作者:京东瀚览家居官方旗舰店
系统服务在开机运行时,由于用户还没登陆,虽然可以用CreateProcess来创建进程但是界面进程的用户名是SYSTEM了,而且界面有可能显示不出来、托盘图标创建不成功。可以在界面里创建一具有名字的内核句柄,例如CreateEvent,服务程序一直OpenEvent它,若没打开成功就调用CreateProcessAsUser来创建这个界面进程,CreateProcessAsUser创建的进程一定是用户级别的
DWORD __stdcall INTER_GetExplorerToken(
OUT PHANDLE phExplorerToken )
{
DWORD dwStatus = ERROR_FILE_NOT_FOUND ;
BOOL bRet = FALSE ;
HANDLE hProcess = NULL ;
HANDLE hProcessSnap = NULL ;
char szExplorerPath[MAX_PATH] = { 0 } ;
char FileName[MAX_PATH] = { 0 } ;
PROCESSENTRY32 pe32 = { 0 } ;
__try
{
GetWindowsDirectory( szExplorerPath , MAX_PATH ) ;
strcat( szExplorerPath , "//Explorer.EXE" ) ;
hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS , 0 ) ;
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
dwStatus = GetLastError() ;
__leave ;
}
pe32.dwSize = sizeof( PROCESSENTRY32 ) ;
if( !Process32First( hProcessSnap, &pe32 ))
{
dwStatus = GetLastError() ;
__leave ;
}
do {
hProcess = OpenProcess(
PROCESS_ALL_ACCESS ,
FALSE ,
pe32.th32ProcessID ) ;
if( NULL != hProcess )
{
DWORD (__stdcall *GMFNE)(HANDLE hProcess,
HMODULE hModule,
LPTSTR lpFilename,
DWORD nSize);
HMODULE hPsapi=LoadLibrary("PSAPI");
if ( ! hPsapi )
{
dwStatus = GetLastError() ;
break ;
}
GMFNE=(DWORD (__stdcall *) (HANDLE, HMODULE,LPTSTR,DWORD))GetProcAddress(hPsapi,"GetModuleFileNameExA");
if ( GMFNE(hProcess , NULL , FileName , MAX_PATH) )
{
if( !strcmpi( FileName , szExplorerPath ))
{
HANDLE hToken ;
if( OpenProcessToken( hProcess , TOKEN_ALL_ACCESS , &hToken ))
{
* phExplorerToken = hToken ;
dwStatus = 0 ;
// CloseHandle( hToken ) ;
}
break ;
}
}
/*
if( GetModuleFileNameEx(
hProcess , NULL , FileName , MAX_PATH ))
{
if( !strcmpi( FileName , szExplorerPath ))
{
HANDLE hToken ;
if( OpenProcessToken( hProcess , TOKEN_ALL_ACCESS , &hToken ))
{
* phExplorerToken = hToken ;
dwStatus = 0 ;
// CloseHandle( hToken ) ;
}
break ;
}
}
*/
CloseHandle ( hProcess ) ;
hProcess = NULL ;
}
} while( Process32Next( hProcessSnap, &pe32 )) ;
}
__finally
{
if( NULL != hProcess )
{
CloseHandle( hProcess ) ;
}
if( NULL != hProcessSnap )
{
CloseHandle ( hProcessSnap ) ;
}
}
return dwStatus ;
}
DWORD __stdcall CreateInterfaceProcess()
{
DWORD dwStatus = 0 ;
CHAR szModulePath[MAX_PATH] = { 0 } ;
GetModuleFileName( NULL, szModulePath, MAX_PATH ) ;
string strtemp(szModulePath) ;
int iPos = strtemp.find_last_of("//");
if ( iPos != string::npos )
{
HANDLE hPtoken = NULL ;
INTER_GetExplorerToken( &hPtoken ) ;
if ( hPtoken != NULL )
{
strtemp.replace( iPos ,strtemp.length()-iPos ,"//Interface.exe",strlen("//Interface.exe")) ;
PROCESS_INFORMATION pi;
STARTUPINFO si = { sizeof(STARTUPINFO),NULL,"",NULL,0,0,0,0,0,0,0,STARTF_USESHOWWINDOW,0,0,NULL,0,0,0};
si.wShowWindow = SW_HIDE;
si.lpDesktop = NULL;
ZeroMemory( &pi, sizeof(pi) );
CreateProcessAsUser( hPtoken ,strtemp.c_str(),"minimize" ,
NULL,NULL,FALSE , NORMAL_PRIORITY_CLASS ,NULL,NULL,&si,&pi ) ;
Sleep(1000);
CloseHandle( pi.hProcess );
CloseHandle( pi.hThread );
}
}
return dwStatus ;
}