CreateProcessAsUser的用法
2008-12-16 15:33
316 查看
最近太忙了,忙着弄公司的产品,现在好不容易有点时间来写点东西,代码很乱,没有整理,只是提供思路
DWORD __stdcall INTER_GetExplorerToken(OUT PHANDLE phExplorerToken )
{
DWORD dwStatus = ERROR_FILE_NOT_FOUND ;
BOOL bRet = FALSE ;
HANDLE hProcess = NULL ;
HANDLE hProcessSnap = NULL ;
char szExplorerPath[MAX_PATH] = { 0 } ;
char FileName[MAX_PATH] = { 0 } ;
PROCESSENTRY32 pe32 = { 0 } ;
__try
{
GetWindowsDirectory( szExplorerPath , MAX_PATH ) ;
strcat( szExplorerPath , "//Explorer.EXE" ) ;
hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS , 0 ) ;
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
dwStatus = GetLastError() ;
__leave ;
}
pe32.dwSize = sizeof( PROCESSENTRY32 ) ;
if( !Process32First( hProcessSnap, &pe32 ))
{
dwStatus = GetLastError() ;
__leave ;
}
do {
hProcess = OpenProcess(
PROCESS_ALL_ACCESS ,
FALSE ,
pe32.th32ProcessID ) ;
if( NULL != hProcess )
{
DWORD (__stdcall *GMFNE)(HANDLE hProcess,
HMODULE hModule,
LPTSTR lpFilename,
DWORD nSize);
HMODULE hPsapi=LoadLibrary("PSAPI");
if ( ! hPsapi )
{
dwStatus = GetLastError() ;
break ;
}
GMFNE=(DWORD (__stdcall *) (HANDLE, HMODULE,LPTSTR,DWORD))GetProcAddress(hPsapi,"GetModuleFileNameExA");
if ( GMFNE(hProcess , NULL , FileName , MAX_PATH) )
{
if( !strcmpi( FileName , szExplorerPath ))
{
HANDLE hToken ;
if( OpenProcessToken( hProcess , TOKEN_ALL_ACCESS , &hToken ))
{
* phExplorerToken = hToken ;
dwStatus = 0 ;
}
break ;
}
}
CloseHandle ( hProcess ) ;
hProcess = NULL ;
}
} while( Process32Next( hProcessSnap, &pe32 )) ;
}
__finally
{
if( NULL != hProcess )
{
CloseHandle( hProcess ) ;
}
if( NULL != hProcessSnap )
{
CloseHandle ( hProcessSnap ) ;
}
}
return dwStatus ;
}
void CMy08222008Dlg::OnButton1()
{
// TODO: Add your control notification handler code here
HANDLE hPtoken = NULL ;
INTER_GetExplorerToken( &hPtoken ) ;
PROCESS_INFORMATION pi;
STARTUPINFO si = { sizeof(STARTUPINFO),NULL,"",NULL,0,0,0,0,0,0,0,STARTF_USESHOWWINDOW,0,0,NULL,0,0,0};
si.wShowWindow = SW_SHOW;
si.lpDesktop = NULL;
ZeroMemory( &pi, sizeof(pi) );
CreateProcessAsUser( hPtoken ,"c://autoruns.exe",NULL ,
NULL,NULL,FALSE , NORMAL_PRIORITY_CLASS| CREATE_NEW_CONSOLE ,NULL,NULL,&si,&pi ) ;
Sleep(1000);
CloseHandle( pi.hProcess );
CloseHandle( pi.hThread );
}
DWORD __stdcall INTER_GetExplorerToken(OUT PHANDLE phExplorerToken )
{
DWORD dwStatus = ERROR_FILE_NOT_FOUND ;
BOOL bRet = FALSE ;
HANDLE hProcess = NULL ;
HANDLE hProcessSnap = NULL ;
char szExplorerPath[MAX_PATH] = { 0 } ;
char FileName[MAX_PATH] = { 0 } ;
PROCESSENTRY32 pe32 = { 0 } ;
__try
{
GetWindowsDirectory( szExplorerPath , MAX_PATH ) ;
strcat( szExplorerPath , "//Explorer.EXE" ) ;
hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS , 0 ) ;
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
dwStatus = GetLastError() ;
__leave ;
}
pe32.dwSize = sizeof( PROCESSENTRY32 ) ;
if( !Process32First( hProcessSnap, &pe32 ))
{
dwStatus = GetLastError() ;
__leave ;
}
do {
hProcess = OpenProcess(
PROCESS_ALL_ACCESS ,
FALSE ,
pe32.th32ProcessID ) ;
if( NULL != hProcess )
{
DWORD (__stdcall *GMFNE)(HANDLE hProcess,
HMODULE hModule,
LPTSTR lpFilename,
DWORD nSize);
HMODULE hPsapi=LoadLibrary("PSAPI");
if ( ! hPsapi )
{
dwStatus = GetLastError() ;
break ;
}
GMFNE=(DWORD (__stdcall *) (HANDLE, HMODULE,LPTSTR,DWORD))GetProcAddress(hPsapi,"GetModuleFileNameExA");
if ( GMFNE(hProcess , NULL , FileName , MAX_PATH) )
{
if( !strcmpi( FileName , szExplorerPath ))
{
HANDLE hToken ;
if( OpenProcessToken( hProcess , TOKEN_ALL_ACCESS , &hToken ))
{
* phExplorerToken = hToken ;
dwStatus = 0 ;
}
break ;
}
}
CloseHandle ( hProcess ) ;
hProcess = NULL ;
}
} while( Process32Next( hProcessSnap, &pe32 )) ;
}
__finally
{
if( NULL != hProcess )
{
CloseHandle( hProcess ) ;
}
if( NULL != hProcessSnap )
{
CloseHandle ( hProcessSnap ) ;
}
}
return dwStatus ;
}
void CMy08222008Dlg::OnButton1()
{
// TODO: Add your control notification handler code here
HANDLE hPtoken = NULL ;
INTER_GetExplorerToken( &hPtoken ) ;
PROCESS_INFORMATION pi;
STARTUPINFO si = { sizeof(STARTUPINFO),NULL,"",NULL,0,0,0,0,0,0,0,STARTF_USESHOWWINDOW,0,0,NULL,0,0,0};
si.wShowWindow = SW_SHOW;
si.lpDesktop = NULL;
ZeroMemory( &pi, sizeof(pi) );
CreateProcessAsUser( hPtoken ,"c://autoruns.exe",NULL ,
NULL,NULL,FALSE , NORMAL_PRIORITY_CLASS| CREATE_NEW_CONSOLE ,NULL,NULL,&si,&pi ) ;
Sleep(1000);
CloseHandle( pi.hProcess );
CloseHandle( pi.hThread );
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 以不同用户身份运行程序,/savecred只需要输入一次密码(GetTokenByName取得EXPLORER.EXE的令牌,然后调用CreateProcessAsUser,而且使用LoadUserProfile解决另存文件的问题)good
- 创建新进程,就三个函数CreateProcessAsUser CreateProcessWithLogonW CreateProcessWithTokenW(附网友的流程)
- CreateProcessAsUser,C#写的windows服务弹框提示消息或者启动子进程
- mpich出现LaunchProcess failed,CreateProcessAsUser failed,拒绝访问
- 用CreateProcessAsUser 创建最低权限进程
- 使用CreateProcessAsUser的范例代码
- CreateProcessAsUser() windowstations 和桌面
- 【工作中学习】CreateProcessAsUser失败,错误码:1314
- 转: CreateProcessAsUser 0xC0000005访问冲突问题
- CreateProcessAsUser
- CreateProcessAsUser Function
- Win7中如何在服务中启动一个当前用户的进程——函数CreateProcessAsUser()的一次使用记录
- CreateProcessAsUser
- sendBroadcastAsUser——Calling a method in the system process without a qualified user 包含去电流程
- 一个简单的以User权限启动外部应用程序(用NetUserAdd函数和USER_INFO_1结构体动态添加用户,然后用CreateProcessWithLogonW启动程序)good
- sendBroadcastAsUser——Calling a method in the system process without a qualified user
- sendBroadcastAsUser——Calling a method in the system process without a qualified user
- create process as system privilege
- how to set a user-defined process as the system key process
- [转载]关于NtCreateUserProcess和NtCreateThreadEx的参数