ctypes.ArgumentError: 参数 1: 类型错误: 不知道如何转换参数 1

huangapple go评论72阅读模式
英文:

ctypes.ArgumentError: argument 1: TypeError: Don't know how to convert parameter 1

问题

import ctypes
import win32security

h_token = win32security.OpenProcessToken(ctypes.windll.kernel32.GetCurrentProcess(), win32security.TOKEN_ALL_ACCESS)

lpApplicationName = ctypes.c_wchar_p(rf"C:\\Windows\\System32\\cmd.exe")
lpCommandLine = ctypes.c_wchar_p("")
dwCreationFlags = 0x00000010
lpEnvironment = None
lpProcessAttributes = None
lpThreadAttributes = None
bInheritHandles = False

ctypes.windll.advapi32.CreateProcessWithTokenW(h_token, 0, lpApplicationName, lpCommandLine, dwCreationFlags, lpEnvironment, None, lpProcessAttributes, lpThreadAttributes, bInheritHandles)
Traceback (most recent call last):
  File "testx.py", line 96, in <module>
    ctypes.windll.advapi32.CreateProcessWithTokenW(h_token, 0, lpApplicationName, lpCommandLine, dwCreationFlags, lpEnvironment, None, lpProcessAttributes, lpThreadAttributes, bInheritHandles)
ctypes.ArgumentError: argument 1: TypeError: Don't know how to convert parameter 1

如何修复它?我做错了什么?感谢阅读和帮助 ctypes.ArgumentError: 参数 1: 类型错误: 不知道如何转换参数 1

英文:

my code..

import ctypes
import win32security

h_token = win32security.OpenProcessToken(ctypes.windll.kernel32.GetCurrentProcess(), win32security.TOKEN_ALL_ACCESS)

lpApplicationName = ctypes.c_wchar_p(rf&quot;C:\\Windows\\System32\\cmd.exe&quot;)
lpCommandLine = ctypes.c_wchar_p(&quot;&quot;)
dwCreationFlags = 0x00000010
lpEnvironment = None
lpProcessAttributes = None
lpThreadAttributes = None
bInheritHandles = False

ctypes.windll.advapi32.CreateProcessWithTokenW(h_token, 0, lpApplicationName, lpCommandLine, dwCreationFlags, lpEnvironment, None, lpProcessAttributes, lpThreadAttributes, bInheritHandles)

my output...

Traceback (most recent call last):
  File &quot;testx.py&quot;, line 96, in &lt;module&gt;
    ctypes.windll.advapi32.CreateProcessWithTokenW(h_token, 0, lpApplicationName, lpCommandLine, dwCreationFlags, lpEnvironment, None, lpProcessAttributes, lpThreadAttributes, bInheritHandles)
ctypes.ArgumentError: argument 1: TypeError: Don&#39;t know how to convert parameter 1

how i can fix it? what i'm doing wrong?, thanks for read and help ctypes.ArgumentError: 参数 1: 类型错误: 不知道如何转换参数 1

答案1

得分: 0

The token returned by win32security.OpenProcessToken is a PyHANDLE object. Use int(h_token) to get a value that ctypes will accept. Note that you should set the .argtypes and .restype of a ctypes function or parameters and return value may not convert properly from Python to C.

英文:

The token returned by win32security.OpenProcessToken is a PyHANDLE object. Use int(h_token) to get a value that ctypes will accept. Note that you should set the .argtypes and .restype of a ctypes function or parameters and return value may not convert properly from Python to C.

答案2

得分: 0

以下是您要翻译的内容:

At 1<sup>st</sup> glance, this situation seems to be one of the exceptions, as CreateProcessWithTokenW is not wrapped by PyWin32.

I played a bit with your code after fixing some errors:

but I couldn't get it to work (got ERROR_TOKEN_ALREADY_IN_USE). Note that I didn't spend much time investigating (adjusting the token privileges, ...), because I paid more attention to what [MS.Learn]: CreateProcessWithTokenW function (winbase.h) states:

> The process that calls CreateProcessWithTokenW must have the SE_IMPERSONATE_NAME privilege. If this function fails with ERROR_PRIVILEGE_NOT_HELD (1314), use the CreateProcessAsUser or CreateProcessWithLogonW function instead.

code00.py:

#!/usr/bin/env python

import sys
import win32api as wapi
import win32con as wcon
import win32process as wproc
import win32security as wsec

def main(*argv):
    token = wsec.OpenProcessToken(wproc.GetCurrentProcess(), wsec.TOKEN_ALL_ACCESS)
    app_name = "C:\\Windows\\System32\\cmd.exe"
    creation_flags = wcon.CREATE_NEW_CONSOLE
    si = wproc.STARTUPINFO()

    hproc, hthr, pid, tid = wproc.CreateProcessAsUser(token, app_name, None,
        None, None, 0, creation_flags,
        None, None, si)

    print("New PId: {:d}".format(pid))
    wapi.CloseHandle(token)

if __name__ == "__main__":
    print("Python {:s} {:03d}bit on {:s}\n".format(" ".join(elem.strip() for elem in sys.version.split("\n")),
                                                   64 if sys.maxsize > 0x100000000 else 32, sys.platform))
    rc = main(*sys.argv[1:])
    print("\nDone.")
    sys.exit(rc)

Output:

>    [cfati@CFATI-5510-0:e:\Work\Dev\StackOverflow\q075358233]> "e:\Work\Dev\VEnvs\py_pc064_03.10_test0\Scripts\python.exe" ./code00.py
>    Python 3.10.9 (tags/v3.10.9:1dd9be6, Dec  6 2022, 20:01:21) [MSC v.1934 64 bit (AMD64)] 064bit on win32
>
>    New PId: 20512
>
>    Done.

And a new Cmd window popped up. Note that my user has full administrative (God like) privileges.

Similar situations:

英文:

It's not a good idea to mix libraries / tools / frameworks, when things can be done in one of them. In this case:

At 1<sup>st</sup> glance, this situation seems to be one of the exceptions, as CreateProcessWithTokenW is not wrapped by PyWin32.

I played a bit with your code after fixing some errors:

but I couldn't get it to work (got ERROR_TOKEN_ALREADY_IN_USE). Note that I didn't spend much time investigating (adjusting the token privileges, ...), because I paid more attention to what [MS.Learn]: CreateProcessWithTokenW function (winbase.h) states:

> The process that calls CreateProcessWithTokenW must have the SE_IMPERSONATE_NAME privilege. If this function fails with ERROR_PRIVILEGE_NOT_HELD (1314), use the CreateProcessAsUser or CreateProcessWithLogonW function instead.

code00.py:

#!/usr/bin/env python

import sys

import win32api as wapi
import win32con as wcon
import win32process as wproc
import win32security as wsec


def main(*argv):
    token = wsec.OpenProcessToken(wproc.GetCurrentProcess(), wsec.TOKEN_ALL_ACCESS)
    #print(wsec.GetTokenInformation(token, wsec.TokenType))
    app_name = &quot;C:\\Windows\\System32\\cmd.exe&quot;
    creation_flags = wcon.CREATE_NEW_CONSOLE
    si = wproc.STARTUPINFO()

    hproc, hthr, pid, tid = wproc.CreateProcessAsUser(token, app_name, None,
        None, None, 0, creation_flags,
        None, None, si)

    print(&quot;New PId: {:d}&quot;.format(pid))
    wapi.CloseHandle(token)


if __name__ == &quot;__main__&quot;:
    print(&quot;Python {:s} {:03d}bit on {:s}\n&quot;.format(&quot; &quot;.join(elem.strip() for elem in sys.version.split(&quot;\n&quot;)),
                                                   64 if sys.maxsize &gt; 0x100000000 else 32, sys.platform))
    rc = main(*sys.argv[1:])
    print(&quot;\nDone.\n&quot;)
    sys.exit(rc)

Output:

>
&gt; [cfati@CFATI-5510-0:e:\Work\Dev\StackOverflow\q075358233]&gt; &quot;e:\Work\Dev\VEnvs\py_pc064_03.10_test0\Scripts\python.exe&quot; ./code00.py
&gt; Python 3.10.9 (tags/v3.10.9:1dd9be6, Dec 6 2022, 20:01:21) [MSC v.1934 64 bit (AMD64)] 064bit on win32
&gt;
&gt; New PId: 20512
&gt;
&gt; Done.
&gt;

And a new Cmd window popped up. Note that my user has full administrative (God like) privileges.

Similar situations:

huangapple
  • 本文由 发表于 2023年2月6日 15:01:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/75358233.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定