auto call = [&](std::string app,std::string args){
bool result = false;
DWORD sessionId = WTSGetActiveConsoleSessionId();
if (0xFFFFFFFF == sessionId)
{
return result;
}
HANDLE userToken = nullptr;
if (!bool(WTSQueryUserToken(sessionId, &userToken)))
{
return result;
}
HANDLE tokenCarbon = nullptr;
if (bool(DuplicateTokenEx(userToken,
TOKEN_ASSIGN_PRIMARY |TOKEN_ALL_ACCESS,
nullptr,
SecurityImpersonation,
TokenPrimary,
&tokenCarbon))){
if (bool(ImpersonateLoggedOnUser(tokenCarbon))){
DWORD creationFlags = HIGH_PRIORITY_CLASS | CREATE_NEW_CONSOLE;
STARTUPINFO startusInfo{};
startusInfo.cb = sizeof(startusInfo);
PROCESS_INFORMATION processInfo{};
SECURITY_ATTRIBUTES processSA{};
processSA.nLength = sizeof(processSA);
SECURITY_ATTRIBUTES threadSA{};
threadSA.nLength = sizeof(threadSA);
LPVOID userContext = nullptr;
if (bool(CreateEnvironmentBlock(&userContext, tokenCarbon, TRUE))){
creationFlags |= CREATE_UNICODE_ENVIRONMENT;
}
CHAR path[MAX_PATH]{};
std::memcpy(path,app.c_str(),app.length());
CHAR commandLine[MAX_PATH]{};
std::memcpy(commandLine,args.c_str(),args.length());
result = CreateProcessAsUser(
tokenCarbon,
path,
commandLine,
&processSA,
&threadSA,
FALSE,
creationFlags,
userContext,
nullptr,
&startusInfo,&processInfo);
RevertToSelf();
if (userContext)
{
DestroyEnvironmentBlock(userContext);
}
}
CloseHandle(tokenCarbon);
}
CloseHandle(userToken);
return result;
};
call("C:\\Apps\\360\\360zip\\360zip.exe","");
- 此表达式实现了从Windows服务(内核态)调用外部GUI程序