如何在Window服务中创建当前用户权限的子进程

void CreateMyProcess()
{
    DWORD dwSessionID = WTSGetActiveConsoleSessionId();
    HANDLE hToken = NULL;
    HANDLE hTokenDup = NULL;
    LPVOID pEnv = NULL;
    STARTUPINFO si;
    PROCESS_INFORMATION pi;

    //获取当前处于活动状态用户的Token
    if (!WTSQueryUserToken(dwSessionID, &hToken))
    {
        DWORD nCode = GetLastError();
        CloseHandle(hToken);
        return;
    }

    //复制新的Token
    if (!DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hTokenDup))
    {
        DWORD nCode = GetLastError();
        CloseHandle(hToken);
        return;
    }

    //创建环境信息
    if (!CreateEnvironmentBlock(&pEnv, hTokenDup, FALSE))
    {
        DWORD nCode = GetLastError();
        CloseHandle(hTokenDup);
        CloseHandle(hToken);
        return;
    }

    //设置启动参数
    ZeroMemory(&si, sizeof(STARTUPINFO));
    si.cb = sizeof(STARTUPINFO);
    si.lpDesktop = _TEXT("winsta0\\default");

    ZeroMemory(&pi, sizeof(PROCESS_INFORMATION));

    char szCurrentDirectory[MAX_PATH] = {};

    //获取当前工作目录，由GetModuleFileName实现
    //CAppPathUtil::GetAppDir(szCurrentDirectory, MAX_PATH);

    //开始创建进程
    //创建标志信息，这里定义，但至少包含CREATE_UNICODE_ENVIRONMENT 和 NORMAL_PRIORITY_CLASS
    DWORD dwCreateFlag = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE | CREATE_UNICODE_ENVIRONMENT;
    if (!CreateProcessAsUser(hTokenDup, szApp, NULL, NULL, NULL, FALSE, dwCreateFlag, pEnv, szCurrentDirectory, &si, &pi))
    {
        DWORD nCode = GetLastError();
        DestroyEnvironmentBlock(pEnv);
        CloseHandle(hTokenDup);
        CloseHandle(hToken);
        return;
    }

    //附加操作,回收资源
    //等待启动的进程结束
    //WaitForSingleObject(pi.hProcess, INFINITE);
    DestroyEnvironmentBlock(pEnv);
    CloseHandle(hTokenDup);
    CloseHandle(hToken);
}

转载于https://blog.csdn.net/CMbug/article/details/52691180

Jimmy1224

发布了281 篇原创文章 · 获赞 327 · 访问量 66万+

他的留言板关注

如何在Window服务中创建当前用户权限的子进程

猜你喜欢