createprocessasuser
-------- createprocessEx.h文件 -------- #ifndef _CREATE_PROCESS_EX_H_ #define _CREATE_PROCESS_EX_H_ #include <windows.h> #include "tchar.h" #pragma comment(lib, "shell32") #pragma comment(lib, "user32") #pragma comment(lib, "Advapi32.lib") //以普通权限启动进程 BOOL CreateProcessLow(TCHAR * lpAPPlicationName, TCHAR * lpcommandLine = NULL, TCHAR * lpDirectory = NULL, UINTnShow = SW_SHOWNORMAL); //以管理员权限启动进程 BOOL CreateProcessHigh(TCHAR * strProcessName, TCHAR * strCommandLine = NULL, TCHAR * lpDirectory = NULL, UINTnShow = SW_SHOWNORMAL); #endif //_CREATE_PROCESS_EX_H_ -------- CreateProcessEx.h文件 -------- -------- CreateProcessEx.cpp文件 -------- #include "CreateProcessEx.h" #include <string> using namespace std; typedef BOOL (WINAPI *F_CreateProcessWithTokenW)( __in handle hToken, __in Dword dwLogonFlags, __in LPCWSTR lpApplicationName, __in LPWSTR lpCommandLine, __in dword dwCreationFlags, __in LPVOID lpenvironment, __in LPCWSTR lpCurrentDirectory, __in LPSTARTUPINFOW lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInfo ); HANDLE DupExplorerToken(); BOOL IsVistaOrLater(); BOOL IsAdminPrivilege(); //以普通权限启动进程 BOOL CreateProcessLow(TCHAR * lpApplicationName, TCHAR * lpCommandLine, TCHAR * lpDirectory, UINTnShow) { if (!IsVistaOrLater() || !IsAdminPrivilege()) { Hinstance hRet = ShellExecute(NULL, _T("open"), lpApplicationName, lpCommandLine, lpDirectory, nShow); return ((int)hRet > 32); } HANDLE hToken = DupExplorerToken(); if (hToken == NULL) return FALSE; static HMODULE hDll = loadlibrary(_T("ADVAPI32.dll")); if (!hDll) { CloseHandle(hToken); return FALSE; } F_CreateProcessWithTokenW pfn = (F_CreateProcessWithTokenW)GetProcAddress(hDll, "CreateProcessWithTokenW"); if (!pfn) { CloseHandle(hToken); return FALSE; } STARTUPINFO si = {sizeof(STARTUPINFO)}; PROCESS_INFORMATION pi = {0}; BOOL ret = pfn(hToken, LOGON_WITH_profile, lpApplicationName, lpCommandLine, NORMAL_priority_CLASS, NULL, lpDirectory, &si, &pi); if (ret) { CloseHandle(pi.hProcess); CloseHandle(pi.hThread); } CloseHandle(hToken); return ret; } //以管理员权限启动进程 BOOL CreateProcessHigh(TCHAR * lpApplicationName, TCHAR * lpCommandLine, TCHAR * lpDirectory, UINTnShow) { #ifdef _unicode wstring command; #else string command; #endif if (lpCommandLine) { command = lpCommandLine; } if (IsVistaOrLater() && !IsAdminPrivilege()) { command += _T(" -Admin"); } HINSTANCE hRet = ShellExecute(NULL, _T("runas"), lpApplicationName, command.c_str(), lpDirectory, nShow); return ((int)hRet > 32); } HANDLE DupExplorerToken() { DWORD dwPid = 0; HWND hwnd = FindWindow(_T("Shell_TrayWnd"), NULL); if (NULL == hwnd) return NULL; GetWindowThreadProcessId(hwnd, &dwPid); if (dwPid == 0) return NULL; HANDLE hExplorer = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwPid); if (hExplorer == NULL) return NULL; HANDLE hToken = NULL; OpenProcessToken(hExplorer, TOKEN_DUPLICATE, &hToken); CloseHandle(hExplorer); HANDLE hNewToken = NULL; DuplicateTokenEx(hToken, TOKEN_ALL_ACCESS, NULL, SecurityImpersonation, TokenPrimary, &hNewToken); CloseHandle(hToken); return hNewToken; } BOOL IsVistaOrLater() { OSVERSIONINFOEX version = {sizeof(OSVERSIONINFOEX)}; if (!GetVersionEx((LPOSVERSIONINFO)&version)) { version.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); if (!GetVersionEx((LPOSVERSIONINFO)&version)) { return FALSE; } } return (version.dwMajorVersion >= 6); } BOOL IsAdminPrivilege() { BOOL bIsAdmin = FALSE; BOOL bRet = FALSE; SID_IDENTIFIER_AUTHORITY idetifier = SECURITY_NT_AUTHORITY; PSID pAdMinistratorGroup; if (AllocateAndInitializeSid( &idetifier, 2, SECURITY_BUILTIN_DOMaiN_RID, DOMAIN_ALIAS_RID_ADMINS, 0,0,0,0,0,0, &pAdministratorGroup)) { if (!CheckTokenMembership(NULL, pAdministratorGroup, &bRet)) { bIsAdmin = FALSE; } if (bRet) { bIsAdmin = TRUE; } FreeSid(pAdministratorGroup); } return bIsAdmin; } -------- CreateProcessEx.cpp文件 --------
相关阅读
最近写代码,要把进程启到别的session下,要用到CreateProcessAsUser函数。 查阅了MSDN, 整理了参数说明供日后查阅。先看函数原型BO
高 管理权限(进程可以将文件安装到“Program Files”文件夹,并写入敏感注册表区域,如 HKEY_LOCAL_MACHINE。)中 用户权限(进程可在用户