| 术语 | createprocesswithtokenw |
| 释义 | CreateProcessWithTokenW 语法: C++ BOOL WINAPI CreateProcessWithTokenW( __in HANDLE hToken, __in DWORD dwLogonFlags, __in_opt LPCWSTR lpApplicationName, __inout_opt LPWSTR lpCommandLine, __in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCWSTR lpCurrentDirectory, __in LPSTARTUPINFOW lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInfo ); CreateProcessWithTokenW功能 创建一个新的进程和主线程。这种新工艺运行在指定的安全上下文令牌。它可以选择加载指定用户的用户配置文件。 该进程调用CreateProcessWithTokenW必须有SE_IMPERSONATE_NAME特权。如果该函数失败,ERROR_PRIVILEGE_NOT_HELD(1314),使用的CreateProcessAsUser或CreateProcessWithLogonW函数来代替。通常,这个过程,调用CreateProcessAsUser必须有SE_INCREASE_QUOTA_NAME特权,可以要求SE_ASSIGNPRIMARYTOKEN_NAME特权的令牌是不可转让。 CreateProcessWithLogonW并不需要特别的特权,但指定的用户帐户必须被允许以交互方式登录。一般来说,最好使用CreateProcessWithLogonW,以创建一个备用凭据的过程。 参数 hToken [in] 一个句柄,主令牌代表一个用户。句柄必须有TOKEN_QUERY,TOKEN_DUPLICATE和TOKEN_ASSIGN_PRIMARY访问权限。有关更多信息,请访问权限的访问令牌对象。由令牌必须具有读取和执行权限由lpApplicationName或lpCommandLine参数中指定的应用程序为代表的用户。 要获取主令牌,表示指定的用户,调用LogonUser函数。或者,您可以调用DuplicateTokenEx函数转换成主令牌模拟令牌。这使得服务器应用程序,模拟客户端创建一个进程,具有客户端的安全上下文。 终端服务:进程运行在指定的令牌会议。默认情况下,这是同一个会议上要求LogonUser的。要更改会议,使用SetTokenInformation功能。 dwLogonFlags [in] 在登录选项。此参数可以是零或下列值之一。 ValueMeaning LOGON_WITH_PROFILE 0x00000001Log上,然后加载用户在HKEY_USERS注册表项文件。在功能配置后,已加载的回报。加载配置文件可耗费时间,因此最好使用此值仅当您要访问在HKEY_CURRENT_USER注册表项信息。 Windows Server 2003中:配置文件是在新的进程卸载已终止,无论是否造成子进程。 LOGON_NETCREDENTIALS_ONLY 0x00000002Log的,但在网络上使用唯一指定的凭据。这种新工艺使用了同样的来电,但系统内创建一个新的LSA登录会话和进程使用默认凭据作为指定的凭据。 此值可用于创建一个进程,它使用一个不同的凭据集比它本地远程。这是非常有用的域间方案在没有信任关系。 该系统不验证指定的凭据。因此,该进程可以启动,但它可能无法访问网络资源。 lpApplicationName [中,可选] 该模块的名称被执行。这个模块可以是一个基于Windows的应用程序。它可以有一些模块(例如,MS - DOS或OS / 2)如果适当的子系统是在本地计算机上提供的其他类型。 该字符串可以指定完整路径和文件模块的名称来执行,也可以指定部分名称。在部分名称的情况下,函数使用当前驱动器和当前目录,即完成规范。该函数将不使用搜索路径。此参数必须包括文件扩展名;没有默认的扩展名则假定。 在lpApplicationName参数可以为NULL。在这种情况下,该模块的名称必须是第一个空格分隔在lpCommandLine字符串标记。如果您使用长文件名包含空格,请使用引号的字符串,以指示该文件名称结尾,争论开始,否则,文件名是模糊的。例如,考虑字符串的“C:\\程序文件\\副署长\\程序名”。该字符串可以被解释在许多方面。该系统试图解释下列顺序的可能性: ?:\\ Program.exe的文件\\副署长\\程序名 ?:\\程序文件\\ sub.exe迪尔\\程序名 ?:\\程序文件\\副署长\\ Program.exe的名称 ?:\\程序文件\\副署长\\程序name.exe 如果可执行模块是一个16位应用程序,lpApplicationName应该是NULL,和字符串指向lpCommandLine应指定可执行模块,以及它的参数。 lpCommandLine [中,指出,可选] 命令行执行。这个字符串的最大长度为1024个字符。如果lpApplicationName为NULL,则是lpCommandLine模块的名称部分仅限于MAX_PATH字符。 该函数可以修改这个字符串的内容。因此,这个参数不能指向只读存储器(如一个const变量或字符串)。如果该参数是一个字符串常量,该函数可能会导致访问冲突。 在lpCommandLine参数可以为NULL。在这种情况下,该函数使用字符串指出,作为命令行lpApplicationName。 如果同时lpApplicationName和lpCommandLine都是非空,* lpApplicationName指定模块执行和* lpCommandLine指定的命令行。新进程可以使用GetCommandLine检索整个命令行。控制台C编写的程序可以使用argc和argv参数解析命令行。由于argv [0]是模块名,C程序员通常重复模块名作为第一个在命令行标记。 如果lpApplicationName为NULL,则第一空格分隔的命令行标记指定的模块名称。如果您使用长文件名包含空格,请使用引号的字符串,以指示该文件名称结尾,争论开始(请参阅该lpApplicationName参数说明)。如果文件名不包含扩展名,。exe是附加。因此,如果文件扩展名。com,此参数必须包括。com扩展名。如果文件名中一期结束(。)不带扩展名,或者如果文件名包含路径。exe是不附加。如果文件名不包含目录的路径,在下面的顺序可执行文件的系统搜索: 该目录由该应用程序加载。 对于父进程的当前目录。 32位Windows系统目录。使用GetSystemDirectory函数获得这个目录的路径。 16位Windows系统目录。没有函数获得这个目录的路径,但它是搜索。 Windows目录。使用GetWindowsDirectory函数获得这个目录的路径。 即是在PATH环境变量中列出的目录。请注意,此功能不会搜索的每应用程序路径的应用程序路径注册表项中指定。如果要在搜索序列这个每个应用程序的路径,请使用ShellExecute函数。 该系统增加了一个空字符的命令行字符串分开参数的文件名。这分为两个内部处理字符串的原始字符串。 dwCreationFlags [in] 在控制这一进程是如何创建的标志。该CREATE_DEFAULT_ERROR_MODE,CREATE_NEW_CONSOLE和CREATE_NEW_PROCESS_GROUP标志默认启用。您可以指定所提到的其他标志。 ValueMeaning CREATE_DEFAULT_ERROR_MODE 0x04000000The新进程不继承调用进程的错误模式。相反,新工艺获取当前的默认错误模式。应用程序通过调用SetErrorMode设置当前默认的错误模式。 这个标志是默认启用。 CREATE_NEW_CONSOLE 0x00000010The新的进程有一个新的控制台,而不是继承父的控制台。这个标志不能用于与DETACHED_PROCESS标志。 这个标志是默认启用。 CREATE_NEW_PROCESS_GROUP 0x00000200The新工艺是一个新的进程组的根进程。该进程组包括所有进程的本根过程的后裔。新进程组进程标识符是一样的进程标识符,这在lpProcessInfo参数中返回相同。工艺组使用的GenerateConsoleCtrlEvent功能,使发送按Ctrl + C或按Ctrl + Break信号的控制台程序组。 这个标志是默认启用。 CREATE_SEPARATE_WOW_VDM 0x00000800This标志是唯一有效的启动一个16位基于Windows的应用程序。假如成立,新的进程运行在一个私人虚拟DOS机器(VDM)。默认情况下,所有16位Windows的应用程序运行在一个共享的VDM。正在运行的优势分别是崩溃只有单一的VDM终止,任何其他程序在不同的VDM运行继续正常运行。此外,16位基于Windows的应用程序运行在单独的VDM有独立的输入队列。这意味着,如果一个应用程序暂时停止响应,在单独的VDM应用程序继续接收输入。 CREATE_SUSPENDED 0x00000004The新进程的主线程中创建挂起状态,并不直到ResumeThread函数被调用运行。 CREATE_UNICODE_ENVIRONMENT 0x00000400Indicates的lpEnvironment参数格式。如果设置此标志,环境块指向lpEnvironment使用Unicode字符。否则,环境块使用ANSI字符。 EXTENDED_STARTUPINFO_PRESENT 0x00080000The进程创建与扩展的启动资料; lpStartupInfo参数指定一个STARTUPINFOEX结构。 Windows Server 2003中:此值不支持。 此参数也控制了新的进程的优先级,这是用来确定该进程的线程调度优先级。对于一个值列表,请参见GetPriorityClass。如果优先级标志都没有指定,默认为优先级NORMAL_PRIORITY_CLASS,除非创建进程的优先级是IDLE_PRIORITY_CLASS或BELOW_NORMAL_PRIORITY_CLASS。在这种情况下,子进程收到调用进程的默认优先级。 lpEnvironment [中,可选] 对一个新的进程环境块指针。如果该参数为NULL,则新工艺采用从受lpUsername指定的用户配置文件中创建一个环境。 一个环境块包含一个空终止块空终止字符串。每个字符串的形式如下: 名称=值 由于等号(=)作为分隔符,绝不能在一个环境变量的名称。 一个环境块可以包含Unicode或ANSI字符。如果环境块指向lpEnvironment包含Unicode字符,请务必dwCreationFlags包括CREATE_UNICODE_ENVIRONMENT。如果此参数为NULL和父进程环境块包含Unicode字符,您还必须确保dwCreationFlags包括CREATE_UNICODE_ENVIRONMENT。 一个ANSI环境块是由两个零字节:在过去的字符串之一终止,终止多块。一个Unicode环境块终止四个零字节:在过去的两个及两个以上的字符串终止块。 要检索特定用户的环境块拷贝,使用CreateEnvironmentBlock函数。 lpCurrentDirectory [中,可选] 完整路径的进程的当前目录。该字符串也可以指定一个UNC路径。 如果该参数为NULL,则新的进程将具有相同的电流驱动器和调用进程的目录。 (此功能是提供了炮弹,主要需要启动一个应用程序,并指定其最初的驱动器和工作目录。) lpStartupInfo [in] 一个 STARTUPINFO结构的指针。 如果lpDesktop成员是NULL或空字符串,新的进程继承的桌面和窗口的父进程站。该函数增加了对指定的用户帐户的继承窗口站和桌面许可。否则,如果该成员指定了一个桌面,这是应用程序的责任,以添加指定的用户帐户到指定的窗口站和桌面的权限甚至WinSta0 \\默认。 lpProcessInfo [out] 阿PROCESS_INFORMATION结构的接收新进程的识别信息,包括该进程的句柄的指针。 在PROCESS_INFORMATION把手,必须关闭与当他们不再需要CloseHandle函数。 返回值 如果函数成功,返回值为非零。 如果函数失败,返回值是零。为了获得更多错误信息,调用GetLastError。 请注意,该函数返回之前,该进程已完成初始化。如果所需的DLL无法找到或未能初始化的进程将终止。要获得一个进程的终止状态,调用GetExitCodeProcess。 备注 默认情况下,CreateProcessWithTokenW不加载到HKEY_USERS注册表项中指定用户的配置文件。这意味着,进入在HKEY_CURRENT_USER注册表项的信息可能不会产生结果与正常的交互式登录是一致的。这是您的责任,加载到HKEY_USERS或使用LOGON_WITH_PROFILE,或调用在调用此函数LoadUserProfile功能用户的注册表配置单元。 如果lpEnvironment参数为NULL,新工艺使用的环境块从受lpUserName指定的用户配置文件创建。如果HOMEDRIVE和HOMEPATH变量没有设定,CreateProcessWithTokenW修改环境块使用的驱动器和用户的工作目录路径。 当创建新的进程和线程的处理得到充分的访问权限(PROCESS_ALL_ACCESS和THREAD_ALL_ACCESS)。对于任何处理,如果安全描述符没有提供的处理可用于任何职能需要处理的对象的类型。当提供安全描述符,访问检查,是对前处理授予访问权限执行的所有后续用途。如果访问被拒绝,请求进程不能使用句柄来访问该进程或线程。 要检索一个安全令牌,传递的过程中PROCESS_INFORMATION结构句柄OpenProcessToken功能。 这个过程被分配一个进程标识符。标识符有效,直到该进程终止。它可以用来识别过程中,或在OpenProcess函数中指定打开的句柄的进程。在这个过程中的初始线程也是分配一个线程标识符。它可以指定在OpenThread函数打开的句柄线程。标识符有效期至线程终止,可用于唯一标识系统内的线程。这些标识符在PROCESS_INFORMATION返回。 调用线程可以使用WaitForInputIdle函数等待,直到新的进程已经完成了它的初始化并等待没有输入用户输入悬而未决。这可能是有益的父母和孩子之间的进程同步,因为没有新的进程等待完成它的初始化CreateProcessWithTokenW回报。例如,在创建过程中会使用WaitForInputIdle在试图寻找新的进程有关的一个窗口。 的首选方法关闭一个进程是通过使用ExitProcess函数,因为这个函数发送接近终止连接到该进程的所有DLL的通知。在关闭过程不通知所附的DLL的其他手段。请注意,当一个线程调用PRB:ExitProcess期间,该进程的其他线程都没有机会执行任何额外的代码终止(包括附加DLL的线程终止代码)。有关更多信息,请参阅终止一个进程。 要编译的应用程序使用此功能,定义_WIN32_WINNT为0x0500或更高版本。有关详细信息,请参阅使用Windows头。 安全备注 在lpApplicationName参数可以是NULL,在这种情况下可执行文件的名称必须是第一个空白,在lpCommandLine分隔的字符串。如果可执行文件或路径名中有一个空间,有一个风险,就是一个不同的可执行文件可以运行,因为这样的函数解析空间。下面的示例是危险的,因为该函数将试图运行“Program.exe的”,如果它存在,而不是“MyApp.exe将”。 LPTSTR szCmdline =募的“C:\\ \\ Program Files文件\\ \\ MyApp的”; CreateProcessWithTokenW (/*...*/, szCmdline,/*...*/); 如果恶意用户创建“Program.exe的”在一个系统的应用程序调用,任何程序错误地调用CreateProcessWithTokenW使用Program Files目录将运行此应用程序而不是预定的应用领域。 若要避免此问题,不要为lpApplicationName通过空。如果您为lpApplicationName通过空,周围lpCommandLine可执行文件路径用引号,如在下面的例子。 LPTSTR szCmdline =升“\\的”C:\\ \\ Program Files文件\\ \\ MyApp的\\“”; CreateProcessWithTokenW (/*...*/, szCmdline,/*...*/); 要求: client最低支持Vista 最低支持serverWindows服务器2003 HeaderWinbase.h(头文件:winuser.h) LibraryAdvapi32.lib DLLAdvapi32.dll 参见 CloseHandle CreateEnvironmentBlock PRB:ExitProcess期间 GetEnvironmentStrings GetExitCodeProcess OpenProcess 进程和线程函数 PROCESS_INFORMATION 过程 SetErrorMode STARTUPINFO WaitForInputIdle 如果有任何问题和意见,请发送给微软(wsddocfb@microsoft.com) 生成日期:2009年8月27日 ==英文原文==CreateProcessWithTokenW Function Creates a new process and its primary thread. The new process runs in the security context of the specified token. It can optionally load the user profile for the specified user. The process that calls CreateProcessWithTokenW must have the SE_IMPERSONATE_NAME privilege. If this function fails with ERROR_PRIVILEGE_NOT_HELD (1314), use the CreateProcessAsUser or CreateProcessWithLogonW function instead. Typically, the process that calls CreateProcessAsUser must have the SE_INCREASE_QUOTA_NAME privilege and may require the SE_ASSIGNPRIMARYTOKEN_NAME privilege if the token is not assignable. CreateProcessWithLogonW requires no special privileges, but the specified user account must be allowed to log on interactively. Generally, it is best to use CreateProcessWithLogonW to create a process with alternate credentials. Syntax C++ BOOL WINAPI CreateProcessWithTokenW( __in HANDLE hToken, __in DWORD dwLogonFlags, __in_opt LPCWSTR lpApplicationName, __inout_opt LPWSTR lpCommandLine, __in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCWSTR lpCurrentDirectory, __in LPSTARTUPINFOW lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInfo ); Parameters hToken [in] A handle to the primary token that represents a user. The handle must have the TOKEN_QUERY, TOKEN_DUPLICATE, and TOKEN_ASSIGN_PRIMARY access rights. For more information, see Access Rights for Access-Token Objects . The user represented by the token must have read and execute access to the application specified by the lpApplicationName or the lpCommandLine parameter. To get a primary token that represents the specified user, call the LogonUser function. Alternatively, you can call the DuplicateTokenEx function to convert an impersonation token into a primary token. This allows a server application that is impersonating a client to create a process that has the security context of the client. Terminal Services: The process is run in the session specified in the token. By default, this is the same session that called LogonUser. To change the session, use the SetTokenInformation function. dwLogonFlags [in] The logon option. This parameter can be zero or one of the following values. ValueMeaning LOGON_WITH_PROFILE 0x00000001Log on, then load the user's profile in the HKEY_USERS registry key. The function returns after the profile has been loaded. Loading the profile can be time-consuming, so it is best to use this value only if you must access the information in the HKEY_CURRENT_USER registry key. Windows Server 2003: The profile is unloaded after the new process has been terminated, regardless of whether it has created child processes. LOGON_NETCREDENTIALS_ONLY 0x00000002Log on, but use the specified credentials on the network only. The new process uses the same token as the caller, but the system creates a new logon session within LSA, and the process uses the specified credentials as the default credentials. This value can be used to create a process that uses a different set of credentials locally than it does remotely. This is useful in inter-domain scenarios where there is no trust relationship. The system does not validate the specified credentials. Therefore, the process can start, but it may not have access to network resources. lpApplicationName [in, optional] The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer. The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a partial name, the function uses the current drive and current directory to complete the specification. The function will not use the search path. This parameter must include the file name extension; no default extension is assumed. The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string "c:\\program files\\sub dir\\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities in the following order: c:\\program.exe files\\sub dir\\program name c:\\program files\\sub.exe dir\\program name c:\\program files\\sub dir\\program.exe name c:\\program files\\sub dir\\program name.exe If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by lpCommandLine should specify the executable module as well as its arguments. lpCommandLine [in, out, optional] The command line to be executed. The maximum length of this string is 1024 characters. If lpApplicationName is NULL, the module name portion of lpCommandLine is limited to MAX_PATH characters. The function can modify the contents of this string. Therefore, this parameter cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a constant string, the function may cause an access violation. The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the command line. If both lpApplicationName and lpCommandLine are non-NULL, *lpApplicationName specifies the module to execute, and *lpCommandLine specifies the command line. The new process can use GetCommandLine to retrieve the entire command line. Console processes written in C can use the argc and argv arguments to parse the command line. Because argv[0] is the module name, C programmers generally repeat the module name as the first token in the command line. If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended. Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory path, the system searches for the executable file in the following sequence: The directory from which the application loaded. The current directory for the parent process. The 32-bit Windows system directory. Use the GetSystemDirectory function to get the path of this directory. The 16-bit Windows system directory. There is no function that obtains the path of this directory, but it is searched. The Windows directory. Use the GetWindowsDirectory function to get the path of this directory. The directories that are listed in the PATH environment variable. Note that this function does not search the per-application path specified by the App Paths registry key. To include this per-application path in the search sequence, use the ShellExecute function. The system adds a null character to the command line string to separate the file name from the arguments. This divides the original string into two strings for internal processing. dwCreationFlags [in] The flags that control how the process is created. The CREATE_DEFAULT_ERROR_MODE, CREATE_NEW_CONSOLE, and CREATE_NEW_PROCESS_GROUP flags are enabled by default. You can specify additional flags as noted. ValueMeaning CREATE_DEFAULT_ERROR_MODE 0x04000000The new process does not inherit the error mode of the calling process. Instead, the new process gets the current default error mode. An application sets the current default error mode by calling SetErrorMode . This flag is enabled by default. CREATE_NEW_CONSOLE 0x00000010The new process has a new console, instead of inheriting the parent's console. This flag cannot be used with the DETACHED_PROCESS flag. This flag is enabled by default. CREATE_NEW_PROCESS_GROUP 0x00000200The new process is the root process of a new process group. The process group includes all processes that are descendants of this root process. The process identifier of the new process group is the same as the process identifier, which is returned in the lpProcessInfo parameter. Process groups are used by the GenerateConsoleCtrlEvent function to enable sending a CTRL+C or CTRL+BREAK signal to a group of console processes. This flag is enabled by default. CREATE_SEPARATE_WOW_VDM 0x00000800This flag is only valid starting a 16-bit Windows-based application. If set, the new process runs in a private Virtual DOS Machine (VDM). By default, all 16-bit Windows-based applications run in a single, shared VDM. The advantage of running separately is that a crash only terminates the single VDM; any other programs running in distinct VDMs continue to function normally. Also, 16-bit Windows-based applications that run in separate VDMs have separate input queues. That means that if one application stops responding momentarily, applications in separate VDMs continue to receive input. CREATE_SUSPENDED 0x00000004The primary thread of the new process is created in a suspended state, and does not run until the ResumeThread function is called. CREATE_UNICODE_ENVIRONMENT 0x00000400Indicates the format of the lpEnvironment parameter. If this flag is set, the environment block pointed to by lpEnvironment uses Unicode characters. Otherwise, the environment block uses ANSI characters. EXTENDED_STARTUPINFO_PRESENT 0x00080000The process is created with extended startup information; the lpStartupInfo parameter specifies a STARTUPINFOEX structure. Windows Server 2003: This value is not supported. This parameter also controls the new process's priority class, which is used to determine the scheduling priorities of the process's threads. For a list of values, see GetPriorityClass . If none of the priority class flags is specified, the priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority class of the calling process. lpEnvironment [in, optional] A pointer to an environment block for the new process. If this parameter is NULL, the new process uses an environment created from the profile of the user specified by lpUsername. An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form: name=value Because the equal sign (=) is used as a separator, it must not be used in the name of an environment variable. An environment block can contain Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. An ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A Unicode environment block is terminated by four zero bytes: two for the last string and two more to terminate the block. To retrieve a copy of the environment block for a specific user, use the CreateEnvironmentBlock function. lpCurrentDirectory [in, optional] The full path to the current directory for the process. The string can also specify a UNC path. If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This feature is provided primarily for shells that need to start an application and specify its initial drive and working directory.) lpStartupInfo [in] A pointer to a STARTUPINFO structure. If the lpDesktop member is NULL or an empty string, the new process inherits the desktop and window station of its parent process. The function adds permission for the specified user account to the inherited window station and desktop. Otherwise, if this member specifies a desktop, it is the responsibility of the application to add permission for the specified user account to the specified window station and desktop, even for WinSta0\\Default. lpProcessInfo [out] A pointer to a PROCESS_INFORMATION structure that receives identification information for the new process, including a handle to the process. Handles in PROCESS_INFORMATION must be closed with the CloseHandle function when they are no longer needed. Return Value If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. To get extended error information, call GetLastError . Note that the function returns before the process has finished initialization. If a required DLL cannot be located or fails to initialize, the process is terminated. To get the termination status of a process, call GetExitCodeProcess . Remarks By default, CreateProcessWithTokenW does not load the specified user's profile into the HKEY_USERS registry key. This means that access to information in the HKEY_CURRENT_USER registry key may not produce results consistent with a normal interactive logon. It is your responsibility to load the user's registry hive into HKEY_USERS by either using LOGON_WITH_PROFILE, or by calling the LoadUserProfile function before calling this function. If the lpEnvironment parameter is NULL, the new process uses an environment block created from the profile of the user specified by lpUserName. If the HOMEDRIVE and HOMEPATH variables are not set, CreateProcessWithTokenW modifies the environment block to use the drive and path of the user's working directory. When created, the new process and thread handles receive full access rights (PROCESS_ALL_ACCESS and THREAD_ALL_ACCESS). For either handle, if a security descriptor is not provided, the handle can be used in any function that requires an object handle of that type. When a security descriptor is provided, an access check is performed on all subsequent uses of the handle before access is granted. If access is denied, the requesting process cannot use the handle to gain access to the process or thread. To retrieve a security token, pass the process handle in the PROCESS_INFORMATION structure to the OpenProcessToken function. The process is assigned a process identifier. The identifier is valid until the process terminates. It can be used to identify the process, or specified in the OpenProcess function to open a handle to the process. The initial thread in the process is also assigned a thread identifier. It can be specified in the OpenThread function to open a handle to the thread. The identifier is valid until the thread terminates and can be used to uniquely identify the thread within the system. These identifiers are returned in PROCESS_INFORMATION. The calling thread can use the WaitForInputIdle function to wait until the new process has finished its initialization and is waiting for user input with no input pending. This can be useful for synchronization between parent and child processes, because CreateProcessWithTokenW returns without waiting for the new process to finish its initialization. For example, the creating process would use WaitForInputIdle before trying to find a window associated with the new process. The preferred way to shut down a process is by using the ExitProcess function, because this function sends notification of approaching termination to all DLLs attached to the process. Other means of shutting down a process do not notify the attached DLLs. Note that when a thread calls ExitProcess, other threads of the process are terminated without an opportunity to execute any additional code (including the thread termination code of attached DLLs). For more information, see Terminating a Process . To compile an application that uses this function, define _WIN32_WINNT as 0x0500 or later. For more information, see Using the Windows Headers . Security Remarks The lpApplicationName parameter can be NULL, in which case the executable name must be the first white space–delimited string in lpCommandLine. If the executable or path name has a space in it, there is a risk that a different executable could be run because of the way the function parses spaces. The following example is dangerous because the function will attempt to run "Program.exe", if it exists, instead of "MyApp.exe". LPTSTR szCmdline = L"C:\\\\Program Files\\\\MyApp"; CreateProcessWithTokenW(/*...*/, szCmdline, /*...*/); If a malicious user were to create an application called "Program.exe" on a system, any program that incorrectly calls CreateProcessWithTokenW using the Program Files directory will run this application instead of the intended application. To avoid this problem, do not pass NULL for lpApplicationName. If you do pass NULL for lpApplicationName, use quotation marks around the executable path in lpCommandLine, as shown in the example below. LPTSTR szCmdline = L"\\"C:\\\\Program Files\\\\MyApp\\""; CreateProcessWithTokenW(/*...*/, szCmdline, /*...*/); Requirements Minimum supported clientWindows Vista Minimum supported serverWindows Server 2003 HeaderWinbase.h (include Windows.h) LibraryAdvapi32.lib DLLAdvapi32.dll See Also CloseHandle CreateEnvironmentBlock ExitProcess GetEnvironmentStrings GetExitCodeProcess OpenProcess Process and Thread Functions PROCESS_INFORMATION Processes SetErrorMode STARTUPINFO WaitForInputIdle Send comments about this topic to Microsoft Build date: 8/27/2009 ==原始网址==http://msdn.microsoft.com/en-us/library/ms682434(VS.85).aspx\n |
| 随便看 |
|
windows api函数参考手册包含2258条windows api函数文档,详细介绍nodejs、java、rust调用windows api的方法技巧,是学习windows api编程的入门中文文档。