#include <cstdio> #include <Windows.h> #include <atlbase.h> #include <Tlhelp32.h> BOOL EnablePrivilege( LPCTSTR name ) {//提升进程权限 BOOL bRet=FALSE; //获得指定的权限值 TOKEN_PRIVILEGES priv = { 1, { 0, 0, SE_PRIVILEGE_ENABLED } }; BOOL bLookup = LookupPrivilegeValue( NULL, name, &priv.Privileges[0].Luid ); if( !bLookup ) { //OutLog("查找指定权限值失败"); return bRet; } //打开进程的访问标记 HANDLE hToken = NULL; BOOL bOpenToken = OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken ); if( !bOpenToken ) { //OutLog("打开进程的访问标记失败"); return bRet; } //调整权限 BOOL bAdjustpriv = AdjustTokenPrivileges( hToken, false, &priv, sizeof( priv ), 0, 0 ); if( !bAdjustpriv ) { //OutLog("调整权限失败"); CloseHandle( hToken ); return bRet; } CloseHandle( hToken ); return TRUE; } DWORD FindProcessIDByProcessName(LPCTSTR lpszProcessName)//根据进程名寻找进程ID { HANDLE hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 ); if( hSnapshot == NULL ) { return 0; } int nStrLen=lstrlen(lpszProcessName); PROCESSENTRY32 stProcessEntry32 = {0}; stProcessEntry32.dwSize = sizeof(PROCESSENTRY32); Process32First( hSnapshot, &stProcessEntry32 ); BOOL bFind = FALSE; do { if(lstrcmp( stProcessEntry32.szExeFile,lpszProcessName) == 0 ) { bFind = TRUE; break; } }while( Process32Next( hSnapshot, &stProcessEntry32 ) ); CloseHandle( hSnapshot ); if (bFind) { return stProcessEntry32.th32ProcessID; } return 0; } int main() { EnablePrivilege(SE_SECURITY_NAME);//提权 PROCESS_INFORMATION pi={0}; STARTUPINFOEX si={sizeof(STARTUPINFOEX)}; SIZE_T cbAListSize=0; InitializeProcThreadAttributeList(NULL,1,0,&cbAListSize); PPROC_THREAD_ATTRIBUTE_LIST pAList=(PPROC_THREAD_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeap(),0,cbAListSize); InitializeProcThreadAttributeList(pAList,1,0,&cbAListSize); HANDLE hParent=OpenProcess(PROCESS_ALL_ACCESS,FALSE, FindProcessIDByProcessName(TEXT("explorer.exe")));//要置为父进程的句柄 UpdateProcThreadAttribute(pAList,0,PROC_THREAD_ATTRIBUTE_PARENT_PROCESS,&hParent,sizeof(HANDLE),NULL,NULL); si.lpAttributeList=pAList; TCHAR szProcess[]=TEXT("notepad.exe"); CreateProcess(NULL,szProcess,NULL,NULL,FALSE,EXTENDED_STARTUPINFO_PRESENT,NULL,NULL,&si.StartupInfo,&pi); DeleteProcThreadAttributeList(pAList); HeapFree(GetProcessHeap(),0,pAList); system("pause"); return 0; } //置新进程的父进程为指定进程 仅支持 vista win2008 及以上版本