| 术语 | createprocesswithlogonw |
| 释义 | CreateProcessWithLogonW 语法: C++ BOOL WINAPI CreateProcessWithLogonW( __in LPCWSTR lpUsername, __in_opt LPCWSTR lpDomain, __in LPCWSTR lpPassword, __in DWORD dwLogonFlags, __in_opt LPCWSTR lpApplicationName, __inout_opt LPWSTR lpCommandLine, __in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCWSTR lpCurrentDirectory, __in LPSTARTUPINFOW lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInfo ); CreateProcessWithLogonW功能 创建一个新的进程和主线程。然后,新的进程运行在指定的凭据的安全上下文中指定的可执行文件(用户,域和密码)。它可以选择加载指定的用户的用户配置文件。 这个功能类似于的CreateProcessAsUser和CreateProcessWithTokenW功能,除了调用不需要调用LogonUser函数来验证用户并获得一个令牌。 参数 lpUsername [in] 该用户的名称。这是用户帐户的名称登录到。如果您使用UPN格式,@ Dns_Domain_Name的区域用户,lpDomain参数必须是NULL。 用户帐户必须具有在本地计算机上的本地登录权限。此权限被授予工作站和服务器上的所有用户,但只有在域控制器上的管理员。 lpDomain [中,可选] 在域或服务器的帐户数据库的名称包含lpUsername帐户。如果该参数为NULL,用户名必须是在UPN格式指定。 lpPassword [in] 此次清理的lpUsername帐户文本密码。 dwLogonFlags [in] 在登录选项。此参数可以是0(零)或下列值之一。 ValueMeaning LOGON_WITH_PROFILE 0x00000001Log上,然后加载在HKEY_USERS注册表项的用户配置文件。该函数后,配置文件加载回报。加载配置文件可耗费时间,因此最好使用此值仅当您要访问在HKEY_CURRENT_USER注册表项信息。 Windows Server 2003和Windows 2000上:是新工艺后,卸载配置文件被终止,是否创造了子进程。 Windows XP中:配置文件卸载后,新的过程,所有的子进程已创建的终止。 LOGON_NETCREDENTIALS_ONLY 0x00000002Log的,但在网络上使用唯一指定的凭据。这种新工艺使用了同样的来电,但系统内创建一个新的LSA登录会话和进程使用默认凭据作为指定的凭据。 此值可用于创建一个进程,它使用一个不同的凭据集比它本地远程。这是非常有用的域间方案在没有信任关系。 该系统不验证指定的凭据。因此,该进程可以启动,但它可能无法访问网络资源。 lpApplicationName [中,可选] 该模块的名称被执行。这个模块可以是一个基于Windows的应用程序。它可以有一些模块(例如,MS - DOS或OS / 2)如果适当的子系统是在本地计算机上提供的其他类型。 该字符串可以指定完整路径和文件模块的名称来执行,也可以指定部分名称。如果它是一个部分的名称,该函数使用当前驱动器和当前目录,即完成规范。该函数不使用搜索路径。此参数必须包括文件扩展名;没有默认的扩展名则假定。 在lpApplicationName参数可以是NULL,和模块的名称必须是第一个空格分隔在lpCommandLine字符串标记。如果您使用长文件名包含空格,请使用引号的字符串,以指示该文件名称结尾,争论开始,否则,文件名是模糊的。 例如,下面的字符串可以以不同的方式解释: 的“C:\\程序文件\\副署长\\程序名” 该系统试图解释下列顺序的可能性: ?:\\ Program.exe的文件\\副署长\\程序名 ?:\\程序文件\\ sub.exe迪尔\\程序名 ?:\\程序文件\\副署长\\ Program.exe的名称 ?:\\程序文件\\副署长\\程序name.exe 如果可执行模块是一个16位应用程序,lpApplicationName应该是NULL,和字符串指向lpCommandLine应指定可执行模块和它的参数。 lpCommandLine [中,指出,可选] 命令行执行。这个字符串的最大长度为1024个字符。如果lpApplicationName为NULL,则是lpCommandLine模块的名称部分仅限于MAX_PATH字符。 该函数可以修改这个字符串的内容。因此,这个参数不能指向只读存储器(如一个const变量或字符串)。如果该参数是一个字符串常量,该函数可能会导致访问冲突。 在lpCommandLine参数可以是NULL,函数使用字符串指出,作为命令行lpApplicationName。 如果同时lpApplicationName和lpCommandLine都是非空,* lpApplicationName指定模块执行和* lpCommandLine指定的命令行。新进程可以使用GetCommandLine检索整个命令行。控制台C编写的程序可以使用argc和argv参数解析命令行。由于argv [0]是模块名,C程序员通常重复模块名作为第一个在命令行标记。 如果lpApplicationName为NULL,则第一空格分隔的命令行标记指定的模块名称。如果您使用长文件名包含空格,请使用引号的字符串,以指示该文件名称结尾,争论开始(请参阅该lpApplicationName参数说明)。如果文件名不包含扩展名,。exe是附加。因此,如果文件扩展名。com,此参数必须包括。com扩展名。如果文件名中不带扩展名,或者如果文件名包含路径期结束。exe是不附加。如果文件名不包含目录的路径,在下面的顺序可执行文件的系统搜索: 该目录由该应用程序加载。 对于父进程的当前目录。 32位Windows系统目录。使用GetSystemDirectory函数获得这个目录的路径。 16位Windows系统目录。没有函数获得这个目录的路径,但它是搜索。 Windows目录。使用GetWindowsDirectory函数获得这个目录的路径。 即是在PATH环境变量中列出的目录。请注意,此功能不会搜索的每应用程序路径的应用程序路径注册表项中指定。如果要在搜索序列这个每个应用程序的路径,请使用ShellExecute函数。 该系统增加了一个空字符的命令行字符串分开参数的文件名。这分为两个内部处理字符串的原始字符串。 dwCreationFlags [in] 在控制这一进程是如何创建的标志。该CREATE_DEFAULT_ERROR_MODE,CREATE_NEW_CONSOLE和CREATE_NEW_PROCESS_GROUP标志默认情况下启用,即使您没有设置标志,系统就好像它是一套功能。您可以指定所提到的其他标志。 ValueMeaning CREATE_DEFAULT_ERROR_MODE 0x04000000The新进程不继承调用进程的错误模式。相反,CreateProcessWithLogonW赋予新进程当前的默认错误模式。应用程序通过调用SetErrorMode设置当前默认的错误模式。 这个标志是默认启用。 CREATE_NEW_CONSOLE 0x00000010The新的进程有一个新的控制台,而不是继承父的控制台。这个标志不能用于与DETACHED_PROCESS标志。 这个标志是默认启用。 CREATE_NEW_PROCESS_GROUP 0x00000200The新工艺是一个新的进程组的根进程。该进程组包括所有进程的本根过程的后裔。新进程组进程标识符是一样的进程标识符,这在lpProcessInfo参数中返回相同。工艺组使用的GenerateConsoleCtrlEvent功能,使发送按Ctrl + C或按Ctrl + Break信号的控制台程序组。 这个标志是默认启用。 CREATE_SEPARATE_WOW_VDM 0x00000800This标志是唯一有效的启动一个16位基于Windows的应用程序。假如成立,新的进程运行在一个私人虚拟DOS机器(VDM)。默认情况下,所有16位Windows的应用程序运行在一个共享的VDM。正在运行的优势分别是崩溃只有单一的VDM终止,任何其他程序在不同的VDM运行继续正常运行。此外,16位基于Windows的应用程序运行在单独的VDM有独立的输入队列,这意味着如果一个应用程序暂时停止响应,在单独的VDM应用程序继续接收输入。 CREATE_SUSPENDED 0x00000004The新进程的主线程中创建挂起状态,并不直到ResumeThread函数被调用运行。 CREATE_UNICODE_ENVIRONMENT 0x00000400Indicates的lpEnvironment参数格式。如果设置此标志,环境块指向lpEnvironment使用Unicode字符。否则,环境块使用ANSI字符。 EXTENDED_STARTUPINFO_PRESENT 0x00080000The进程创建与扩展的启动资料; lpStartupInfo参数指定一个STARTUPINFOEX结构。 Windows Server 2003和Windows XP/2000操作系统:此值不支持。 此参数也控制了新的进程的优先级,这是用来确定该进程的线程调度优先级。对于一个值列表,请参见GetPriorityClass。如果优先级标志都没有指定,默认为优先级NORMAL_PRIORITY_CLASS,除非创建进程的优先级是IDLE_PRIORITY_CLASS或BELOW_NORMAL_PRIORITY_CLASS。在这种情况下,子进程收到调用进程的默认优先级。 lpEnvironment [中,可选] 对一个新的进程环境块指针。如果该参数为NULL,则新工艺采用从受lpUsername指定的用户配置文件中创建一个环境。 一个环境块包含一个空终止块空终止字符串。每个字符串的形式如下: 名称=值 由于等号(=)作为分隔符,绝不能在一个环境变量的名称。 一个环境块可以包含Unicode或ANSI字符。如果环境块指向lpEnvironment包含Unicode字符,确保dwCreationFlags包括CREATE_UNICODE_ENVIRONMENT。如果此参数为NULL和父进程环境块包含Unicode字符,您还必须确保dwCreationFlags包括CREATE_UNICODE_ENVIRONMENT。 一个ANSI环境块是由两个终止0(零)字节:在过去的字符串之一,终止多块。一个Unicode环境块终止四个零字节:在过去的两个及两个以上的字符串终止块。 要检索特定用户的环境块拷贝,使用CreateEnvironmentBlock函数。 lpCurrentDirectory [中,可选] 完整路径的进程的当前目录。该字符串也可以指定一个UNC路径。 如果该参数是NULL,新工艺具有相同的电流驱动器和调用进程的目录。此功能提供了炮弹,主要需要启动一个应用程序,并指定其最初的驱动器和工作目录。 lpStartupInfo [in] 一个 STARTUPINFO结构的指针。应用程序必须添加指定的用户帐户到指定的窗口站和桌面许可,即使是WinSta0 \\默认。 如果lpDesktop成员是NULL或空字符串,新的进程继承的桌面和窗口的父进程站。应用程序必须添加指定的用户帐户的继承窗口站和桌面许可。 Windows XP/2000操作系统:CreateProcessWithLogonW增加了对指定的用户帐户的继承窗口站和桌面许可。 lpProcessInfo [out] 阿PROCESS_INFORMATION结构的接收新进程的识别信息,包括该进程的句柄的指针。 在PROCESS_INFORMATION把手必须关闭的时候不需要CloseHandle函数。 返回值 如果函数成功,返回值为非零。 如果函数失败,返回值为0(零)。为了获得更多错误信息,调用GetLastError。 请注意,该函数返回之前,该进程已完成初始化。如果所需的DLL无法找到或未能初始化的进程将终止。要获得一个进程的终止状态,调用GetExitCodeProcess。 备注 默认情况下,CreateProcessWithLogonW不加载到HKEY_USERS注册表项中指定的用户配置文件。这意味着,进入在HKEY_CURRENT_USER注册表项的信息可能不会产生结果与正常的交互式登录是一致的。这是您的责任加载到HKEY_USERS在调用CreateProcessWithLogonW用户注册表配置单元,通过使用LOGON_WITH_PROFILE,或调用LoadUserProfile功能。 如果lpEnvironment参数为NULL,新工艺使用的环境块从受lpUserName指定的用户配置文件创建。如果HOMEDRIVE和HOMEPATH变量没有设定,CreateProcessWithLogonW修改环境块使用的驱动器和用户的工作目录路径。 当创建新的进程和线程的处理得到充分的访问权限(PROCESS_ALL_ACCESS和THREAD_ALL_ACCESS)。对于任何处理,如果安全描述符没有提供的处理可用于任何职能需要处理的对象的类型。当提供安全描述符,访问检查,是对前处理授予访问权限执行的所有后续用途。如果访问被拒绝,请求进程不能使用句柄来访问该进程或线程。 要检索一个安全令牌,传递的过程中PROCESS_INFORMATION结构句柄OpenProcessToken功能。 这个过程被分配一个进程标识符。标识符有效,直到该进程终止。它可以用来识别过程,也可以在OpenProcess函数中指定打开的句柄的进程。在这个过程中的初始线程也是分配一个线程标识符。它可以指定在OpenThread函数打开的句柄线程。标识符有效期至线程终止,可用于唯一标识系统内的线程。这些标识符在PROCESS_INFORMATION返回。 调用线程可以使用WaitForInputIdle函数等待,直到新的进程已经完成了初始化,并等待着没有输入用户输入悬而未决。这可能是有益的父母和孩子之间的进程同步,因为没有新的进程等待完成它的初始化CreateProcessWithLogonW回报。例如,在创建过程中会使用WaitForInputIdle后再尝试找到一个新的进程有关的窗口。 的首选方法关闭一个进程是通过使用ExitProcess函数,因为这个函数发送接近终止连接到该进程的所有DLL的通知。在关闭过程不通知所附的DLL的其他手段。请注意,当一个线程调用PRB:ExitProcess期间,该进程的其他线程都没有机会执行任何额外的代码终止(包括附加DLL的线程终止代码)。有关更多信息,请参阅终止一个进程。 CreateProcessWithLogonW访问指定的目录中目标用户的安全上下文和可执行的形象。如果可执行图像网络和网络驱动器信中指定的路径,网络驱动器号不是提供给目标用户,如网络驱动器号,可以为每个登录分配。如果一个网络驱动器号指定,该函数失败。如果可执行图像是在网络上,使用UNC路径。 还有一个儿童,可以创建和运行此功能,同时处理器数量的限额。例如,在Windows XP中,此限制MAXIMUM_WAIT_OBJECTS * 4。在Windows 2000,此限制MAXIMUM_WAIT_OBJECTS。但是,您可能无法创建此过程中,由于许多全系统的配额限制。 带有SP2的Windows和Windows Server 2003 XP中:您无法拨打电话CreateProcessWithLogonW从一个进程,在LocalSystem帐户下运行,因为函数使用登录中的SID来电令牌,和LocalSystem帐户令牌中不包含此SID。作为替代方案,使用的CreateProcessAsUser和LogonUser的功能。 要编译的应用程序使用此功能,定义_WIN32_WINNT为0x0500或更高版本。有关详细信息,请参阅使用Windows头。 安全备注 在lpApplicationName参数可以是NULL,和可执行文件的名称必须是第一个空白,在lpCommandLine分隔的字符串。如果可执行文件或路径名中有一个空间,有一个风险,就是一个不同的可执行文件可以运行,因为这样的函数解析空间。避免下面的例子,因为函数试图运行“Program.exe的”,如果它存在,而不是“MyApp.exe将”。 LPTSTR szCmdline [] = _tcsdup(文本(的“C:\\ \\ Program Files文件\\ \\ MyApp的”)); CreateProcessWithLogonW (..., szCmdline,...) 如果恶意用户创建“Program.exe的”在一个系统的应用程序调用,任何程序错误地调用CreateProcessWithLogonW使用Program Files目录运行该恶意用户应用程序而不是预定的应用领域。 若要避免此问题,不要为lpApplicationName通过空。如果您为lpApplicationName传递空,周围lpCommandLine可执行文件路径用引号,如在下面的例子: LPTSTR szCmdline [] = _tcsdup(文本(“\\的”C:\\ \\ Program Files文件\\ \\ MyApp的\\ "")); CreateProcessWithLogonW (..., szCmdline,...) 实例 下面的示例演示如何调用这个函数。 #define UNICODE #define _WIN32_WINNT 0x0500 #include #include #include void DisplayError(LPWSTR pszAPI) { LPVOID lpvMessageBuffer; FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPWSTR)&lpvMessageBuffer, 0, NULL); // //... now display this string // wprintf(L"ERROR: API = %s.\\n", pszAPI); wprintf(L" error code = %d.\\n", GetLastError()); wprintf(L" message = %s.\\n", (LPWSTR)lpvMessageBuffer); // // Free the buffer allocated by the system // LocalFree(lpvMessageBuffer); ExitProcess(GetLastError()); } void wmain(int argc, WCHAR *argv[]) { DWORD dwSize; HANDLE hToken; LPVOID lpvEnv; PROCESS_INFORMATION pi = {0}; STARTUPINFO si = {0}; WCHAR szUserProfile[256] = L""; si.cb = sizeof(STARTUPINFO); if (argc != 4) { wprintf(L"Usage: %s [user@domain] [password] [cmd]", argv[0]); wprintf(L"\\n\\n"); return; } // // TO DO: change NULL to '.' to use local account database // if (!LogonUser(argv[1], NULL, argv[2], LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken)) DisplayError(L"LogonUser"); if (!CreateEnvironmentBlock(&lpvEnv, hToken, TRUE)) DisplayError(L"CreateEnvironmentBlock"); dwSize = sizeof(szUserProfile)/sizeof(WCHAR); if (!GetUserProfileDirectory(hToken, szUserProfile, &dwSize)) DisplayError(L"GetUserProfileDirectory"); // // TO DO: change NULL to '.' to use local account database // if (!CreateProcessWithLogonW(argv[1], NULL, argv[2], LOGON_WITH_PROFILE, NULL, argv[3], CREATE_UNICODE_ENVIRONMENT, lpvEnv, szUserProfile, &si, &pi)) DisplayError(L"CreateProcessWithLogonW"); if (!DestroyEnvironmentBlock(lpvEnv)) DisplayError(L"DestroyEnvironmentBlock"); CloseHandle(hToken); CloseHandle(pi.hProcess); CloseHandle(pi.hThread); } 要求: 最低支持:client-Windows 2000专业版 最低支持server-Windows 2000服务器 HeaderWinbase.h(头文件:winuser.h) LibraryAdvapi32.lib DLLAdvapi32.dll 参见 CloseHandle CreateEnvironmentBlock CreateProcessAsUser PRB:ExitProcess期间 GetEnvironmentStrings GetExitCodeProcess OpenProcess 进程和线程函数 PROCESS_INFORMATION 过程 SetErrorMode STARTUPINFO WaitForInputIdle 如果有任何问题和意见,请发送给微软(wsddocfb@microsoft.com) 生成日期:2009年8月27日 ==英文原文==CreateProcessWithLogonW Function Creates a new process and its primary thread. Then the new process runs the specified executable file in the security context of the specified credentials (user, domain, and password). It can optionally load the user profile for a specified user. This function is similar to the CreateProcessAsUser and CreateProcessWithTokenW functions, except that the caller does not need to call the LogonUser function to authenticate the user and get a token. Syntax C++ BOOL WINAPI CreateProcessWithLogonW( __in LPCWSTR lpUsername, __in_opt LPCWSTR lpDomain, __in LPCWSTR lpPassword, __in DWORD dwLogonFlags, __in_opt LPCWSTR lpApplicationName, __inout_opt LPWSTR lpCommandLine, __in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCWSTR lpCurrentDirectory, __in LPSTARTUPINFOW lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInfo ); Parameters lpUsername [in] The name of the user. This is the name of the user account to log on to. If you use the UPN format, user@DNS_domain_name, the lpDomain parameter must be NULL. The user account must have the Log On Locally permission on the local computer. This permission is granted to all users on workstations and servers, but only to administrators on domain controllers. lpDomain [in, optional] The name of the domain or server whose account database contains the lpUsername account. If this parameter is NULL, the user name must be specified in UPN format. lpPassword [in] The clear-text password for the lpUsername account. dwLogonFlags [in] The logon option. This parameter can be 0 (zero) or one of the following values. ValueMeaning LOGON_WITH_PROFILE 0x00000001Log on, then load the user profile in the HKEY_USERS registry key. The function returns after the profile is loaded. Loading the profile can be time-consuming, so it is best to use this value only if you must access the information in the HKEY_CURRENT_USER registry key. Windows Server 2003 and Windows 2000: The profile is unloaded after the new process is terminated, whether or not it has created child processes. Windows XP: The profile is unloaded after the new process and all child processes it has created are terminated. LOGON_NETCREDENTIALS_ONLY 0x00000002Log on, but use the specified credentials on the network only. The new process uses the same token as the caller, but the system creates a new logon session within LSA, and the process uses the specified credentials as the default credentials. This value can be used to create a process that uses a different set of credentials locally than it does remotely. This is useful in inter-domain scenarios where there is no trust relationship. The system does not validate the specified credentials. Therefore, the process can start, but it may not have access to network resources. lpApplicationName [in, optional] The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer. The string can specify the full path and file name of the module to execute or it can specify a partial name. If it is a partial name, the function uses the current drive and current directory to complete the specification. The function does not use the search path. This parameter must include the file name extension; no default extension is assumed. The lpApplicationName parameter can be NULL, and the module name must be the first white space–delimited token in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, the following string can be interpreted in different ways: "c:\\program files\\sub dir\\program name" The system tries to interpret the possibilities in the following order: c:\\program.exe files\\sub dir\\program name c:\\program files\\sub.exe dir\\program name c:\\program files\\sub dir\\program.exe name c:\\program files\\sub dir\\program name.exe If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by lpCommandLine should specify the executable module and its arguments. lpCommandLine [in, out, optional] The command line to be executed. The maximum length of this string is 1024 characters. If lpApplicationName is NULL, the module name portion of lpCommandLine is limited to MAX_PATH characters. The function can modify the contents of this string. Therefore, this parameter cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a constant string, the function may cause an access violation. The lpCommandLine parameter can be NULL, and the function uses the string pointed to by lpApplicationName as the command line. If both lpApplicationName and lpCommandLine are non-NULL, *lpApplicationName specifies the module to execute, and *lpCommandLine specifies the command line. The new process can use GetCommandLine to retrieve the entire command line. Console processes written in C can use the argc and argv arguments to parse the command line. Because argv[0] is the module name, C programmers typically repeat the module name as the first token in the command line. If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended. Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory path, the system searches for the executable file in the following sequence: The directory from which the application loaded. The current directory for the parent process. The 32-bit Windows system directory. Use the GetSystemDirectory function to get the path of this directory. The 16-bit Windows system directory. There is no function that obtains the path of this directory, but it is searched. The Windows directory. Use the GetWindowsDirectory function to get the path of this directory. The directories that are listed in the PATH environment variable. Note that this function does not search the per-application path specified by the App Paths registry key. To include this per-application path in the search sequence, use the ShellExecute function. The system adds a null character to the command line string to separate the file name from the arguments. This divides the original string into two strings for internal processing. dwCreationFlags [in] The flags that control how the process is created. The CREATE_DEFAULT_ERROR_MODE, CREATE_NEW_CONSOLE, and CREATE_NEW_PROCESS_GROUP flags are enabled by default— even if you do not set the flag, the system functions as if it were set. You can specify additional flags as noted. ValueMeaning CREATE_DEFAULT_ERROR_MODE 0x04000000The new process does not inherit the error mode of the calling process. Instead, CreateProcessWithLogonW gives the new process the current default error mode. An application sets the current default error mode by calling SetErrorMode . This flag is enabled by default. CREATE_NEW_CONSOLE 0x00000010The new process has a new console, instead of inheriting the parent's console. This flag cannot be used with the DETACHED_PROCESS flag. This flag is enabled by default. CREATE_NEW_PROCESS_GROUP 0x00000200The new process is the root process of a new process group. The process group includes all processes that are descendants of this root process. The process identifier of the new process group is the same as the process identifier, which is returned in the lpProcessInfo parameter. Process groups are used by the GenerateConsoleCtrlEvent function to enable sending a CTRL+C or CTRL+BREAK signal to a group of console processes. This flag is enabled by default. CREATE_SEPARATE_WOW_VDM 0x00000800This flag is only valid starting a 16-bit Windows-based application. If set, the new process runs in a private Virtual DOS Machine (VDM). By default, all 16-bit Windows-based applications run in a single, shared VDM. The advantage of running separately is that a crash only terminates the single VDM; any other programs running in distinct VDMs continue to function normally. Also, 16-bit Windows-based applications that run in separate VDMs have separate input queues, which means that if one application stops responding momentarily, applications in separate VDMs continue to receive input. CREATE_SUSPENDED 0x00000004The primary thread of the new process is created in a suspended state, and does not run until the ResumeThread function is called. CREATE_UNICODE_ENVIRONMENT 0x00000400Indicates the format of the lpEnvironment parameter. If this flag is set, the environment block pointed to by lpEnvironment uses Unicode characters. Otherwise, the environment block uses ANSI characters. EXTENDED_STARTUPINFO_PRESENT 0x00080000The process is created with extended startup information; the lpStartupInfo parameter specifies a STARTUPINFOEX structure. Windows Server 2003 and Windows XP/2000: This value is not supported. This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the process's threads. For a list of values, see GetPriorityClass . If none of the priority class flags is specified, the priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority class of the calling process. lpEnvironment [in, optional] A pointer to an environment block for the new process. If this parameter is NULL, the new process uses an environment created from the profile of the user specified by lpUsername. An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form: name=value Because the equal sign (=) is used as a separator, it must not be used in the name of an environment variable. An environment block can contain Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains Unicode characters, ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. An ANSI environment block is terminated by two 0 (zero) bytes: one for the last string and one more to terminate the block. A Unicode environment block is terminated by four zero bytes: two for the last string and two more to terminate the block. To retrieve a copy of the environment block for a specific user, use the CreateEnvironmentBlock function. lpCurrentDirectory [in, optional] The full path to the current directory for the process. The string can also specify a UNC path. If this parameter is NULL, the new process has the same current drive and directory as the calling process. This feature is provided primarily for shells that need to start an application, and specify its initial drive and working directory. lpStartupInfo [in] A pointer to a STARTUPINFO structure. The application must add permission for the specified user account to the specified window station and desktop, even for WinSta0\\Default. If the lpDesktop member is NULL or an empty string, the new process inherits the desktop and window station of its parent process. The application must add permission for the specified user account to the inherited window station and desktop. Windows XP/2000: CreateProcessWithLogonW adds permission for the specified user account to the inherited window station and desktop. lpProcessInfo [out] A pointer to a PROCESS_INFORMATION structure that receives identification information for the new process, including a handle to the process. Handles in PROCESS_INFORMATION must be closed with the CloseHandle function when they are not needed. Return Value If the function succeeds, the return value is nonzero. If the function fails, the return value is 0 (zero). To get extended error information, call GetLastError . Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess . Remarks By default, CreateProcessWithLogonW does not load the specified user profile into the HKEY_USERS registry key. This means that access to information in the HKEY_CURRENT_USER registry key may not produce results that are consistent with a normal interactive logon. It is your responsibility to load the user registry hive into HKEY_USERS before calling CreateProcessWithLogonW, by using LOGON_WITH_PROFILE, or by calling the LoadUserProfile function. If the lpEnvironment parameter is NULL, the new process uses an environment block created from the profile of the user specified by lpUserName. If the HOMEDRIVE and HOMEPATH variables are not set, CreateProcessWithLogonW modifies the environment block to use the drive and path of the user's working directory. When created, the new process and thread handles receive full access rights (PROCESS_ALL_ACCESS and THREAD_ALL_ACCESS). For either handle, if a security descriptor is not provided, the handle can be used in any function that requires an object handle of that type. When a security descriptor is provided, an access check is performed on all subsequent uses of the handle before access is granted. If access is denied, the requesting process cannot use the handle to gain access to the process or thread. To retrieve a security token, pass the process handle in the PROCESS_INFORMATION structure to the OpenProcessToken function. The process is assigned a process identifier. The identifier is valid until the process terminates. It can be used to identify the process, or it can be specified in the OpenProcess function to open a handle to the process. The initial thread in the process is also assigned a thread identifier. It can be specified in the OpenThread function to open a handle to the thread. The identifier is valid until the thread terminates and can be used to uniquely identify the thread within the system. These identifiers are returned in PROCESS_INFORMATION. The calling thread can use the WaitForInputIdle function to wait until the new process has completed its initialization and is waiting for user input with no input pending. This can be useful for synchronization between parent and child processes, because CreateProcessWithLogonW returns without waiting for the new process to finish its initialization. For example, the creating process would use WaitForInputIdle before trying to find a window that is associated with the new process. The preferred way to shut down a process is by using the ExitProcess function, because this function sends notification of approaching termination to all DLLs attached to the process. Other means of shutting down a process do not notify the attached DLLs. Note that when a thread calls ExitProcess, other threads of the process are terminated without an opportunity to execute any additional code (including the thread termination code of attached DLLs). For more information, see Terminating a Process . CreateProcessWithLogonW accesses the specified directory and executable image in the security context of the target user. If the executable image is on a network and a network drive letter is specified in the path, the network drive letter is not available to the target user, as network drive letters can be assigned for each logon. If a network drive letter is specified, this function fails. If the executable image is on a network, use the UNC path. There is a limit to the number of child processes that can be created by this function and run simultaneously. For example, on Windows XP, this limit is MAXIMUM_WAIT_OBJECTS*4. On Windows 2000, this limit is MAXIMUM_WAIT_OBJECTS. However, you may not be able to create this many processes due to system-wide quota limits. Windows XP with SP2 and Windows Server 2003: You cannot call CreateProcessWithLogonW from a process that is running under the LocalSystem account, because the function uses the logon SID in the caller token, and the token for the LocalSystem account does not contain this SID. As an alternative, use the CreateProcessAsUser and LogonUser functions. To compile an application that uses this function, define _WIN32_WINNT as 0x0500 or later. For more information, see Using the Windows Headers . Security Remarks The lpApplicationName parameter can be NULL, and the executable name must be the first white space–delimited string in lpCommandLine. If the executable or path name has a space in it, there is a risk that a different executable could be run because of the way the function parses spaces. Avoid the following example, because the function attempts to run "Program.exe", if it exists, instead of "MyApp.exe". LPTSTR szCmdline[]=_tcsdup(TEXT("C:\\\\Program Files\\\\MyApp")); CreateProcessWithLogonW(..., szCmdline, ...) If a malicious user creates an application called "Program.exe" on a system, any program that incorrectly calls CreateProcessWithLogonW using the Program Files directory runs the malicious user application instead of the intended application. To avoid this issue, do not pass NULL for lpApplicationName. If you pass NULL for lpApplicationName, use quotation marks around the executable path in lpCommandLine, as shown in the following example: LPTSTR szCmdline[]=_tcsdup(TEXT("\\"C:\\\\Program Files\\\\MyApp\\"")); CreateProcessWithLogonW(..., szCmdline, ...) Examples The following example demonstrates how to call this function. #define UNICODE #define _WIN32_WINNT 0x0500 #include #include #include void DisplayError(LPWSTR pszAPI) { LPVOID lpvMessageBuffer; FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPWSTR)&lpvMessageBuffer, 0, NULL); // //... now display this string // wprintf(L"ERROR: API = %s.\\n", pszAPI); wprintf(L" error code = %d.\\n", GetLastError()); wprintf(L" message = %s.\\n", (LPWSTR)lpvMessageBuffer); // // Free the buffer allocated by the system // LocalFree(lpvMessageBuffer); ExitProcess(GetLastError()); } void wmain(int argc, WCHAR *argv[]) { DWORD dwSize; HANDLE hToken; LPVOID lpvEnv; PROCESS_INFORMATION pi = {0}; STARTUPINFO si = {0}; WCHAR szUserProfile[256] = L""; si.cb = sizeof(STARTUPINFO); if (argc != 4) { wprintf(L"Usage: %s [user@domain] [password] [cmd]", argv[0]); wprintf(L"\\n\\n"); return; } // // TO DO: change NULL to '.' to use local account database // if (!LogonUser(argv[1], NULL, argv[2], LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken)) DisplayError(L"LogonUser"); if (!CreateEnvironmentBlock(&lpvEnv, hToken, TRUE)) DisplayError(L"CreateEnvironmentBlock"); dwSize = sizeof(szUserProfile)/sizeof(WCHAR); if (!GetUserProfileDirectory(hToken, szUserProfile, &dwSize)) DisplayError(L"GetUserProfileDirectory"); // // TO DO: change NULL to '.' to use local account database // if (!CreateProcessWithLogonW(argv[1], NULL, argv[2], LOGON_WITH_PROFILE, NULL, argv[3], CREATE_UNICODE_ENVIRONMENT, lpvEnv, szUserProfile, &si, &pi)) DisplayError(L"CreateProcessWithLogonW"); if (!DestroyEnvironmentBlock(lpvEnv)) DisplayError(L"DestroyEnvironmentBlock"); CloseHandle(hToken); CloseHandle(pi.hProcess); CloseHandle(pi.hThread); } Requirements Minimum supported clientWindows 2000 Professional Minimum supported serverWindows 2000 Server HeaderWinbase.h (include Windows.h) LibraryAdvapi32.lib DLLAdvapi32.dll See Also CloseHandle CreateEnvironmentBlock CreateProcessAsUser ExitProcess GetEnvironmentStrings GetExitCodeProcess OpenProcess Process and Thread Functions PROCESS_INFORMATION Processes SetErrorMode STARTUPINFO WaitForInputIdle Send comments about this topic to Microsoft Build date: 8/27/2009 ==原始网址==http://msdn.microsoft.com/en-us/library/ms682431(VS.85).aspx\n |
| 随便看 |
|
windows api函数参考手册包含2258条windows api函数文档,详细介绍nodejs、java、rust调用windows api的方法技巧,是学习windows api编程的入门中文文档。