這裏主要是參考msdn上一篇文章,地址是https://msdn.microsoft.com/en-us/gg465093
我自己的代碼如下
bool CATLdemoModule::LaunchSession1Process( LPTSTR lpCommand )
{
BOOL bSuccess = FALSE;
STARTUPINFO si = {0};
PROCESS_INFORMATION pi = {0};
si.cb = sizeof(si);
DWORD dwSessionID = WTSGetActiveConsoleSessionId();
HANDLE hToken = NULL;
if (WTSQueryUserToken(dwSessionID, &hToken) == FALSE)
{
LogEvent(L"讀取當前登錄用戶的令牌信息失敗");
}
HANDLE hDuplicatedToken = NULL;
if (DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hDuplicatedToken) == FALSE)
{
LogEvent(L"複製當前登錄用戶的令牌信息失敗");
}
LPVOID lpEnvironment = NULL;
if (CreateEnvironmentBlock(&lpEnvironment, hDuplicatedToken, FALSE) == FALSE)
{
LogEvent(L"創造環境失敗");
}
WCHAR lpszClientPath[MAX_PATH];
if (GetModuleFileName(NULL, lpszClientPath, MAX_PATH) == 0)
{
LogEvent(L"獲取當前進程已加載模塊的文件的完整路徑失敗");
}
PathRemoveFileSpec(lpszClientPath);//刪除最後文件名
wcscat_s(lpszClientPath, sizeof(lpszClientPath)/sizeof(WCHAR), L"\\NCexplorer.exe");
if (CreateProcessAsUser(hDuplicatedToken, lpszClientPath, NULL, NULL, NULL, FALSE,
NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE | CREATE_UNICODE_ENVIRONMENT,
lpEnvironment, NULL, &si, &pi) == FALSE)
{
LogEvent(L"創建新進程失敗");
}
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
bSuccess = TRUE;
return bSuccess;
}
我這裏的形參是沒用的,因爲我在函數代碼裏把要打開的文件給固定了,沒有用到lpcommand,不過現在這種方法只能打開和你這個服務的文件在同一文件夾下的exe文件,要打開任意文件還是要研究一下再更新上來