| 术语 | createprocessasuser |
| 释义 | CreateProcessAsUser 语法: C++ BOOL WINAPI CreateProcessAsUser( __in_opt HANDLE hToken, __in_opt LPCTSTR lpApplicationName, __inout_opt LPTSTR lpCommandLine, __in_opt LPSECURITY_ATTRIBUTES lpProcessAttributes, __in_opt LPSECURITY_ATTRIBUTES lpThreadAttributes, __in BOOL bInheritHandles, __in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCTSTR lpCurrentDirectory, __in LPSTARTUPINFO lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInformation ); CreateProcessAsUser函数 创建一个新的进程和主线程。新的进程运行在由指定的标记所代表的用户的安全上下文。 通常,这个过程调用CreateProcessAsUser函数必须有SE_INCREASE_QUOTA_NAME特权,可以要求SE_ASSIGNPRIMARYTOKEN_NAME特权的令牌是不可转让。如果该函数失败,ERROR_PRIVILEGE_NOT_HELD(1314),使用CreateProcessWithLogonW函数来代替。 CreateProcessWithLogonW并不需要特别的特权,但指定的用户帐户必须被允许以交互方式登录。一般来说,最好使用CreateProcessWithLogonW,以创建一个备用凭据的过程。 参数 hToken [中,可选] 一个句柄,主令牌代表一个用户。句柄必须有TOKEN_QUERY,TOKEN_DUPLICATE和TOKEN_ASSIGN_PRIMARY访问权限。有关更多信息,请访问权限的访问令牌对象。由令牌必须具有读取和执行权限由lpApplicationName或lpCommandLine参数中指定的应用程序为代表的用户。 要获取主令牌,表示指定的用户,调用LogonUser函数。或者,您可以调用DuplicateTokenEx函数转换成主令牌模拟令牌。这使得服务器应用程序,模拟客户端创建一个进程,具有客户端的安全上下文。 如果hToken是呼叫者的主要道理,SE_ASSIGNPRIMARYTOKEN_NAME特权限制版本不是必需的。如果必要的特权,尚未启用,CreateProcessAsUser能够为他们的通话时间。有关更多信息,请运行特权。 终端服务:进程运行在指定的令牌会议。默认情况下,这是同一个会议上要求LogonUser的。要更改会议,使用SetTokenInformation功能。 lpApplicationName [中,可选] 该模块的名称被执行。这个模块可以是一个基于Windows的应用程序。它可以有一些模块(例如,MS - DOS或OS / 2)如果适当的子系统是在本地计算机上提供的其他类型。 该字符串可以指定完整路径和文件模块的名称来执行,也可以指定部分名称。在部分名称的情况下,函数使用当前驱动器和当前目录,即完成规范。该函数将不使用搜索路径。此参数必须包括文件扩展名;没有默认的扩展名则假定。 在lpApplicationName参数可以为NULL。在这种情况下,该模块的名称必须是第一个空格分隔在lpCommandLine字符串标记。如果您使用长文件名包含空格,请使用引号的字符串,以指示该文件名称结尾,争论开始,否则,文件名是模糊的。例如,考虑字符串的“C:\\程序文件\\副署长\\程序名”。该字符串可以被解释在许多方面。该系统试图解释下列顺序的可能性: ?:\\ Program.exe的文件\\副署长\\程序名 ?:\\程序文件\\ sub.exe迪尔\\程序名 ?:\\程序文件\\副署长\\ Program.exe的名称 ?:\\程序文件\\副署长\\程序name.exe 如果可执行模块是一个16位应用程序,lpApplicationName应该是NULL,和字符串指向lpCommandLine应指定可执行模块,以及它的参数。默认情况下,所有16位Windows的CreateProcessAsUser创建的应用程序是运行在一个单独的VDM(相当于CreateProcess的以CREATE_SEPARATE_WOW_VDM)。 lpCommandLine [中,指出,可选] 命令行执行。这个字符串的最大长度为32K的字符。如果lpApplicationName为NULL,则是lpCommandLine模块的名称部分仅限于MAX_PATH字符。 这个函数的Unicode版本,CreateProcessAsUserW,可以修改这个字符串的内容。因此,这个参数不能指向只读存储器(如一个const变量或字符串)。如果该参数是一个字符串常量,该函数可能会导致访问冲突。 在lpCommandLine参数可以为NULL。在这种情况下,该函数使用字符串指出,作为命令行lpApplicationName。 如果同时lpApplicationName和lpCommandLine都是非空,* lpApplicationName指定模块执行和* lpCommandLine指定的命令行。新进程可以使用GetCommandLine检索整个命令行。控制台C编写的程序可以使用argc和argv参数解析命令行。由于argv [0]是模块名,C程序员通常重复模块名作为第一个在命令行标记。 如果lpApplicationName为NULL,则第一空格分隔的命令行标记指定的模块名称。如果您使用长文件名包含空格,请使用引号的字符串,以指示该文件名称结尾,争论开始(请参阅该lpApplicationName参数说明)。如果文件名不包含扩展名,。exe是附加。因此,如果文件扩展名。com,此参数必须包括。com扩展名。如果文件名中一期结束(。)不带扩展名,或者如果文件名包含路径。exe是不附加。如果文件名不包含目录的路径,在下面的顺序可执行文件的系统搜索: 该目录由该应用程序加载。 对于父进程的当前目录。 32位Windows系统目录。使用GetSystemDirectory函数获得这个目录的路径。 16位Windows系统目录。没有函数获得这个目录的路径,但它是搜索。 Windows目录。使用GetWindowsDirectory函数获得这个目录的路径。 即是在PATH环境变量中列出的目录。请注意,此功能不会搜索的每应用程序路径的应用程序路径注册表项中指定。如果要在搜索序列这个每个应用程序的路径,请使用ShellExecute函数。 该系统增加了一个空字符的命令行字符串分开参数的文件名。这分为两个内部处理字符串的原始字符串。 lpProcessAttributes [中,可选] 一个 SECURITY_ATTRIBUTES结构,指定为新的进程对象的安全描述符,并决定是否可以继承子进程返回的句柄的进程的指针。如果lpProcessAttributes为NULL或lpSecurityDescriptor为NULL,则进程获取默认的安全描述和处理不能被继承。默认的安全描述符,是在hToken参数引用的用户。此安全描述符可能不允许调用,在这种情况下,进程可能无法再次打开它运行后访问。进程句柄是有效的,并会继续充分享有的权利。 lpThreadAttributes [中,可选] 一个 SECURITY_ATTRIBUTES结构,指定为新的线程对象的安全描述符,并决定是否可以继承子进程返回的句柄线程的指针。如果lpThreadAttributes为NULL或lpSecurityDescriptor是NULL,线程获得一个默认的安全描述和处理不能被继承。默认的安全描述符,是在hToken参数引用的用户。此安全描述符可能不会允许呼叫者访问。 bInheritHandles [in] 如果此参数为TRUE,每个继承处理调用进程是由新的进程继承。如果该参数为FALSE,处理不继承。请注意,继承的处理具有相同的价值和使用权原始处理。 终端服务:您不能在会话继承处理。此外,如果此参数为true,则必须创建在与同届会议的过程调用。 dwCreationFlags [in] 这些标志控制的优先级和创造的过程。对于一个值列表,请参阅进程创建标志。 此参数也控制了新的进程的优先级,这是用来确定该进程的线程调度优先级。对于一个值列表,请参见GetPriorityClass。如果优先级标志都没有指定,默认为优先级NORMAL_PRIORITY_CLASS,除非创建进程的优先级是IDLE_PRIORITY_CLASS或BELOW_NORMAL_PRIORITY_CLASS。在这种情况下,子进程收到调用进程的默认优先级。 lpEnvironment [中,可选] 对一个新的进程环境块指针。如果该参数为NULL,则新进程使用调用进程的环境。 一个环境块包含一个空终止块空终止字符串。每个字符串的形式如下: 名称=值\\ 0 由于等号作为分隔符,它不能用在一个环境变量的名称。 一个环境块可以包含Unicode或ANSI字符。如果环境块指向lpEnvironment包含Unicode字符,请务必dwCreationFlags包括CREATE_UNICODE_ENVIRONMENT。如果此参数为NULL和父进程环境块包含Unicode字符,您还必须确保dwCreationFlags包括CREATE_UNICODE_ENVIRONMENT。 这个函数的ANSI版本,CreateProcessAsUserA失败,如果这一进程环境块总面积超过32,767个字符。 请注意一个ANSI环境块是由两个零字节:在过去的字符串之一终止,终止多块。一个Unicode环境块终止四个零字节:在过去的字符串2,两个终止块。 要检索一个给定用户的环境块,使用CreateEnvironmentBlock函数的副本。 lpCurrentDirectory [中,可选] 完整路径的进程的当前目录。该字符串也可以指定一个UNC路径。 如果该参数为NULL,则新的进程将具有相同的电流驱动器和调用进程的目录。 (此功能是提供了炮弹,主要需要启动一个应用程序,并指定其最初的驱动器和工作目录。) lpStartupInfo [in] 一个 STARTUPINFO或STARTUPINFOEX结构的指针。 用户必须具有完全访问无论对指定的窗口站和桌面。如果您希望过程是互动的,指定winsta0 \\默认。如果lpDesktop成员是NULL,则新进程继承的桌面和窗口的父进程站。如果这个成员是一个空字符串,“”,新工艺连接到一个窗口站使用过程连接描述的一个窗口站的规则。 要设置扩展属性,使用STARTUPINFOEX结构,并指定在dwCreationFlags参数EXTENDED_STARTUPINFO_PRESENT。 lpProcessInformation [out] 一个 PROCESS_INFORMATION结构鉴定接收有关新的进程信息的指针。 在PROCESS_INFORMATION把手,必须关闭与CloseHandle当他们不再需要。 返回值 如果函数成功,返回值为非零。 如果函数失败,返回值是零。为了获得更多错误信息,调用GetLastError。 请注意,该函数返回之前,该进程已完成初始化。如果所需的DLL无法找到或未能初始化的进程将终止。要获得一个进程的终止状态,调用GetExitCodeProcess。 备注 CreateProcessAsUser必须能够公开的首要与TOKEN_DUPLICATE和TOKEN_IMPERSONATE访问权限调用进程令牌。 默认情况下,CreateProcessAsUser上创建的桌面是不可见的,不能得到用户输入的非交互式窗口站新的进程。为了使用户与新工艺的互动,您必须指定默认的交互式窗口站和桌面的名字,“winsta0 \\默认”,在STARTUPINFO结构lpDesktop成员。此外,在调用CreateProcessAsUser,您必须更改任意访问控制双方的违约交互式窗口站和桌面的默认列表(DACL)。为窗口站和桌面必须授予访问权限的用户或登录会话的hToken参数描述的DACL。 CreateProcessAsUser不会加载到HKEY_USERS注册表项中指定用户的配置文件。因此,访问在HKEY_CURRENT_USER注册表项信息,您必须加载函数与LoadUserProfile用户的配置信息,然后再调用CreateProcessAsUser成的HKEY_USERS。一定要呼吁在新进程退出UnloadUserProfile。 如果lpEnvironment参数是NULL,则新进程继承调用进程的环境。 CreateProcessAsUser不会自动修改环境块,包括环境变量具体由hToken代表的用户。例如,用户名和USERDOMAIN继承自变量调用进程,如果lpEnvironment为NULL。这是您的责任,以准备新的进程环境块,并指定在lpEnvironment它。 在CreateProcessWithLogonW和CreateProcessWithTokenW功能类似于CreateProcessAsUser,除了调用不需要调用LogonUser函数来验证用户并获得一个令牌。 CreateProcessAsUser,您可以访问指定的目录和调用者或目标用户的安全上下文的可执行映像。默认情况下,CreateProcessAsUser访问在调用方的安全上下文目录和可执行的形象。在这种情况下,如果调用方没有访问目录和可执行的形象,功能失败。要访问的目录和可执行图像使用目标用户的安全上下文,指定hToken在呼叫在调用CreateProcessAsUser的ImpersonateLoggedOnUser函数。 这个过程被分配一个进程标识符。标识符有效,直到该进程终止。它可以用来识别过程中,或在OpenProcess函数中指定打开的句柄的进程。在这个过程中的初始线程也是分配一个线程标识符。它可以指定在OpenThread函数打开的句柄线程。标识符有效期至线程终止,可用于唯一标识系统内的线程。这些标识符返回PROCESS_INFORMATION结构。 调用线程可以使用WaitForInputIdle函数等待,直到新的进程已经完成了它的初始化并等待没有输入用户输入悬而未决。这可能是有益的父母和孩子之间的进程同步,因为没有新的进程等待完成它的初始化CreateProcessAsUser回报。例如,在创建过程中会使用WaitForInputIdle在试图寻找新的进程有关的一个窗口。 的首选方法关闭一个进程是通过使用ExitProcess函数,因为这个函数发送接近终止连接到该进程的所有DLL的通知。在关闭过程不通知所附的DLL的其他手段。请注意,当一个线程调用PRB:ExitProcess期间,该进程的其他线程都没有机会执行任何额外的代码终止(包括附加DLL的线程终止代码)。有关更多信息,请参阅终止一个进程。 安全备注 在lpApplicationName参数可以是NULL,在这种情况下可执行文件的名称必须是第一个空白,在lpCommandLine分隔的字符串。如果可执行文件或路径名中有一个空间,有一个风险,就是一个不同的可执行文件可以运行,因为这样的函数解析空间。下面的示例是危险的,因为该函数将试图运行“Program.exe的”,如果它存在,而不是“MyApp.exe将”。 LPTSTR szCmdline [] = _tcsdup(文本(的“C:\\ \\ Program Files文件\\ \\ MyApp的”)); CreateProcessAsUser(hToken,空,szCmdline,/*...*/); 如果恶意用户创建“Program.exe的”在一个系统的应用程序调用,任何程序错误地调用CreateProcessAsUser使用Program Files目录将运行此应用程序而不是预定的应用领域。 若要避免此问题,不要为lpApplicationName通过空。如果您为lpApplicationName通过空,周围lpCommandLine可执行文件路径用引号,如在下面的例子。 LPTSTR szCmdline [] = _tcsdup(文本(“\\的”C:\\ \\ Program Files文件\\ \\ MyApp的\\ "")); CreateProcessAsUser(hToken,空,szCmdline,/*...*/); 实例 有关示例,请参阅启动交互式客户端的过程。 要求: 最低支持:client-Windows 2000专业版 最低支持server-Windows 2000服务器 HeaderWinbase.h(头文件:winuser.h) LibraryAdvapi32.lib DLLAdvapi32.dll Unicode和ANSI namesCreateProcessAsUserW(Unicode)和CreateProcessAsUserA(ANSI)的 参见 CloseHandle CreateEnvironmentBlock CreateProcess的 CreateProcessWithLogonW PRB:ExitProcess期间 GetEnvironmentStrings GetExitCodeProcess GetStartupInfo ImpersonateLoggedOnUser LoadUserProfile 进程和线程函数 PROCESS_INFORMATION 过程 SECURITY_ATTRIBUTES SetErrorMode SHCreateProcessAsUserW STARTUPINFO STARTUPINFOEX WaitForInputIdle 如果有任何问题和意见,请发送给微软(wsddocfb@microsoft.com) 生成日期:2009年8月27日 ==英文原文==CreateProcessAsUser Function Creates a new process and its primary thread. The new process runs in the security context of the user represented by the specified token. Typically, the process that calls the CreateProcessAsUser function must have the SE_INCREASE_QUOTA_NAME privilege and may require the SE_ASSIGNPRIMARYTOKEN_NAME privilege if the token is not assignable. If this function fails with ERROR_PRIVILEGE_NOT_HELD (1314), use the CreateProcessWithLogonW function instead. CreateProcessWithLogonW requires no special privileges, but the specified user account must be allowed to log on interactively. Generally, it is best to use CreateProcessWithLogonW to create a process with alternate credentials. Syntax C++ BOOL WINAPI CreateProcessAsUser( __in_opt HANDLE hToken, __in_opt LPCTSTR lpApplicationName, __inout_opt LPTSTR lpCommandLine, __in_opt LPSECURITY_ATTRIBUTES lpProcessAttributes, __in_opt LPSECURITY_ATTRIBUTES lpThreadAttributes, __in BOOL bInheritHandles, __in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCTSTR lpCurrentDirectory, __in LPSTARTUPINFO lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInformation ); Parameters hToken [in, optional] A handle to the primary token that represents a user. The handle must have the TOKEN_QUERY, TOKEN_DUPLICATE, and TOKEN_ASSIGN_PRIMARY access rights. For more information, see Access Rights for Access-Token Objects . The user represented by the token must have read and execute access to the application specified by the lpApplicationName or the lpCommandLine parameter. To get a primary token that represents the specified user, call the LogonUser function. Alternatively, you can call the DuplicateTokenEx function to convert an impersonation token into a primary token. This allows a server application that is impersonating a client to create a process that has the security context of the client. If hToken is a restricted version of the caller's primary token, the SE_ASSIGNPRIMARYTOKEN_NAME privilege is not required. If the necessary privileges are not already enabled, CreateProcessAsUser enables them for the duration of the call. For more information, see Running with Special Privileges . Terminal Services: The process is run in the session specified in the token. By default, this is the same session that called LogonUser. To change the session, use the SetTokenInformation function. lpApplicationName [in, optional] The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer. The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a partial name, the function uses the current drive and current directory to complete the specification. The function will not use the search path. This parameter must include the file name extension; no default extension is assumed. The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\\program files\\sub dir\\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities in the following order: c:\\program.exe files\\sub dir\\program name c:\\program files\\sub.exe dir\\program name c:\\program files\\sub dir\\program.exe name c:\\program files\\sub dir\\program name.exe If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by lpCommandLine should specify the executable module as well as its arguments. By default, all 16-bit Windows-based applications created by CreateProcessAsUser are run in a separate VDM (equivalent to CREATE_SEPARATE_WOW_VDM in CreateProcess ). lpCommandLine [in, out, optional] The command line to be executed. The maximum length of this string is 32K characters. If lpApplicationName is NULL, the module name portion of lpCommandLine is limited to MAX_PATH characters. The Unicode version of this function, CreateProcessAsUserW, can modify the contents of this string. Therefore, this parameter cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a constant string, the function may cause an access violation. The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the command line. If both lpApplicationName and lpCommandLine are non-NULL, *lpApplicationName specifies the module to execute, and *lpCommandLine specifies the command line. The new process can use GetCommandLine to retrieve the entire command line. Console processes written in C can use the argc and argv arguments to parse the command line. Because argv[0] is the module name, C programmers generally repeat the module name as the first token in the command line. If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended. Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory path, the system searches for the executable file in the following sequence: The directory from which the application loaded. The current directory for the parent process. The 32-bit Windows system directory. Use the GetSystemDirectory function to get the path of this directory. The 16-bit Windows system directory. There is no function that obtains the path of this directory, but it is searched. The Windows directory. Use the GetWindowsDirectory function to get the path of this directory. The directories that are listed in the PATH environment variable. Note that this function does not search the per-application path specified by the App Paths registry key. To include this per-application path in the search sequence, use the ShellExecute function. The system adds a null character to the command line string to separate the file name from the arguments. This divides the original string into two strings for internal processing. lpProcessAttributes [in, optional] A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new process object and determines whether child processes can inherit the returned handle to the process. If lpProcessAttributes is NULL or lpSecurityDescriptor is NULL, the process gets a default security descriptor and the handle cannot be inherited. The default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow access for the caller, in which case the process may not be opened again after it is run. The process handle is valid and will continue to have full access rights. lpThreadAttributes [in, optional] A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new thread object and determines whether child processes can inherit the returned handle to the thread. If lpThreadAttributes is NULL or lpSecurityDescriptor is NULL, the thread gets a default security descriptor and the handle cannot be inherited. The default security descriptor is that of the user referenced in the hToken parameter. This security descriptor may not allow access for the caller. bInheritHandles [in] If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the parameter is FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as the original handles. Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must create the process in the same session as the caller. dwCreationFlags [in] The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags . This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the process's threads. For a list of values, see GetPriorityClass . If none of the priority class flags is specified, the priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority class of the calling process. lpEnvironment [in, optional] A pointer to an environment block for the new process. If this parameter is NULL, the new process uses the environment of the calling process. An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form: name=value\\0 Because the equal sign is used as a separator, it must not be used in the name of an environment variable. An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. The ANSI version of this function, CreateProcessAsUserA fails if the total size of the environment block for the process exceeds 32,767 characters. Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block. To retrieve a copy of the environment block for a given user, use the CreateEnvironmentBlock function. lpCurrentDirectory [in, optional] The full path to the current directory for the process. The string can also specify a UNC path. If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This feature is provided primarily for shells that need to start an application and specify its initial drive and working directory.) lpStartupInfo [in] A pointer to a STARTUPINFO or STARTUPINFOEX structure. The user must have full access to both the specified window station and desktop. If you want the process to be interactive, specify winsta0\\default. If the lpDesktop member is NULL, the new process inherits the desktop and window station of its parent process. If this member is an empty string, "", the new process connects to a window station using the rules described in Process Connection to a Window Station . To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the dwCreationFlags parameter. lpProcessInformation [out] A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process. Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed. Return Value If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. To get extended error information, call GetLastError . Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess . Remarks CreateProcessAsUser must be able to open the primary token of the calling process with the TOKEN_DUPLICATE and TOKEN_IMPERSONATE access rights. By default, CreateProcessAsUser creates the new process on a noninteractive window station with a desktop that is not visible and cannot receive user input. To enable user interaction with the new process, you must specify the name of the default interactive window station and desktop, "winsta0\\default", in the lpDesktop member of the STARTUPINFO structure. In addition, before calling CreateProcessAsUser, you must change the discretionary access control list (DACL) of both the default interactive window station and the default desktop. The DACLs for the window station and desktop must grant access to the user or the logon session represented by the hToken parameter. CreateProcessAsUser does not load the specified user's profile into the HKEY_USERS registry key. Therefore, to access the information in the HKEY_CURRENT_USER registry key, you must load the user's profile information into HKEY_USERS with the LoadUserProfile function before calling CreateProcessAsUser. Be sure to call UnloadUserProfile after the new process exits. If the lpEnvironment parameter is NULL, the new process inherits the environment of the calling process. CreateProcessAsUser does not automatically modify the environment block to include environment variables specific to the user represented by hToken. For example, the USERNAME and USERDOMAIN variables are inherited from the calling process if lpEnvironment is NULL. It is your responsibility to prepare the environment block for the new process and specify it in lpEnvironment. The CreateProcessWithLogonW and CreateProcessWithTokenW functions are similar to CreateProcessAsUser, except that the caller does not need to call the LogonUser function to authenticate the user and get a token. CreateProcessAsUser allows you to access the specified directory and executable image in the security context of the caller or the target user. By default, CreateProcessAsUser accesses the directory and executable image in the security context of the caller. In this case, if the caller does not have access to the directory and executable image, the function fails. To access the directory and executable image using the security context of the target user, specify hToken in a call to the ImpersonateLoggedOnUser function before calling CreateProcessAsUser. The process is assigned a process identifier. The identifier is valid until the process terminates. It can be used to identify the process, or specified in the OpenProcess function to open a handle to the process. The initial thread in the process is also assigned a thread identifier. It can be specified in the OpenThread function to open a handle to the thread. The identifier is valid until the thread terminates and can be used to uniquely identify the thread within the system. These identifiers are returned in the PROCESS_INFORMATION structure. The calling thread can use the WaitForInputIdle function to wait until the new process has finished its initialization and is waiting for user input with no input pending. This can be useful for synchronization between parent and child processes, because CreateProcessAsUser returns without waiting for the new process to finish its initialization. For example, the creating process would use WaitForInputIdle before trying to find a window associated with the new process. The preferred way to shut down a process is by using the ExitProcess function, because this function sends notification of approaching termination to all DLLs attached to the process. Other means of shutting down a process do not notify the attached DLLs. Note that when a thread calls ExitProcess, other threads of the process are terminated without an opportunity to execute any additional code (including the thread termination code of attached DLLs). For more information, see Terminating a Process . Security Remarks The lpApplicationName parameter can be NULL, in which case the executable name must be the first white space–delimited string in lpCommandLine. If the executable or path name has a space in it, there is a risk that a different executable could be run because of the way the function parses spaces. The following example is dangerous because the function will attempt to run "Program.exe", if it exists, instead of "MyApp.exe". LPTSTR szCmdline[] = _tcsdup(TEXT("C:\\\\Program Files\\\\MyApp")); CreateProcessAsUser(hToken, NULL, szCmdline, /*...*/ ); If a malicious user were to create an application called "Program.exe" on a system, any program that incorrectly calls CreateProcessAsUser using the Program Files directory will run this application instead of the intended application. To avoid this problem, do not pass NULL for lpApplicationName. If you do pass NULL for lpApplicationName, use quotation marks around the executable path in lpCommandLine, as shown in the example below. LPTSTR szCmdline[] = _tcsdup(TEXT("\\"C:\\\\Program Files\\\\MyApp\\"")); CreateProcessAsUser(hToken, NULL, szCmdline, /*...*/); Examples For an example, see Starting an Interactive Client Process . Requirements Minimum supported clientWindows 2000 Professional Minimum supported serverWindows 2000 Server HeaderWinbase.h (include Windows.h) LibraryAdvapi32.lib DLLAdvapi32.dll Unicode and ANSI namesCreateProcessAsUserW (Unicode) and CreateProcessAsUserA (ANSI) See Also CloseHandle CreateEnvironmentBlock CreateProcess CreateProcessWithLogonW ExitProcess GetEnvironmentStrings GetExitCodeProcess GetStartupInfo ImpersonateLoggedOnUser LoadUserProfile Process and Thread Functions PROCESS_INFORMATION Processes SECURITY_ATTRIBUTES SetErrorMode SHCreateProcessAsUserW STARTUPINFO STARTUPINFOEX WaitForInputIdle Send comments about this topic to Microsoft Build date: 8/27/2009 ==原始网址==http://msdn.microsoft.com/en-us/library/ms682429(VS.85).aspx\n |
| 随便看 |
|
windows api函数参考手册包含2258条windows api函数文档,详细介绍nodejs、java、rust调用windows api的方法技巧,是学习windows api编程的入门中文文档。