		echo path to executable item does not exist
		exit /B 1		
	) else (
 	 	for %%f in ("%inpath%\%executable%") do set executable=%%~snf 
	)
) else (
	for %%f in ("%executable%") do set executable=%%~snf 
)



if "%user%" NEQ "" (
	set user_param=/RU %user%
	if "%pass%" NEQ "" (
		set pass_param=/RP %pass%
	) 
	
)

::there cannot be set password on system user
if "%user%" EQU "SYSTEM" (
	set pass_param= 
)



::getting the current time
FOR /F "skip=1 tokens=1-3" %%A IN ('WMIC Path Win32_LocalTime Get Hour^,Minute^,Second /Format:table') DO (
	SET /A hours=%%A > nul 2>&1
	SET /A minutes=%%B > nul 2>&1
	SET /A seconds=%%C > nul 2>&1	
)
set /a time_stamp=%hours%%minutes%%seconds%

if "%time_stamp%" equ "" (
	echo "some kind of error"
	exit /B 2
)



SCHTASKS /Create /SC ONEVENT /EC Application /MO *[System/EventID=101] /TN start_at_%time_stamp%  /TR "'%executable%' '%command%'" %user_param% %pass_param%  /F /RL HIGHEST
eventcreate /ID 101 /T INFORMATION /D start_task
SCHTASKS /Delete /TN start_at_%time_stamp% /f 
endlocal

If  /U\/P switches are used along with /RU\/RP the task won't start in invisible mode if the user is logged on in another session and I'm not sure if it's worthy to be used.

Last edited by npocmaka (13 Oct 2012 22:03)


http://www.facebook.com/npocmaka

Online

#3 14 Oct 2012 18:16

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 330

Re: start a hidden process / start process as a different user

And the last edit.This time only for "start as".
Both EVENTCREATE and SCHTASKS allow you executaion against remote systems - so I've added this as an option too.
And this is   just    another   way   to execute command on remote machine.
/U \ /P switches without  /RU \ /RP realy start the process visible but is acceptable only for remote systems , so in the script they are not passed alone.


@echo off
setlocal

if [%1] EQU [] (
	echo %~n0 -exec path_to_exec  [-user user [-pass pass]] [-command commandline] [-system] remote_system
	echo to start a hidden process set user to SYSTEM
	goto :eof
)

if [%1] EQU [-help] (
	echo %~n0 -exec path_to_exec  [-user user [-pass pass]] [-command commandline] [-system] remote_system
	echo to start a hidden process set user to SYSTEM
	goto :eof
)

set /A shifter=1
::set spaces to params that is possible to stay unused
set set user_param= 
set pass_param= 
set exec= 
set command= 
::they're same for SCHTASKS and EVENTCREATE
set remote_params= 


:argParser
	if [%1] EQU [-exec] (
		set executable=%~sn2
		set inpath=%~dp$PATH:2
	)
	if [%1] EQU [-user] (
		set user=%2
	)

	if [%1] EQU [-pass] (
		set pass=%2
	)

	if [%1] EQU [-command] (
		set command=%~2
	)
	
	if [%1] EQU [-system] (
		set system=%2
	)
	
	shift
	shift
	set /A shifter=%shifter% + 1
	
	if %shifter% EQU 5 (
		goto :endArgParser
	)

goto :argParser
:endArgParser


:: parameters with user and no pass is ommited to avoid pass prompting

if "%user%" NEQ "" (
	set user_param=/RU %user%
	
	if "%pass%" NEQ "" (
		set pass_param=/RP %pass%
		
		if "%system%" NEQ "" (
			set remote_params= /S %system% /U %user% /P %pass% 
			goto :skipExCheck
		)
	) else (
		set user_param= 
	)
	
) else (
	if "%system%" NEQ "" (
		set remote_params= /S %system% 
		goto :skipExCheck
	)
	
)


::there cannot be set password on system user
if "%user%" EQU "SYSTEM" (
	set pass_param= 
)

if "%system%" NEQ "" (
 	set remote_params= /S %system% /U %user% /P %pass% 
 	goto :skipExCheck
)

::the idea behind this ugly if is
:: to get the path in 8.3 format because there are problems between
:: SCHTASKS and spaces
echo %inpath%
if not exist %executable% (
	if "%inpath%" equ "" (
		echo path to executable item does not exist
		exit /B 1		
	) else (
 	 	for %%f in ("%inpath%\%executable%") do set executable=%%~snf 
	)
) else (
	for %%f in ("%executable%") do set executable=%%~snf 
)

:: if task is executed against remote machine existence checking is unnecessary
:skipExCheck



::getting the current time
FOR /F "skip=1 tokens=1-3" %%A IN ('WMIC Path Win32_LocalTime Get Hour^,Minute^,Second /Format:table') DO (
	SET /A hours=%%A > nul 2>&1
	SET /A minutes=%%B > nul 2>&1
	SET /A seconds=%%C > nul 2>&1	
)
set /a time_stamp=%hours%%minutes%%seconds%

if "%time_stamp%" equ "" (
	echo "some kind of error"
	exit /B 2
)

::the heart of the script
SCHTASKS /Create /SC ONEVENT /EC Application /MO *[System/EventID=101] /TN start_at_%time_stamp%  /TR "'%executable%' '%command%'" %user_param% %pass_param%  /F /RL HIGHEST %remote_params%
EVENTCREATE /ID 101 /T INFORMATION /D start_task %remote_params%
SCHTASKS /Delete /TN start_at_%time_stamp% /f %remote_params%
endlocal

Last edited by npocmaka (14 Oct 2012 18:18)


http://www.facebook.com/npocmaka

Online

#4 18 Oct 2012 21:28

NDog
Member
From: New Zealand
Registered: 31 May 2006
Posts: 90
Website

Re: start a hidden process / start process as a different user

Please give us a working example.

I have a script - "C:\MySubfolder\MyBatchFile.bat"
I have an administrator account user:admin password:apple
I have a limited account user:limited

If I want to run my script as a limited user
1) logon as admin account, run "Start hidden.cmd"
2) logon as limited account, run "Start as.cmd" "C:\MySubfolder\MyBatchFile.bat"

Is this correct?

I am asking because I do these kind of things however I stick to autoit, as it is better,faster etc, but limitation is needs to be compiled and takes up more space.


Known Scripting Languages: CMD, Autoit, 4DOS

Offline

#5 19 Oct 2012 08:47

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 330

Re: start a hidden process / start process as a different user

Oh my... I've found and paths are not calculated correctly.Now works only with exe's in %PATH% (e.g. use notepad.exe as a parameter) .A little bit more and I'll be ready with the "fix" .
Anyway you can use this with hardcoded values:

SCHTASKS /Create /SC ONEVENT /EC Application /MO *[System/EventID=101] /TN start_at_%time_stamp%  /TR %executable%   /RU SYSTEM /F /RL HIGHEST
EVENTCREATE /ID 101 /T INFORMATION /D start_task
SCHTASKS /Delete /TN start_at_%time_stamp% /f


And thanks for noticing that.

Last edited by npocmaka (19 Oct 2012 08:48)


http://www.facebook.com/npocmaka

Online

#6 19 Oct 2012 13:29

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 330

Re: start a hidden process / start process as a different user

Here are fixed versions.There was  a (copy/pasted) typo and I've took the path to the command with %~sn1 instead %~s1 .There the shctasks params for remote systems were set  also wrong and and unnecessary single quotes for additional parameters are cleared:

StartHidden:


@echo off
setlocal
if "%1" EQU "" (
	echo %~n0 path_to_executable
	goto :eof
)
 
if "%1" EQU "-help" (
	echo %~n0 path_to_executable
	goto :eof
)


set executable=%~s1
set inpath=%~dp$PATH:1


::the idea behind this ugly if is
:: to get the path in 8.3 format because there are problems between
:: SCHTASKS and spaces



if not exist %executable% (
	if "%inpath%" equ "" (
		echo path to executable item does not exist
		exit /B 1		
	) else (
 	 	for %%f in ("%~dp$PATH:1%~1") do set executable=%%f 
	)
)



::getting the current time
FOR /F "skip=1 tokens=1-3" %%A IN ('WMIC Path Win32_LocalTime Get Hour^,Minute^,Second /Format:table') DO (
	SET /A hours=%%A > nul 2>&1
	SET /A minutes=%%B > nul 2>&1
	SET /A seconds=%%C > nul 2>&1	
)
  
set /a time_stamp=%hours%%minutes%%seconds%

if "%time_stamp%" equ "" (
	echo "some kind of error"
	exit /B 2
)


SCHTASKS /Create /SC ONEVENT /EC Application /MO *[System/EventID=101] /TN start_at_%time_stamp%  /TR %executable%   /RU SYSTEM /F /RL HIGHEST
eventcreate /ID 101 /T INFORMATION /D start_task
SCHTASKS /Delete /TN start_at_%time_stamp% /f 
endlocal



StartAs:

@echo off
setlocal

if [%1] EQU [] (
    echo %~n0 -exec path_to_exec  [-user user [-pass pass]] [-command commandline] [-system] remote_system
    echo to start a hidden process set user to SYSTEM
    goto :eof
)

if [%1] EQU [-help] (
    echo %~n0 -exec path_to_exec  [-user user [-pass pass]] [-command commandline] [-system] remote_system
    echo to start a hidden process set user to SYSTEM
    goto :eof
)

set /A shifter=1
::set spaces to params that is possible to stay unused
set set user_param= 
set pass_param= 
set exec= 
set command= 
::they're same for SCHTASKS and EVENTCREATE
set remote_params= 


:argParser
    if [%1] EQU [-exec] (
        set executable=%~s2
        set inpath=%~dp$PATH:2
    )
    if [%1] EQU [-user] (
        set user=%2
    )

    if [%1] EQU [-pass] (
        set pass=%2
    )

    if [%1] EQU [-command] (
        set command='%~2'
    )
    
    if [%1] EQU [-system] (
        set system=%2
    )
    
    shift
    shift
    set /A shifter=%shifter% + 1
    
    if %shifter% EQU 5 (
        goto :endArgParser
    )

goto :argParser
:endArgParser


:: parameters with user and no pass is ommited to avoid pass prompting

if "%user%" NEQ "" (
    set user_param=/RU %user%
    
    if "%pass%" NEQ "" (
        set pass_param=/RP %pass%
        
        if "%system%" NEQ "" (
            set remote_params= /S %system% /U %user% /P %pass% 
            set pass_param= 
            set user_param= 
            goto :skipExCheck
        )
    ) else (
        set user_param= 
    )
    
) else (
    if "%system%" NEQ "" (
        set remote_params= /S %system% 
        goto :skipExCheck
    )
    
)


::there cannot be set password on system user
if "%user%" EQU "SYSTEM" (
    set pass_param= 
)

if "%system%" NEQ "" (
     set remote_params= /S %system% /U %user% /P %pass% 
     goto :skipExCheck
)

::the idea behind this ugly if is
:: to get the path in 8.3 format because there are problems between
:: SCHTASKS and spaces



if not exist %executable% (
    if "%inpath%" equ "" (
        echo path to executable item does not exist
        exit /B 1        
    ) else (
          for %%f in ("%inpath%\%executable%") do set executable=%%~snf 
    )
) else (
    for %%f in ("%executable%") do set executable=%%~snf 
)

:: if task is executed against remote machine existence checking is unnecessary
:skipExCheck



::getting the current time
FOR /F "skip=1 tokens=1-3" %%A IN ('WMIC Path Win32_LocalTime Get Hour^,Minute^,Second /Format:table') DO (
    SET /A hours=%%A > nul 2>&1
    SET /A minutes=%%B > nul 2>&1
    SET /A seconds=%%C > nul 2>&1    
)
set /a time_stamp=%hours%%minutes%%seconds%

if "%time_stamp%" equ "" (
    echo "some kind of error"
    exit /B 2
)

::the heart of the script
SCHTASKS /Create /SC ONEVENT /EC Application /MO *[System/EventID=101] /TN start_at_%time_stamp%  /TR "'%executable%' %command%" %user_param% %pass_param%  /F /RL HIGHEST %remote_params%
EVENTCREATE /ID 101 /T INFORMATION /D start_task %remote_params%
SCHTASKS /Delete /TN start_at_%time_stamp% /f %remote_params%
endlocal

Last edited by npocmaka (19 Oct 2012 13:35)


http://www.facebook.com/npocmaka

Online

#7 19 Oct 2012 13:33

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 330

Re: start a hidden process / start process as a different user

And the examples (to do this you need Admin privileges):
Start a hidden process:

checking if there's running notepad
C:\tmp\test>tasklist | find "notepad"

starting a hidden notepad
C:\tmp\test>starthidden.bat notepad.exe
SUCCESS: The scheduled task "start_at_144758" has successfully been created.

SUCCESS: An event of type 'INFORMATION' was created in the 'Application' log wit
h 'EventCreate' as the source.
SUCCESS: The scheduled task "start_at_144758" was successfully deleted.

C:\tmp\test>tasklist | find "notepad"
notepad.exe                   5984 Services                   0      3,908 K

a bat that that starts the notepad:
C:\tmp\test>starthidden.bat ttt.bat
SUCCESS: The scheduled task "start_at_144929" has successfully been created.

SUCCESS: An event of type 'INFORMATION' was created in the 'Application' log wit
h 'EventCreate' as the source.
SUCCESS: The scheduled task "start_at_144929" was successfully deleted.

C:\tmp\test>tasklist | find "notepad"

notepad.exe                   5984 Services                   0      3,908 K
notepad.exe                   5032 Services                   0      3,936 K

straightforward start of the notepad to see the differences
C:\tmp\test>notepad

C:\tmp\test>tasklist | find "notepad"
notepad.exe                   5984 Services                   0      3,908 K
notepad.exe                   5032 Services                   0      3,936 K
notepad.exe                   1364 RDP-Tcp#0                  4      4,440 K

C:\tmp\test>


StartAs:

C:\tmp\test>startas
startas -exec path_to_exec  [-user user [-pass pass]] [-command commandline] [-s
ystem remote_system]
to start a hidden process set user to SYSTEM

C:\tmp\test>tasklist | find "notepad"



C:\tmp\test>startas -exec notepad.exe -user jssuser -pass jssuser

SUCCESS: The scheduled task "start_at_145246" has successfully been created.

SUCCESS: An event of type 'INFORMATION' was created in the 'Application' log wit
h 'EventCreate' as the source.
SUCCESS: The scheduled task "start_at_145246" was successfully deleted.

The process again will be started with user visible as "Services" but it has access to target user private folders and registry sections
C:\tmp\test>tasklist | find "notepad"
notepad.exe                   3860 Services                   0      4,800 K

C:\tmp\test>


StartAs on remote system

C:\>startas.bat -exec notepad.exe -system TESTSYS -user TESTSYS\
jssuser -pass jsspass

SUCCESS: The scheduled task "start_at_151248" has successfully been created.
WARNING: Multiple connections to a server or shared resource by the same user, using more than one u
ser name, are not allowed. Disconnect all previous connections to the server or shared resource and
try again.

SUCCESS: An event of type 'INFORMATION' was created in the 'Application' log with 'EventCreate' as t
he source.
SUCCESS: The scheduled task "start_at_151248" was successfully deleted.

C:\>

Last edited by npocmaka (19 Oct 2012 13:43)


http://www.facebook.com/npocmaka

Online

Board footer

Powered by FluxBB