这里主要是参考msdn上一篇文章,地址是https://msdn.microsoft.com/en-us/gg465093
我自己的代码如下
bool CATLdemoModule::LaunchSession1Process( LPTSTR lpCommand )
{
BOOL bSuccess = FALSE;
STARTUPINFO si = {0};
PROCESS_INFORMATION pi = {0};
si.cb = sizeof(si);
DWORD dwSessionID = WTSGetActiveConsoleSessionId();
HANDLE hToken = NULL;
if (WTSQueryUserToken(dwSessionID, &hToken) == FALSE)
{
LogEvent(L"读取当前登录用户的令牌信息失败");
}
HANDLE hDuplicatedToken = NULL;
if (DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hDuplicatedToken) == FALSE)
{
LogEvent(L"复制当前登录用户的令牌信息失败");
}
LPVOID lpEnvironment = NULL;
if (CreateEnvironmentBlock(&lpEnvironment, hDuplicatedToken, FALSE) == FALSE)
{
LogEvent(L"创造环境失败");
}
WCHAR lpszClientPath[MAX_PATH];
if (GetModuleFileName(NULL, lpszClientPath, MAX_PATH) == 0)
{
LogEvent(L"获取当前进程已加载模块的文件的完整路径失败");
}
PathRemoveFileSpec(lpszClientPath);//删除最后文件名
wcscat_s(lpszClientPath, sizeof(lpszClientPath)/sizeof(WCHAR), L"\\NCexplorer.exe");
if (CreateProcessAsUser(hDuplicatedToken, lpszClientPath, NULL, NULL, NULL, FALSE,
NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE | CREATE_UNICODE_ENVIRONMENT,
lpEnvironment, NULL, &si, &pi) == FALSE)
{
LogEvent(L"创建新进程失败");
}
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
bSuccess = TRUE;
return bSuccess;
}
我这里的形参是没用的,因为我在函数代码里把要打开的文件给固定了,没有用到lpcommand,不过现在这种方法只能打开和你这个服务的文件在同一文件夹下的exe文件,要打开任意文件还是要研究一下再更新上来