15,471
社区成员
发帖
与我相关
我的任务
分享
HANDLE hToken;
//创建进程快照
PROCESSENTRY32 pe32 = { 0 };
pe32.dwSize = sizeof(pe32);
HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (hSnapShot!=0 && hSnapShot!=INVALID_HANDLE_VALUE)
{
BOOL bRet = Process32FirstW(hSnapShot,&pe32);
while(bRet)
{
if (_tcsicmp(pe32.szExeFile,L"Explorer.EXE") == 0)
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,false,pe32.th32ProcessID);
if (hProcess!=NULL)
{
BOOL flag = OpenProcessToken(hProcess,TOKEN_ALL_ACCESS,&hToken);
CloseHandle(hProcess);
}
break;
}
bRet = Process32Next(hSnapShot,&pe32);
}
CloseHandle(hSnapShot);
}
STARTUPINFO si ={sizeof(si)};
PROCESS_INFORMATION pi;
//TCHAR FileName[256] 外部EXE的完整路径
BOOL bSuccess = CreateProcessAsUser(hToken,FileName,NULL,NULL,NULL,FALSE,NULL,NULL,NULL,&si,&pi);
BOOL bSuccess = FALSE;
STARTUPINFO si = {0};
// 进程信息
PROCESS_INFORMATION pi = {0};
si.cb = sizeof(si);
// 获得当前Session ID
DWORD dwSessionID = WTSGetActiveConsoleSessionId();
HANDLE hToken = NULL;
// 获得当前Session的用户令牌
if (WTSQueryUserToken(dwSessionID, &hToken) == FALSE)
{
goto Cleanup;
}
// 复制令牌
HANDLE hDuplicatedToken = NULL;
if (DuplicateTokenEx(hToken,
MAXIMUM_ALLOWED, NULL,
SecurityIdentification, TokenPrimary,
&hDuplicatedToken) == FALSE)
{
goto Cleanup;
}
// 创建用户Session环境
LPVOID lpEnvironment = NULL;
if (CreateEnvironmentBlock(&lpEnvironment,
hDuplicatedToken, FALSE) == FALSE)
{
goto Cleanup;
}
// 在复制的用户Session下执行应用程序,创建进程。
// 通过这个进程,就可以显示各种复杂的用户界面了
if (CreateProcessAsUser(hDuplicatedToken,
exeFilePath, NULL, NULL, NULL, FALSE,
NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE | CREATE_UNICODE_ENVIRONMENT,
lpEnvironment, NULL, &si, &pi) == FALSE)
{
/*DWORD errCode = GetLastError();
char msg[100] = {0};
sprintf(msg,"CreateProcessAsUser Error: %d",errCode);
OutputDebugStringA(msg);*/
goto Cleanup;
}
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
bSuccess = TRUE;
// 清理工作
Cleanup:
if (hToken != NULL)
CloseHandle(hToken);
if (hDuplicatedToken != NULL)
CloseHandle(hDuplicatedToken);
if (lpEnvironment != NULL)
DestroyEnvironmentBlock(lpEnvironment);
但这个代码下,其他都是正常的,就是在开启了UAC的电脑上不能运行进程,GetLastError是740,说需要提升权限。。