ctypes.ArgumentError: argument 1: TypeError: Don't know how to convert parameter 1
Question:
my code..
import ctypes
import win32security
h_token = win32security.OpenProcessToken(ctypes.windll.kernel32.GetCurrentProcess(), win32security.TOKEN_ALL_ACCESS)
lpApplicationName = ctypes.c_wchar_p(rf"C:\Windows\System32\cmd.exe")
lpCommandLine = ctypes.c_wchar_p("")
dwCreationFlags = 0x00000010
lpEnvironment = None
lpProcessAttributes = None
lpThreadAttributes = None
bInheritHandles = False
ctypes.windll.advapi32.CreateProcessWithTokenW(h_token, 0, lpApplicationName, lpCommandLine, dwCreationFlags, lpEnvironment, None, lpProcessAttributes, lpThreadAttributes, bInheritHandles)
my output…
Traceback (most recent call last):
File "testx.py", line 96, in <module>
ctypes.windll.advapi32.CreateProcessWithTokenW(h_token, 0, lpApplicationName, lpCommandLine, dwCreationFlags, lpEnvironment, None, lpProcessAttributes, lpThreadAttributes, bInheritHandles)
ctypes.ArgumentError: argument 1: TypeError: Don't know how to convert parameter 1
how i can fix it? what i’m doing wrong?, thanks for read and help 🙂
Answers:
The token returned by win32security.OpenProcessToken is a PyHANDLE object. Use int(h_token) to get a value that ctypes will accept. Note that you should set the .argtypes and .restype of a ctypes function or parameters and return value may not convert properly from Python to C.
It’s not a good idea to mix libraries / tools / frameworks, when things can be done in one of them. In this case:
-
[GitHub]: mhammond/pywin32 – Python for Windows (pywin32) Extensions is a Python wrapper over WinAPIs. Documentation (WiP) can be found at [GitHub.MHammond]: Python for Win32 Extensions Help (or [ME.TimGolden]: Python for Win32 Extensions Help)
-
[Python.Docs]: ctypes – A foreign function library for Python
At 1st glance, this situation seems to be one of the exceptions, as CreateProcessWithTokenW is not wrapped by PyWin32.
I played a bit with your code after fixing some errors:
-
Pass h_token.handle to CreateProcessWithTokenW
-
Fix Undefined Behavior (check [SO]: C function called from Python via ctypes returns incorrect value (@CristiFati’s answer) for a common pitfall when working with CTypes (calling functions))
but I couldn’t get it to work (got ERROR_TOKEN_ALREADY_IN_USE). Note that I didn’t spend much time investigating (adjusting the token privileges, …), because I paid more attention to what [MS.Learn]: CreateProcessWithTokenW function (winbase.h) states:
The process that calls CreateProcessWithTokenW must have the SE_IMPERSONATE_NAME privilege. If this function fails with ERROR_PRIVILEGE_NOT_HELD (1314), use the CreateProcessAsUser or CreateProcessWithLogonW function instead.
code00.py:
#!/usr/bin/env python
import sys
import win32api as wapi
import win32con as wcon
import win32process as wproc
import win32security as wsec
def main(*argv):
token = wsec.OpenProcessToken(wproc.GetCurrentProcess(), wsec.TOKEN_ALL_ACCESS)
#print(wsec.GetTokenInformation(token, wsec.TokenType))
app_name = "C:\Windows\System32\cmd.exe"
creation_flags = wcon.CREATE_NEW_CONSOLE
si = wproc.STARTUPINFO()
hproc, hthr, pid, tid = wproc.CreateProcessAsUser(token, app_name, None,
None, None, 0, creation_flags,
None, None, si)
print("New PId: {:d}".format(pid))
wapi.CloseHandle(token)
if __name__ == "__main__":
print("Python {:s} {:03d}bit on {:s}n".format(" ".join(elem.strip() for elem in sys.version.split("n")),
64 if sys.maxsize > 0x100000000 else 32, sys.platform))
rc = main(*sys.argv[1:])
print("nDone.n")
sys.exit(rc)
Output:
[cfati@CFATI-5510-0:e:WorkDevStackOverflowq075358233]> "e:WorkDevVEnvspy_pc064_03.10_test0Scriptspython.exe" ./code00.py
Python 3.10.9 (tags/v3.10.9:1dd9be6, Dec 6 2022, 20:01:21) [MSC v.1934 64 bit (AMD64)] 064bit on win32
New PId: 20512
Done.
And a new Cmd window popped up. Note that my user has full administrative (God like) privileges.
Similar situations:
my code..
import ctypes
import win32security
h_token = win32security.OpenProcessToken(ctypes.windll.kernel32.GetCurrentProcess(), win32security.TOKEN_ALL_ACCESS)
lpApplicationName = ctypes.c_wchar_p(rf"C:\Windows\System32\cmd.exe")
lpCommandLine = ctypes.c_wchar_p("")
dwCreationFlags = 0x00000010
lpEnvironment = None
lpProcessAttributes = None
lpThreadAttributes = None
bInheritHandles = False
ctypes.windll.advapi32.CreateProcessWithTokenW(h_token, 0, lpApplicationName, lpCommandLine, dwCreationFlags, lpEnvironment, None, lpProcessAttributes, lpThreadAttributes, bInheritHandles)
my output…
Traceback (most recent call last):
File "testx.py", line 96, in <module>
ctypes.windll.advapi32.CreateProcessWithTokenW(h_token, 0, lpApplicationName, lpCommandLine, dwCreationFlags, lpEnvironment, None, lpProcessAttributes, lpThreadAttributes, bInheritHandles)
ctypes.ArgumentError: argument 1: TypeError: Don't know how to convert parameter 1
how i can fix it? what i’m doing wrong?, thanks for read and help 🙂
The token returned by win32security.OpenProcessToken is a PyHANDLE object. Use int(h_token) to get a value that ctypes will accept. Note that you should set the .argtypes and .restype of a ctypes function or parameters and return value may not convert properly from Python to C.
It’s not a good idea to mix libraries / tools / frameworks, when things can be done in one of them. In this case:
-
[GitHub]: mhammond/pywin32 – Python for Windows (pywin32) Extensions is a Python wrapper over WinAPIs. Documentation (WiP) can be found at [GitHub.MHammond]: Python for Win32 Extensions Help (or [ME.TimGolden]: Python for Win32 Extensions Help)
-
[Python.Docs]: ctypes – A foreign function library for Python
At 1st glance, this situation seems to be one of the exceptions, as CreateProcessWithTokenW is not wrapped by PyWin32.
I played a bit with your code after fixing some errors:
-
Pass
h_token.handleto CreateProcessWithTokenW -
Fix Undefined Behavior (check [SO]: C function called from Python via ctypes returns incorrect value (@CristiFati’s answer) for a common pitfall when working with CTypes (calling functions))
but I couldn’t get it to work (got ERROR_TOKEN_ALREADY_IN_USE). Note that I didn’t spend much time investigating (adjusting the token privileges, …), because I paid more attention to what [MS.Learn]: CreateProcessWithTokenW function (winbase.h) states:
The process that calls CreateProcessWithTokenW must have the SE_IMPERSONATE_NAME privilege. If this function fails with ERROR_PRIVILEGE_NOT_HELD (1314), use the CreateProcessAsUser or CreateProcessWithLogonW function instead.
code00.py:
#!/usr/bin/env python
import sys
import win32api as wapi
import win32con as wcon
import win32process as wproc
import win32security as wsec
def main(*argv):
token = wsec.OpenProcessToken(wproc.GetCurrentProcess(), wsec.TOKEN_ALL_ACCESS)
#print(wsec.GetTokenInformation(token, wsec.TokenType))
app_name = "C:\Windows\System32\cmd.exe"
creation_flags = wcon.CREATE_NEW_CONSOLE
si = wproc.STARTUPINFO()
hproc, hthr, pid, tid = wproc.CreateProcessAsUser(token, app_name, None,
None, None, 0, creation_flags,
None, None, si)
print("New PId: {:d}".format(pid))
wapi.CloseHandle(token)
if __name__ == "__main__":
print("Python {:s} {:03d}bit on {:s}n".format(" ".join(elem.strip() for elem in sys.version.split("n")),
64 if sys.maxsize > 0x100000000 else 32, sys.platform))
rc = main(*sys.argv[1:])
print("nDone.n")
sys.exit(rc)
Output:
[cfati@CFATI-5510-0:e:WorkDevStackOverflowq075358233]> "e:WorkDevVEnvspy_pc064_03.10_test0Scriptspython.exe" ./code00.py Python 3.10.9 (tags/v3.10.9:1dd9be6, Dec 6 2022, 20:01:21) [MSC v.1934 64 bit (AMD64)] 064bit on win32 New PId: 20512 Done.
And a new Cmd window popped up. Note that my user has full administrative (God like) privileges.
Similar situations: