请教高手:如何让服务以administrator来创建某一进程 服务一般运行于system级,用服务创建的进程(CreateProcess)一般也是system级的如何让服务以administrator来创建某一进程?高手请指点!!! 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 BOOL CreateProcessAsUser( HANDLE hToken, // handle to user token LPCTSTR lpApplicationName, // name of executable module LPTSTR lpCommandLine, // command-line string LPSECURITY_ATTRIBUTES lpProcessAttributes, // SD LPSECURITY_ATTRIBUTES lpThreadAttributes, // SD BOOL bInheritHandles, // inheritance option DWORD dwCreationFlags, // creation flags LPVOID lpEnvironment, // new environment block LPCTSTR lpCurrentDirectory, // current directory name LPSTARTUPINFO lpStartupInfo, // startup information LPPROCESS_INFORMATION lpProcessInformation // process information); 如果当前用户为administrator就好办了。我的方法是遍历进程,找到windows探险者(explorer.exe),然后取得它的token,然后可以用CreateProcessAsUser来创建了,呵呵。不过要是当前用户不是administrator,就没办法了。 给你例子:BOOL GetExplorerToken(HANDLE &hToken){ HANDLE hProcessSnap = NULL; BOOL bRet = FALSE; PROCESSENTRY32 pe32 = {0}; hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hProcessSnap == INVALID_HANDLE_VALUE) return (FALSE); pe32.dwSize = sizeof(PROCESSENTRY32); if (Process32First(hProcessSnap, &pe32)) { do { if(!strcmp(_strupr(pe32.szExeFile),"EXPLORER.EXE")) { HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE,pe32.th32ProcessID); bRet = OpenProcessToken(hProcess,TOKEN_ALL_ACCESS,&hToken); CloseHandle (hProcessSnap); return (bRet); } } while (Process32Next(hProcessSnap, &pe32)); bRet = TRUE; } else bRet = FALSE; CloseHandle (hProcessSnap); return (bRet);}BOOL RunProcess(LPCSTR lpImage){ HANDLE hToken; if(!GetExplorerToken(hToken)) { return FALSE; } STARTUPINFO si; PROCESS_INFORMATION pi; ZeroMemory(&si, sizeof(STARTUPINFO)); si.cb= sizeof(STARTUPINFO); si.lpDesktop = TEXT("winsta0\\default"); BOOL bResult = CreateProcessAsUser(hToken,lpImage,NULL,NULL,NULL, FALSE,NORMAL_PRIORITY_CLASS,NULL,NULL,&si,&pi); CloseHandle(hToken); if(bResult) { OutputDebugString("CreateProcessAsUser ok!\r\n"); } else { OutputDebugString("CreateProcessAsUser false!\r\n"); } return bResult;}在ServiceCtrlHandler例程里调用:……case SERVICE_CONTROL_RUNPROCESS: //自定义消息 OutputDebugString("Code SERVICE_CONTROL_RUNPROCESS\r\n"); RunProcess("C:\\NOTEPAD.EXE"); MyServiceStatus.dwCurrentState = SERVICE_RUNNING; break;…… 1.SERVICE_CONTROL_RUNPROCESS这个自定义消息放在哪里呢,值多大?2.MyServiceStatus.dwCurrentState = SERVICE_RUNNING;MyServiceStatus中其它变量不用赋值吗?如dwCheckPoint?? 1.SERVICE_CONTROL_RUNPROCESS定义可以放在统一的头文件里,因为控制服务程序的程序也要用到它。它的值可以在128 到 255之间。2.dwCheckPoint的值不用管它。 书荒了咋办哩 谁能帮忙具体说明一下IServerXMLHTTPRequestPtr, 关于用CInternetSession与CHttpFile进行获取网页内容乱码的问题 查找文字,当没有找到文字时弹出个消息框,怎么让只有当消息对话框框关闭后才能关闭查找对话框 新手求助:在CFORMVIEW里创建的无模按钮没有消息处理能力 怎么看自己有多少分啊? BitBlt()竟然不起作用?搞掂结贴!!!!!!!!!!!!!!!! 网络寻址 有人有现成的POP3控件吗? 如何编日志? 在ADO编程中,如何将_variant_t转换成CTime类型? 打印程序与操作系统有关吗?
HANDLE hToken, // handle to user token
LPCTSTR lpApplicationName, // name of executable module
LPTSTR lpCommandLine, // command-line string
LPSECURITY_ATTRIBUTES lpProcessAttributes, // SD
LPSECURITY_ATTRIBUTES lpThreadAttributes, // SD
BOOL bInheritHandles, // inheritance option
DWORD dwCreationFlags, // creation flags
LPVOID lpEnvironment, // new environment block
LPCTSTR lpCurrentDirectory, // current directory name
LPSTARTUPINFO lpStartupInfo, // startup information
LPPROCESS_INFORMATION lpProcessInformation // process information
);
不过要是当前用户不是administrator,就没办法了。
{
HANDLE hProcessSnap = NULL;
BOOL bRet = FALSE;
PROCESSENTRY32 pe32 = {0};
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
return (FALSE);
pe32.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(hProcessSnap, &pe32))
{
do
{
if(!strcmp(_strupr(pe32.szExeFile),"EXPLORER.EXE"))
{
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,
FALSE,pe32.th32ProcessID);
bRet = OpenProcessToken(hProcess,TOKEN_ALL_ACCESS,&hToken);
CloseHandle (hProcessSnap);
return (bRet);
}
}
while (Process32Next(hProcessSnap, &pe32));
bRet = TRUE;
}
else
bRet = FALSE;
CloseHandle (hProcessSnap);
return (bRet);
}BOOL RunProcess(LPCSTR lpImage)
{
HANDLE hToken;
if(!GetExplorerToken(hToken))
{
return FALSE;
}
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(STARTUPINFO));
si.cb= sizeof(STARTUPINFO);
si.lpDesktop = TEXT("winsta0\\default");
BOOL bResult = CreateProcessAsUser(hToken,lpImage,NULL,NULL,NULL,
FALSE,NORMAL_PRIORITY_CLASS,NULL,NULL,&si,&pi);
CloseHandle(hToken);
if(bResult)
{
OutputDebugString("CreateProcessAsUser ok!\r\n");
}
else
{
OutputDebugString("CreateProcessAsUser false!\r\n");
}
return bResult;
}在ServiceCtrlHandler例程里调用:
……
case SERVICE_CONTROL_RUNPROCESS: //自定义消息
OutputDebugString("Code SERVICE_CONTROL_RUNPROCESS\r\n");
RunProcess("C:\\NOTEPAD.EXE");
MyServiceStatus.dwCurrentState = SERVICE_RUNNING;
break;
……
2.MyServiceStatus.dwCurrentState = SERVICE_RUNNING;
MyServiceStatus中其它变量不用赋值吗?如dwCheckPoint??
2.dwCheckPoint的值不用管它。