Why CreateProcessAsUser throws an exception ?

[vitkuz573]

There is a function like this:

public static unsafe bool CreateProcess(string applicationName, int targetSessionId, bool forceConsoleSession, string desktopName, out PROCESS_INFORMATION procInfo)
{
    uint winlogonPid = 0;
        
    SafeFileHandle hProcess;
    SafeFileHandle hPToken;
    SafeFileHandle hUserTokenDup;
        
    procInfo = new PROCESS_INFORMATION();
        
    var dwSessionId = WTSGetActiveConsoleSessionId();
        
    if (!forceConsoleSession)
    {
        var activeSessions = GetActiveSessions();
        
        if (activeSessions.Any(x => x.ID == targetSessionId))
        {
            dwSessionId = (uint)targetSessionId;
        }
        else
        {
            dwSessionId = activeSessions.Last().ID;
        }
    }
        
    foreach (var process in Process.GetProcessesByName("winlogon"))
    {
        if ((uint)process.SessionId == dwSessionId)
        {
            winlogonPid = (uint)process.Id;
        }
    }
        
    hProcess = OpenProcess_SafeHandle(PROCESS_ACCESS_RIGHTS.PROCESS_ALL_ACCESS, false, winlogonPid);
        
    if (!OpenProcessToken(hProcess, TOKEN_ACCESS_MASK.TOKEN_DUPLICATE, out hPToken))
    {
        return false;
    }
        
    var sa = new SECURITY_ATTRIBUTES();
    sa.nLength = (uint)Marshal.SizeOf(sa);
        
    if (!DuplicateTokenEx(hPToken, TOKEN_ACCESS_MASK.TOKEN_ALL_ACCESS, sa, SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, TOKEN_TYPE.TokenPrimary, out hUserTokenDup))
    {
        return false;
    }

    fixed (char* pdesktopName = @"winsta0\" + desktopName)
    {
        STARTUPINFOW si = default;
        si.cb = (uint)Marshal.SizeOf(si);
        si.lpDesktop = pdesktopName;

        var dwCreationFlags = PROCESS_CREATION_FLAGS.NORMAL_PRIORITY_CLASS | PROCESS_CREATION_FLAGS.CREATE_UNICODE_ENVIRONMENT | PROCESS_CREATION_FLAGS.CREATE_NO_WINDOW;
        si.dwFlags = STARTUPINFOW_FLAGS.STARTF_USESHOWWINDOW;
        si.wShowWindow = 0;

        var appName = new Span<char>(applicationName.ToCharArray());

        return CreateProcessAsUser(hUserTokenDup, null, ref appName, sa, sa, false, (uint)dwCreationFlags, null, null, si, out procInfo);
    }
}

This code throws an exception:
Required null terminator missing. (Parameter 'lpCommandLine')

I call it like this:

CreateProcess(@"C:\test.exe", -1, true, "default", out _)

[vitkuz573]

Sorry. Problem solved by adding char.MinValue to applicationName

[AArnott]

The issue is the CreateProcessAsUser API requires a null terminator for its lpCommandLine parameter, and when you called string.ToCharArray, you created a Span<char> that did not include a null terminator. Appending char.MinValue works because that is a null character, but I'll just say the conventional syntax to do this is '\0'. If you allocate the span first, making it one character longer than required, and then copy the string into it, you'll have the null character at the end that you need.

[vitkuz573]

Thanks, I'll keep that in mind.