程序启动进程特别是Win7远程桌面启动进程(备注)
BOOL StartProcess(int ProcessIndex)
{
char pTemp[1024] ={0};
sprintf(pTemp, "Enter func StartProcess");
WriteWorkLog(pTemp);
LPTSTR lpszpath;
lpszpath = new char[nBufferSize];
memset(lpszpath,0x00,sizeof(lpszpath));
DWORD dwSize = GetModuleFileName(NULL,lpszpath, nBufferSize);
lpszpath[dwSize] =0;
while(lpszpath[dwSize] != '\\'&& dwSize != 0)
{
lpszpath[dwSize] =0; dwSize--;
}
sprintf(pTemp, "Sub process work directory is %s", lpszpath);
WriteWorkLog(pTemp);
{
// sprintf(pTemp,"Enter func StartProcess");
// WriteWorkLog(pTemp);
// sprintf(pTemp,"Sub process name is is %s", ProcessNames[ProcessIndex]);
// WriteWorkLog(pTemp);
// // 为了显示更加复杂的用户界面,我们需要从Session 0创建
// // 一个进程,但是这个进程是运行在用户环境下。
// // 我们可以使用CreateProcessAsUser实现这一功能。
// BOOL bSuccess =FALSE;
// STARTUPINFO si;
// ZeroMemory(&si, sizeof(si) );
// si.cb =sizeof(si);
// si.dwFlags=STARTF_USESHOWWINDOW;
// si.wShowWindow=SW_SHOW;
// // 获得当前Session ID
// DWORD dwSessionID= WTSGetActiveConsoleSessionId();
// HANDLE hToken =NULL;
// // 获得当前Session的用户令牌
// if(WTSQueryUserToken(dwSessionID, &hToken) == FALSE)
// {
// sprintf(pTemp,"WTSQueryUserToken error!%d",GetLastError());
// WriteWorkLog(pTemp);
// goto Cleanup;
// }
// else
// {
// sprintf(pTemp,"dwSessionID = %d",dwSessionID);
// WriteWorkLog(pTemp);
// }
// // 复制令牌
// HANDLEhDuplicatedToken = NULL;
// if (DuplicateTokenEx(hToken,
// MAXIMUM_ALLOWED,NULL,
// SecurityIdentification,TokenPrimary,
// &hDuplicatedToken)== FALSE)
// {
// sprintf(pTemp,"DuplicateTokenEx error!%d",GetLastError());
// WriteWorkLog(pTemp);
// goto Cleanup;
// }
// // 创建用户Session环境
// LPVOIDlpEnvironment = NULL;
// if(CreateEnvironmentBlock(&lpEnvironment,
// hDuplicatedToken,FALSE) == FALSE)
// {
// sprintf(pTemp,"CreateEnvironmentBlock error!%d",GetLastError());
// WriteWorkLog(pTemp);
// goto Cleanup;
// }
// // 在复制的用户Session下执行应用程序,创建进程。
// // 通过这个进程,就可以显示各种复杂的用户界面了
// if(CreateProcessAsUser(hDuplicatedToken,
// ProcessNames[ProcessIndex],NULL, NULL, NULL, FALSE,
// NORMAL_PRIORITY_CLASS| CREATE_NEW_CONSOLE | CREATE_UNICODE_ENVIRONMENT,
// lpEnvironment,NULL, &si, &pProcInfo[ProcessIndex]) == FALSE)
// {
// sprintf(pTemp,"CreateProcessAsUser error!%d",GetLastError());
// WriteWorkLog(pTemp);
// goto Cleanup;
// }
// else
// {
// sprintf(pTemp,"Sucto start program '%s'", ProcessNames[ProcessIndex]);
// WriteWorkLog(pTemp);
// }
// //CloseHandle(pProcInfo[ProcessIndex].hProcess);
// //CloseHandle(pProcInfo[ProcessIndex].hThread);
// bSuccess = TRUE;
// // 清理工作
//Cleanup:
// if (!bSuccess)
// {
// }
// if (hToken !=NULL)
// CloseHandle(hToken);
// if(hDuplicatedToken != NULL)
// CloseHandle(hDuplicatedToken);
// if (lpEnvironment!= NULL)
// DestroyEnvironmentBlock(lpEnvironment);
// return 0;
//********************************************
//BOOL bSuccess=TRUE;
//HANDLE hToken = NULL;
//HANDLE hTokenDup = NULL;
//do
//{
// if(OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken))
// {
// if(DuplicateTokenEx(hToken,MAXIMUM_ALLOWED,NULL, SecurityIdentification, TokenPrimary, &hTokenDup))
// {
// DWORDdwSessionId = WTSGetActiveConsoleSessionId();
// if(!SetTokenInformation(hTokenDup,TokenSessionId,&dwSessionId,sizeof(DWORD)))
// {
// sprintf(pTemp,"SetTokenInformationerror!error code:%d",GetLastError());
// WriteWorkLog(pTemp);
// bSuccess= FALSE;
// break;
// }
// STARTUPINFOsi;
// ZeroMemory(&si,sizeof(STARTUPINFO));
// si.cb =sizeof(STARTUPINFO);
// si.lpDesktop= _T("WinSta0\\Default");
// si.wShowWindow= SW_SHOW;
// si.dwFlags = STARTF_USESHOWWINDOW /*|STARTF_USESTDHANDLES*/;
// LPVOIDpEnv = NULL;
// DWORDdwCreationFlag = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE | CREATE_UNICODE_ENVIRONMENT;
// if(!CreateEnvironmentBlock(&pEnv,hTokenDup,FALSE))
// {
// sprintf(pTemp,TEXT("CreateEnvironmentBlockerror!error code:%d\n"),GetLastError());
// bSuccess= FALSE;
// break;
// }
// if(!CreateProcessAsUser(hTokenDup,ProcessNames[ProcessIndex],NULL,NULL,NULL,FALSE,dwCreationFlag,pEnv,NULL,&si,&pProcInfo[ProcessIndex]))
// {
// sprintf(pTemp,TEXT("CreateProcessAsUsererror!error code:%d\n"),GetLastError());
// bSuccess= FALSE;
// break;
// }
// if(pEnv)
// {
// DestroyEnvironmentBlock(pEnv);
// }
// }
// else
// {
// sprintf(pTemp,TEXT("DuplicateTokenExerror!error code:%d\n"),GetLastError());
// bSuccess= FALSE;
// break;
// }
// }
// else
// {
// sprintf(pTemp,TEXT("cannotget administror!error code:%d\n"),GetLastError());
// bSuccess =FALSE;
// break;
// }
//}while(0);
//if(hTokenDup != NULL && hTokenDup !=INVALID_HANDLE_VALUE)
// CloseHandle(hTokenDup);
//if(hToken != NULL && hToken !=INVALID_HANDLE_VALUE)
// CloseHandle(hToken);
//return bSuccess;
//********************************************************************3************************************
PROCESS_INFORMATION pi;
STARTUPINFO si;
BOOL bResult = FALSE;
DWORD dwSessionId,winlogonPid;
HANDLE hUserToken,hUserTokenDup,hPToken,hProcess;
DWORD dwCreationFlags;
// Log the client on to the local computer.
dwSessionId = WTSGetActiveConsoleSessionId();
sprintf(pTemp, "dwSessionId = %d",dwSessionId);
WriteWorkLog(pTemp);
//
// Find the winlogon process
PROCESSENTRY32procEntry;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (hSnap == INVALID_HANDLE_VALUE)
{
return 1 ;
}
procEntry.dwSize = sizeof(PROCESSENTRY32);
if (!Process32First(hSnap, &procEntry))
{
return 1 ;
}
do
{
if (_stricmp(procEntry.szExeFile,"explorer.exe") == 0)
{
// We found a explorer.exe process...
//make sure it's running in the console session
DWORD winlogonSessId= 0;
if (ProcessIdToSessionId(procEntry.th32ProcessID,&winlogonSessId)/*&&winlogonSessId == dwSessionId*/)
{
sprintf(pTemp, "winlogonSessId = %d",winlogonSessId);
WriteWorkLog(pTemp);
winlogonPid = procEntry.th32ProcessID;
dwSessionId=winlogonSessId;
break;
}
}
}while (Process32Next(hSnap, &procEntry));
WTSQueryUserToken(dwSessionId,&hUserToken);
dwCreationFlags = NORMAL_PRIORITY_CLASS|CREATE_NEW_CONSOLE;
ZeroMemory(&si,sizeof(STARTUPINFO));
si.cb= sizeof(STARTUPINFO);
si.lpDesktop = "winsta0\\default";
si.wShowWindow = SW_SHOW;
si.dwFlags = STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES;
ZeroMemory(&pi,sizeof(pi));
TOKEN_PRIVILEGES tp;
LUID luid;
hProcess = OpenProcess(MAXIMUM_ALLOWED,FALSE,winlogonPid);
if(!::OpenProcessToken(hProcess,TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY
|TOKEN_DUPLICATE|TOKEN_ASSIGN_PRIMARY|TOKEN_ADJUST_SESSIONID
|TOKEN_READ|TOKEN_WRITE,&hPToken))
{
int abcd = GetLastError();
printf("Processtoken open Error: %u\n",GetLastError());
}
if (!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid))
{
printf("LookupPrivilege value Error: %u\n",GetLastError());
}
tp.PrivilegeCount=1;
tp.Privileges[0].Luid =luid;
tp.Privileges[0].Attributes =SE_PRIVILEGE_ENABLED;
DuplicateTokenEx(hPToken,MAXIMUM_ALLOWED,NULL,
SecurityIdentification,TokenPrimary,&hUserTokenDup);
int dup = GetLastError();
//Adjust Token privilege
SetTokenInformation(hUserTokenDup,
TokenSessionId,(void*)dwSessionId,sizeof(DWORD));
if (!AdjustTokenPrivileges(hUserTokenDup,FALSE,&tp,sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES)NULL,NULL))
{
int abc =GetLastError();
printf("AdjustPrivilege value Error: %u\n",GetLastError());
}
if (GetLastError()==ERROR_NOT_ALL_ASSIGNED)
{
printf("Token doesnot have the provilege\n");
}
LPVOID pEnv =NULL;
if(CreateEnvironmentBlock(&pEnv,hUserTokenDup,TRUE))
{
dwCreationFlags|=CREATE_UNICODE_ENVIRONMENT;
}
else
pEnv=NULL;
// Launch the process in the client's logon session.
bResult = CreateProcessAsUser(
hUserTokenDup, //client's access token
ProcessNames[ProcessIndex], // file toexecute
NULL, // command line
NULL, // pointer to process SECURITY_ATTRIBUTES
NULL, // pointer to thread SECURITY_ATTRIBUTES
FALSE, // handles are not inheritable
dwCreationFlags, // creation flags
pEnv, // pointer to new environment block
lpszpath, //name of current directory
&si, // pointer to STARTUPINFO structure
&pProcInfo[ProcessIndex] //receives information about new process
);
// End impersonation of client.
//GetLastError Shud be 0
int iResultOfCreateProcessAsUser= GetLastError();
//Perform All the Close Handles tasks
CloseHandle(hProcess);
CloseHandle(hUserToken);
CloseHandle(hUserTokenDup);
CloseHandle(hPToken);
}
delete [] lpszpath;
lpszpath = NULL;
return 0;
}