powershell process failing when launched by an exe with dwCreationFlags=0 for CreateProcessAsUser()

Question

Issue :

(1) On windows server 2008 R2 x64 system

(2) a1.exe running as user u1, calls CreateProcess() API with dwCreationFlags=0 to launch a2.exe.

(3) a2.exe calls CreateProcessAsUser() API with dwCreationFlags=CREATE_BREAKAWAY_FROM_JOB | CREATE_SUSPENDED to launch powershell.exe as user u2

(4) a1.exe calls a2.exe 5 times

(5) powershell command-line is "powershell.exe -command echo Hi"

(6) Only 1st powershell process ran successfully, and returned the output "Hi" to a1.exe, and with exit code 0

(7) Every other (2 to 5) powershell processes failed with exit code 1

Fix :

(1) Fixed the problem with a2.exe calling CreateProcessAsUser() API with dwCreationFlags=CREATE_BREAKAWAY_FROM_JOB | CREATE_SUSPENDED | CREATE_NO_WINDOW to launch powershell process.

Things I know :

(1) powershell is a console application process, and hence would use the console window of parent process a2.exe in the failing case.

(2) In the 5 invocations, a1.exe process, 5 a2.exe processes, and 5 powershell.exe processes would all use the same console window, i.e. of a1.exe

(3) In the working case, powershell process would neither use the console window of the parent process a2.exe nor would it create a new console window i.e. console handle wouldn't be set for powershell process.

(4) No such problems in pre-vista systems (xp, 2003, etc) -- i.e. powershell process succeeds in all 5 launches even w/o the use of CREATE_NO_WINDOW attribute.

My suspicion :

Looks like, in post-vista systems (2008, 7, 8), powershell processes are facing problems when they are asked to use same console window. (no issues when powershell processes are launched with no console window (CREATE_NO_WINDOW) or with distinct console windows (CREATE_NEW_CONSOLE) or when not using the parent process's console window (DETACHED_PROCESS).

My question :

Is my suspicion above correct. Request to please help me understand powershell limitations on post-vista systems, especially w.r.t console sharing.

Madhukiran

Answer 1

powershell is a console application process

Yes and no. Fundamentally PowerShell is a hostable automation engine that requires no Window or console. However the PowerShell engine is .NET based so you'd need to host it in a C# (or VB or C++/CLI) app.

What you typically use when you fire up PowerShell.exe is a thin, console app wrapper that is actually a native app that bootstraps the CLR and the PowerShell engine (in the System.Management.Automation namespace).