0
我在打印机监视器中已经写入以下功能。如果我把我的exe文件保存在Sys32目录下,那么它工作正常,但是因为L“c:\ 1 \ MyApp.exe”它永远不会执行exe文件。我正在使用Windows VISTA系统。CreateProcessAsUser未从非Sys32目录执行应用程序
任何人都可以帮助我吗?
BOOL StartProcess(PROCESS_INFORMATION *pi, STARTUPINFO *si)
{
BOOL bResult = FALSE;
DWORD dwSessionId = 0,explorerPid = 0;
HANDLE hUserTokenDup = NULL,hPToken=NULL,hProcess=NULL, hUserToken = NULL;
DWORD dwCreationFlags, zp;
LPVOID pEnv =NULL;
DWORD winlogonSessId;
TOKEN_PRIVILEGES tp;
LUID luid;
wchar_t buff[300];
// get session ID
dwSessionId = GetSessionID();
//////////////////////////////////////////
// Find the explorer.exe process
////////////////////////////////////////
PROCESSENTRY32 procEntry;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnap == INVALID_HANDLE_VALUE)
{
wsprintf(buff,L"StartProcess - INVALID_HANDLE_VALUE %d\n",__LINE__);
syslog3(buff);
return FALSE;
}
procEntry.dwSize = sizeof(PROCESSENTRY32);
if (!Process32First(hSnap, &procEntry))
{
wsprintf(buff,L"StartProcess - Process32First fails %d\n",__LINE__);
syslog3(buff);
return FALSE;
}
do
{
if (wcscmp(procEntry.szExeFile, L"explorer.exe") == 0)
{
// We found a explorer process...
// make sure it's running in the console session
winlogonSessId = 0;
if (ProcessIdToSessionId(procEntry.th32ProcessID, &winlogonSessId)
&& winlogonSessId == dwSessionId)
{
explorerPid = procEntry.th32ProcessID;
break;
}
}
} while (Process32Next(hSnap, &procEntry));
////////////////////////////////////////////////////////////////////////
dwCreationFlags = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE;
ZeroMemory(si, sizeof(STARTUPINFO));
si->cb= sizeof(STARTUPINFO);
si->lpDesktop = L"winsta0\\default";
si->wShowWindow = SW_SHOW;
si->dwFlags = STARTF_USESHOWWINDOW;
//ZeroMemory(pi, sizeof(pi));
hProcess = OpenProcess(MAXIMUM_ALLOWED, FALSE, explorerPid);
if(!::OpenProcessToken(hProcess,TOKEN_DUPLICATE|TOKEN_ASSIGN_PRIMARY|TOKEN_ADJUST_SESSIONID
|TOKEN_READ|TOKEN_WRITE,&hPToken))
{
SendInfoMessage(TEXT(LNG_ERROR_OPEN_TOKEN),MB_OK, &zp);
goto Cleanup;
}
if (!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid))
{
goto Cleanup;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid =luid;
tp.Privileges[0].Attributes =SE_PRIVILEGE_ENABLED;
if(!DuplicateTokenEx(hPToken,MAXIMUM_ALLOWED,NULL,
SecurityIdentification,TokenPrimary,&hUserTokenDup))
{
goto Cleanup;
}
SetTokenInformation(hUserTokenDup,
TokenSessionId,(void*)dwSessionId,sizeof(DWORD));
if(!AdjustTokenPrivileges(hUserTokenDup,FALSE,&tp,sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES)NULL,NULL))
{
goto Cleanup;
}
pEnv = NULL;
if(CreateEnvironmentBlock(&pEnv,hUserTokenDup,TRUE))
{
dwCreationFlags |= CREATE_UNICODE_ENVIRONMENT;
}
else
pEnv = NULL;
wsprintf(buff,L"Now Executing File %d\n",__LINE__);
syslog3(buff);
// Launch the process in the client's logon session.
bResult = CreateProcessAsUser(
hUserTokenDup, // client's access token
L"C:\\1\\MyApp.exe",
NULL, // command line
NULL, // pointer to process SECURITY_ATTRIBUTES
NULL, // pointer to thread SECURITY_ATTRIBUTES
FALSE, // handles are not inheritable
dwCreationFlags, // creation flags
pEnv, // pointer to new environment block
NULL, // name of current directory
si, // pointer to STARTUPINFO structure
pi // receives information about new process
);
RevertToSelf();
DestroyEnvironmentBlock(pEnv);
wsprintf(buff,L"After Executing File %d\n",__LINE__);
syslog3(buff);
Cleanup:
//Perform All the Close Handles tasks
if (hUserToken != INVALID_HANDLE_VALUE)
CloseHandle(hUserToken);
if (hProcess != INVALID_HANDLE_VALUE)
CloseHandle(hProcess);
if (hUserTokenDup != INVALID_HANDLE_VALUE)
CloseHandle(hUserTokenDup);
if (hPToken != INVALID_HANDLE_VALUE)
CloseHandle(hPToken);
return bResult;
}
CreateProcessAsUser返回什么值?如果它返回零(表示一个错误),GetLastError()函数返回什么? – 2011-05-26 16:14:49
我没有得到CreateProcessAsUser函数的返回值,因此无法检查GetLastError值。对于目前在Sys32目录中的exe,我将CreateProcessAsUser函数的返回值设为0。 – Hiren 2011-05-26 16:39:38
@NatashsaD你会得到一个返回值。你不能从函数中获得返回值!你把它存储在'bResult'中。祈祷告诉,它是什么? – 2011-05-26 18:48:59