EnumDesktopWindows in Windows Service

To cut 开发者_开发技巧a long story short I am attempting to add some functionality to a custom updater running as a windows service. I have run into some issues where the application I am attempting to update can potentially be running and I need to perform some custom actions if it is.

The problem I have is that the EnumDesktopWindows api call is only returning processes that are running in the local system context.

Now this mostly makes sense to me as to why this was done and so forth (I guess - although would appreciate further explanation).

However how does one then accomplish this functionality through a service?

This is the basics of the code I am using:

        public static IntPtr[] EnumDesktopWindows()
        {
            WinAPI._desktopWindowHandles = new List<IntPtr>();
            WinAPI.EnumDelegate enumfunc = new WinAPI.EnumDelegate(EnumWindowsCallBack);
            IntPtr hDesktop = IntPtr.Zero; // current desktop
            bool success = WinAPI.EnumDesktopWindows(hDesktop, enumfunc, IntPtr.Zero);

            if (success)
            {
                IntPtr[] handles = new IntPtr[_desktopWindowHandles.Count];
                _desktopWindowHandles.CopyTo(handles);
                return handles;
            }
            else
            {
                int errorCode = Marshal.GetLastWin32Error();
                string errorMessage = String.Format("EnumDesktopWindows failed with code {0}.", errorCode);
                throw new Exception(errorMessage);
            }

        }

Could it be that I have this all wrong and the problem is in the line?:

IntPtr hDesktop = IntPtr.Zero;

Services run in a different session (session 0) from interactive users. This is known as session 0 isolation.

You can't access the logged in user's desktop from a service.

You'll have to attack this problem by enumerating processes rather than windows.

I am not sure that you go in the correct direction with enumerating of desktops. I don't know who is the initiator of the action which follows to the EnumDesktopWindows call inside of the service. If the user had triggered the action, than you can probably impersonate his user account and the problem will be easy solved.

If you don't have any way to receive the user token I would recommend you to read Impact of Session 0 Isolation on Services and Drivers in Windows document before you continue. The main problem which you have is that Terminal Services are running on the computer and your Windows Service run in the session with the SessionId=0, but all user processes run in another session. If your service run under LocalSystem account or under any other account having SE_TCB_NAME privilege it can use SetTokenInformation function with the TokenSessionId parameter to change to current session (see here for more details). All available sessions you can receive with respect of LsaEnumerateLogonSessions function.

At the end I can repeat one more time, that you should change the session of the service only if other more simple ways like user impersonation can not be used.

• Enumerate processes
• Have the application advertise presence (named kernel object, e.g. from CreateEvent)
• Try to open the EXE file exclusively