Windows NT/2000提供了一个函数CreateProcessAsUser,它的功能类似于CreateProcess函数,所不同的是CreateProcessAsUser创建的新进程能以用户(任何用户)的安全上下文方式运行。
1
//
PlatformInvoke Stuff
2 [StructLayout(LayoutKind.Sequential)]
3 struct STARTUPINFO
4 {
5 public Int32 cb;
6 [MarshalAs(UnmanagedType.LPTStr)]
7 public String lpReserved;
8 [MarshalAs(UnmanagedType.LPTStr)]
9 public String lpDesktop;
10 [MarshalAs(UnmanagedType.LPTStr)]
11 public String lpTitle;
12 public UInt32 dwX;
13 public UInt32 dwY;
14 public UInt32 dwXSize;
15 public UInt32 dwYSize;
16 public UInt32 dwXCountChars;
17 public UInt32 dwYCountChars;
18 public UInt32 dwFillAttribute;
19 public UInt32 dwFlags;
20 public Int16 wShowWindow;
21 public Int16 cbReserved2;
22 public IntPtr lpReserved2;
23 public HandleRef hStdInput;
24 public HandleRef hStdOutput;
25 public HandleRef hStdError;
26 }
27
28 const int NORMAL_PRIORITY_CLASS = 0x00000020 ;
29
30 struct PROCESS_INFORMATION
31 {
32 public HandleRef hProcess;
33 public HandleRef hThread;
34 public UInt32 dwProcessId;
35 public UInt32 dwThreadId;
36 }
37
38 struct SECURITY_ATTRIBUTES
39 {
40 public UInt32 nLength;
41 public IntPtr lpSecurityDescriptor;
42 public Boolean bInheritHandle;
43 }
44
45 [DllImport( " advapi32.dll " , CharSet = CharSet.Unicode)]
46 static extern Boolean CreateProcessAsUser(
47 IntPtr hToken,
48 String lpApplicationName,
49 String lpCommandLine,
50 IntPtr lpProcessAttributes,
51 IntPtr lpThreadAttributes,
52 Boolean bInheritHandles,
53 UInt32 dwCreationFlags,
54 IntPtr lpEnvironment,
55 String lpCurrentDirectory,
56 ref STARTUPINFO lpStartupInfo,
57 out PROCESS_INFORMATION lpProcessInformation);
58
59 [DllImport( " advapi32.dll " , CharSet = CharSet.Unicode)]
60 static extern Boolean LogonUser(
61 String lpszUsername,
62 String lpszDomain,
63 String lpszPassword,
64 Int32 dwLogonType,
65 Int32 dwLogonProvider,
66 ref IntPtr phToken
67 );
68 const int LOGON32_LOGON_INTERACTIVE = 2 ;
69
70 public void Execute( string File)
71 {
72 try
73 {
74 // unsafe
75 {
76 PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
77
78 STARTUPINFO si = new STARTUPINFO();
79 si.cb = Marshal.SizeOf(si);
80 si.lpDesktop = " winsta0\\default " ;
81
82 IntPtr hToken = new IntPtr( 0 );
83 if (LogonUser( " auser " , " mydomain " , " Passw0rd! " ,
84 LOGON32_LOGON_INTERACTIVE, 0 , ref hToken))
85 {
86 Boolean bResult = CreateProcessAsUser(
87 hToken,
88 File, // file to execute
89 null , // command line
90 IntPtr.Zero, // pointer to process SECURITY_ATTRIBUTES
91 IntPtr.Zero, // pointer to thread SECURITY_ATTRIBUTES
92 false , // handles are not inheritable
93 0 , // creation flags
94 IntPtr.Zero, // pointer to new environment block
95 null , // name of current directory
96 ref si, // pointer to STARTUPINFO structure
97 out pi // receives information about new process
98 );
99
100 if (bResult)
101 {
102 }
103 }
104 }
105 }
106 catch (Exception e)
107 {
108 }
109 }
2 [StructLayout(LayoutKind.Sequential)]
3 struct STARTUPINFO
4 {
5 public Int32 cb;
6 [MarshalAs(UnmanagedType.LPTStr)]
7 public String lpReserved;
8 [MarshalAs(UnmanagedType.LPTStr)]
9 public String lpDesktop;
10 [MarshalAs(UnmanagedType.LPTStr)]
11 public String lpTitle;
12 public UInt32 dwX;
13 public UInt32 dwY;
14 public UInt32 dwXSize;
15 public UInt32 dwYSize;
16 public UInt32 dwXCountChars;
17 public UInt32 dwYCountChars;
18 public UInt32 dwFillAttribute;
19 public UInt32 dwFlags;
20 public Int16 wShowWindow;
21 public Int16 cbReserved2;
22 public IntPtr lpReserved2;
23 public HandleRef hStdInput;
24 public HandleRef hStdOutput;
25 public HandleRef hStdError;
26 }
27
28 const int NORMAL_PRIORITY_CLASS = 0x00000020 ;
29
30 struct PROCESS_INFORMATION
31 {
32 public HandleRef hProcess;
33 public HandleRef hThread;
34 public UInt32 dwProcessId;
35 public UInt32 dwThreadId;
36 }
37
38 struct SECURITY_ATTRIBUTES
39 {
40 public UInt32 nLength;
41 public IntPtr lpSecurityDescriptor;
42 public Boolean bInheritHandle;
43 }
44
45 [DllImport( " advapi32.dll " , CharSet = CharSet.Unicode)]
46 static extern Boolean CreateProcessAsUser(
47 IntPtr hToken,
48 String lpApplicationName,
49 String lpCommandLine,
50 IntPtr lpProcessAttributes,
51 IntPtr lpThreadAttributes,
52 Boolean bInheritHandles,
53 UInt32 dwCreationFlags,
54 IntPtr lpEnvironment,
55 String lpCurrentDirectory,
56 ref STARTUPINFO lpStartupInfo,
57 out PROCESS_INFORMATION lpProcessInformation);
58
59 [DllImport( " advapi32.dll " , CharSet = CharSet.Unicode)]
60 static extern Boolean LogonUser(
61 String lpszUsername,
62 String lpszDomain,
63 String lpszPassword,
64 Int32 dwLogonType,
65 Int32 dwLogonProvider,
66 ref IntPtr phToken
67 );
68 const int LOGON32_LOGON_INTERACTIVE = 2 ;
69
70 public void Execute( string File)
71 {
72 try
73 {
74 // unsafe
75 {
76 PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
77
78 STARTUPINFO si = new STARTUPINFO();
79 si.cb = Marshal.SizeOf(si);
80 si.lpDesktop = " winsta0\\default " ;
81
82 IntPtr hToken = new IntPtr( 0 );
83 if (LogonUser( " auser " , " mydomain " , " Passw0rd! " ,
84 LOGON32_LOGON_INTERACTIVE, 0 , ref hToken))
85 {
86 Boolean bResult = CreateProcessAsUser(
87 hToken,
88 File, // file to execute
89 null , // command line
90 IntPtr.Zero, // pointer to process SECURITY_ATTRIBUTES
91 IntPtr.Zero, // pointer to thread SECURITY_ATTRIBUTES
92 false , // handles are not inheritable
93 0 , // creation flags
94 IntPtr.Zero, // pointer to new environment block
95 null , // name of current directory
96 ref si, // pointer to STARTUPINFO structure
97 out pi // receives information about new process
98 );
99
100 if (bResult)
101 {
102 }
103 }
104 }
105 }
106 catch (Exception e)
107 {
108 }
109 }
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
