CreateProcessAsUser 不从非 Sys32 目录执行应用程序
我在打印机监视器中编写了以下功能。如果我将 exe 保存在 Sys32 目录中,那么它可以正常工作,但作为 L"c:\1\MyApp.exe" 它永远不会执行 exe 文件。我使用的是Windows VISTA系统。
有人能帮我吗?
BOOL StartProcess(PROCESS_INFORMATION *pi, STARTUPINFO *si)
{
BOOL bResult = FALSE;
DWORD dwSessionId = 0,explorerPid = 0;
HANDLE hUserTokenDup = NULL,hPToken=NULL,hProcess=NULL, hUserToken = NULL;
DWORD dwCreationFlags, zp;
LPVOID pEnv =NULL;
DWORD winlogonSessId;
TOKEN_PRIVILEGES tp;
LUID luid;
wchar_t buff[300];
// get session ID
dwSessionId = GetSessionID();
//////////////////////////////////////////
// Find the explorer.exe process
////////////////////////////////////////
PROCESSENTRY32 procEntry;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnap == INVALID_HANDLE_VALUE)
{
wsprintf(buff,L"StartProcess - INVALID_HANDLE_VALUE %d\n",__LINE__);
syslog3(buff);
return FALSE;
}
procEntry.dwSize = sizeof(PROCESSENTRY32);
if (!Process32First(hSnap, &procEntry))
{
wsprintf(buff,L"StartProcess - Process32First fails %d\n",__LINE__);
syslog3(buff);
return FALSE;
}
do
{
if (wcscmp(procEntry.szExeFile, L"explorer.exe") == 0)
{
// We found a explorer process...
// make sure it's running in the console session
winlogonSessId = 0;
if (ProcessIdToSessionId(procEntry.th32ProcessID, &winlogonSessId)
&& winlogonSessId == dwSessionId)
{
explorerPid = procEntry.th32ProcessID;
break;
}
}
} while (Process32Next(hSnap, &procEntry));
////////////////////////////////////////////////////////////////////////
dwCreationFlags = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE;
ZeroMemory(si, sizeof(STARTUPINFO));
si->cb= sizeof(STARTUPINFO);
si->lpDesktop = L"winsta0\\default";
si->wShowWindow = SW_SHOW;
si->dwFlags = STARTF_USESHOWWINDOW;
//ZeroMemory(pi, sizeof(pi));
hProcess = OpenProcess(MAXIMUM_ALLOWED, FALSE, explorerPid);
if(!::OpenProcessToken(hProcess,TOKEN_DUPLICATE|TOKEN_ASSIGN_PRIMARY|TOKEN_ADJUST_SESSIONID
|TOKEN_READ|TOKEN_WRITE,&hPToken))
{
SendInfoMessage(TEXT(LNG_ERROR_OPEN_TOKEN),MB_OK, &zp);
goto Cleanup;
}
if (!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid))
{
goto Cleanup;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid =luid;
tp.Privileges[0].Attributes =SE_PRIVILEGE_ENABLED;
if(!DuplicateTokenEx(hPToken,MAXIMUM_ALLOWED,NULL,
SecurityIdentification,TokenPrimary,&hUserTokenDup))
{
goto Cleanup;
}
SetTokenInformation(hUserTokenDup,
TokenSessionId,(void*)dwSessionId,sizeof(DWORD));
if(!AdjustTokenPrivileges(hUserTokenDup,FALSE,&tp,sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES)NULL,NULL))
{
goto Cleanup;
}
pEnv = NULL;
if(CreateEnvironmentBlock(&pEnv,hUserTokenDup,TRUE))
{
dwCreationFlags |= CREATE_UNICODE_ENVIRONMENT;
}
else
pEnv = NULL;
wsprintf(buff,L"Now Executing File %d\n",__LINE__);
syslog3(buff);
// Launch the process in the client's logon session.
bResult = CreateProcessAsUser(
hUserTokenDup, // client's access token
L"C:\\1\\MyApp.exe",
NULL, // command line
NULL, // pointer to process SECURITY_ATTRIBUTES
NULL, // pointer to thread SECURITY_ATTRIBUTES
FALSE, // handles are not inheritable
dwCreationFlags, // creation flags
pEnv, // pointer to new environment block
NULL, // name of current directory
si, // pointer to STARTUPINFO structure
pi // receives information about new process
);
RevertToSelf();
DestroyEnvironmentBlock(pEnv);
wsprintf(buff,L"After Executing File %d\n",__LINE__);
syslog3(buff);
Cleanup:
//Perform All the Close Handles tasks
if (hUserToken != INVALID_HANDLE_VALUE)
CloseHandle(hUserToken);
if (hProcess != INVALID_HANDLE_VALUE)
CloseHandle(hProcess);
if (hUserTokenDup != INVALID_HANDLE_VALUE)
CloseHandle(hUserTokenDup);
if (hPToken != INVALID_HANDLE_VALUE)
CloseHandle(hPToken);
return bResult;
}
I have written following function in my printer monitor. If I keep my exe in Sys32 directory then it works fine but as L"c:\1\MyApp.exe" it never executes the exe file. I am using Windows VISTA system.
Can anyone help me in this?
BOOL StartProcess(PROCESS_INFORMATION *pi, STARTUPINFO *si)
{
BOOL bResult = FALSE;
DWORD dwSessionId = 0,explorerPid = 0;
HANDLE hUserTokenDup = NULL,hPToken=NULL,hProcess=NULL, hUserToken = NULL;
DWORD dwCreationFlags, zp;
LPVOID pEnv =NULL;
DWORD winlogonSessId;
TOKEN_PRIVILEGES tp;
LUID luid;
wchar_t buff[300];
// get session ID
dwSessionId = GetSessionID();
//////////////////////////////////////////
// Find the explorer.exe process
////////////////////////////////////////
PROCESSENTRY32 procEntry;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnap == INVALID_HANDLE_VALUE)
{
wsprintf(buff,L"StartProcess - INVALID_HANDLE_VALUE %d\n",__LINE__);
syslog3(buff);
return FALSE;
}
procEntry.dwSize = sizeof(PROCESSENTRY32);
if (!Process32First(hSnap, &procEntry))
{
wsprintf(buff,L"StartProcess - Process32First fails %d\n",__LINE__);
syslog3(buff);
return FALSE;
}
do
{
if (wcscmp(procEntry.szExeFile, L"explorer.exe") == 0)
{
// We found a explorer process...
// make sure it's running in the console session
winlogonSessId = 0;
if (ProcessIdToSessionId(procEntry.th32ProcessID, &winlogonSessId)
&& winlogonSessId == dwSessionId)
{
explorerPid = procEntry.th32ProcessID;
break;
}
}
} while (Process32Next(hSnap, &procEntry));
////////////////////////////////////////////////////////////////////////
dwCreationFlags = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE;
ZeroMemory(si, sizeof(STARTUPINFO));
si->cb= sizeof(STARTUPINFO);
si->lpDesktop = L"winsta0\\default";
si->wShowWindow = SW_SHOW;
si->dwFlags = STARTF_USESHOWWINDOW;
//ZeroMemory(pi, sizeof(pi));
hProcess = OpenProcess(MAXIMUM_ALLOWED, FALSE, explorerPid);
if(!::OpenProcessToken(hProcess,TOKEN_DUPLICATE|TOKEN_ASSIGN_PRIMARY|TOKEN_ADJUST_SESSIONID
|TOKEN_READ|TOKEN_WRITE,&hPToken))
{
SendInfoMessage(TEXT(LNG_ERROR_OPEN_TOKEN),MB_OK, &zp);
goto Cleanup;
}
if (!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid))
{
goto Cleanup;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid =luid;
tp.Privileges[0].Attributes =SE_PRIVILEGE_ENABLED;
if(!DuplicateTokenEx(hPToken,MAXIMUM_ALLOWED,NULL,
SecurityIdentification,TokenPrimary,&hUserTokenDup))
{
goto Cleanup;
}
SetTokenInformation(hUserTokenDup,
TokenSessionId,(void*)dwSessionId,sizeof(DWORD));
if(!AdjustTokenPrivileges(hUserTokenDup,FALSE,&tp,sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES)NULL,NULL))
{
goto Cleanup;
}
pEnv = NULL;
if(CreateEnvironmentBlock(&pEnv,hUserTokenDup,TRUE))
{
dwCreationFlags |= CREATE_UNICODE_ENVIRONMENT;
}
else
pEnv = NULL;
wsprintf(buff,L"Now Executing File %d\n",__LINE__);
syslog3(buff);
// Launch the process in the client's logon session.
bResult = CreateProcessAsUser(
hUserTokenDup, // client's access token
L"C:\\1\\MyApp.exe",
NULL, // command line
NULL, // pointer to process SECURITY_ATTRIBUTES
NULL, // pointer to thread SECURITY_ATTRIBUTES
FALSE, // handles are not inheritable
dwCreationFlags, // creation flags
pEnv, // pointer to new environment block
NULL, // name of current directory
si, // pointer to STARTUPINFO structure
pi // receives information about new process
);
RevertToSelf();
DestroyEnvironmentBlock(pEnv);
wsprintf(buff,L"After Executing File %d\n",__LINE__);
syslog3(buff);
Cleanup:
//Perform All the Close Handles tasks
if (hUserToken != INVALID_HANDLE_VALUE)
CloseHandle(hUserToken);
if (hProcess != INVALID_HANDLE_VALUE)
CloseHandle(hProcess);
if (hUserTokenDup != INVALID_HANDLE_VALUE)
CloseHandle(hUserTokenDup);
if (hPToken != INVALID_HANDLE_VALUE)
CloseHandle(hPToken);
return bResult;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您写道“但作为 L”c:\1\MyApp.exe“它永远不会执行 exe 文件”。您的意思是 L"c:\\1\\MyApp.exe" 吗?检查 GetLastError() 的返回值。可能是 NTFS 的访问权限/未找到文件或任何其他问题,了解错误代码将帮助您开始。
You wrote "but as L"c:\1\MyApp.exe" it never executes the exe file". Did you mean L"c:\\1\\MyApp.exe" ? Check the return value from GetLastError(). It could be access rights on NTFS / file not found or any number of other things, knowing the error code will get you started.