在这里我使用了API CreateProcessWithLogonW;还有其他一些函数如CreateProcessAsUser,CreateProcessWithTokenW。
代码如下:
//CreateProcessAsNewUser.cpp
PCWSTR pUser = L"myAccountName";
PCWSTR pDomain = L".";
PCWSTR pPassword = L"myAccountPassword";
WCHAR aExePath[] = { L"x:\\myTestProgram.exe" };
STARTUPINFO startupInfo = { sizeof(STARTUPINFO) };
PROCESS_INFORMATION procInfo;
if (CreateProcessWithLogonW(pUser, pDomain, pPassword, LOGON_WITH_PROFILE, NULL,
aExePath, 0, NULL, NULL, &startupInfo, &procInfo))
{
CloseHandle(procInfo.hThread);
CloseHandle(procInfo.hProcess);
_tprintf(_T("Succeeded to create new process\r\n"));
}
else
{
_tprintf(_T("Failed to create new prcoess(#error%d)\r\n"), GetLastError());
}
//ShowCurrentUser.cpp
#include
TCHAR aUser[UNLEN + 1] = { 0 };
DWORD dwSize = _countof(aUser);
GetUserName(aUser, &dwSize);
//Show the content of char array of aUser to confirm the user name
需要注意的是,CreateProcessWithLogonW在VS2005及以前的版本没有收录该API,默认在VS2008的版本中有提供,CreateProcessWithTokenW适用于Vista及以后的操作系统,调用CreateProcessAsUser 这个API的进程需要先将进程提权,然后才能调用该函数,否则会失败。提权方法可以找下关键字:OpenProcessToken,TOKEN_PRIVILEGES,LookupPrivilegeValue和AdjustTokenPrivileges。
No comments:
Post a Comment