16,551
社区成员
发帖
与我相关
我的任务
分享CreateProcessAsUser 与 CreateProcess 之间的 区别 谢谢
msdn上的描述:
The CreateProcessAsUser function creates a new process and its primary thread. The new process then runs the specified executable file. The CreateProcessAsUser function is similar to the CreateProcess function, except that the new process runs in the security context of the user represented by the hToken parameter. By default, the new process is noninteractive, that is, it runs on a desktop that is not visible and cannot receive user input. Also, by default, the new process inherits the environment of the calling process, rather than the environment associated with the specified user.
我翻译:CreateProcessAsUser 创建一个进程以及该进程的主线程。该新进程执行一个指定的可执行文件。CreateProcessAsUser与CreateProcess类似。
不同之处:CreateProcessAsUser启动的进程运行在安全的user上下文中。默认情况下,该新进程是不交互的,因为它运行在一个不可见也不接受用户输入的桌面上
,还有该新进程继承调用该进程的进程的环境,而不是和指定用户相联系的环境。
几个问题我不明白:
1,什么是安全的上下文?
2,什么是环境?
3,看什么样的书才能理解这些概念。
实际中遇到的问题描:SKype在一个本地登录帐户里只能运行一个实例,我需要运行多个实例,那么就需要以其他帐户的身份运行skype
我调用的是CreateProcessAsUser()这个函数 可一直没有成功
谢谢
The CreateProcessAsUser function creates a new process and its primary thread. The new process then runs the specified executable file. The CreateProcessAsUser function is similar to the CreateProcess function, except that the new process runs in the security context of the user represented by the hToken parameter. By default, the new process is noninteractive, that is, it runs on a desktop that is not visible and cannot receive user input. Also, by default, the new process inherits the environment of the calling process, rather than the environment associated with the specified user.
我翻译:CreateProcessAsUser 创建一个进程以及该进程的主线程。该新进程执行一个指定的可执行文件。CreateProcessAsUser与CreateProcess类似。
不同之处:CreateProcessAsUser启动的进程运行在安全的user上下文中。默认情况下,该新进程是不交互的,因为它运行在一个不可见也不接受用户输入的桌面上
,还有该新进程继承调用该进程的进程的环境,而不是和指定用户相联系的环境。
几个问题我不明白:
1,什么是安全的上下文?
2,什么是环境?
3,看什么样的书才能理解这些概念。
实际中遇到的问题描:SKype在一个本地登录帐户里只能运行一个实例,我需要运行多个实例,那么就需要以其他帐户的身份运行skype
我调用的是CreateProcessAsUser()这个函数 可一直没有成功
谢谢
...全文
请发表友善的回复…
发表回复
jiangkeredgirl 2008-01-17
- 打赏
- 举报
又回来了,我必须把这个问题解决了
CreateProcessAsUser
错误 客户端没有需要的权限
CreateProcessAsUser
错误 客户端没有需要的权限
大熊猫侯佩 2008-01-10
- 打赏
- 举报
//看什么样的书才能理解这些概念。
直接看msdn的相应内容或者包含此调用的源代码。
直接看msdn的相应内容或者包含此调用的源代码。
pomelowu 2008-01-10
- 打赏
- 举报
簡單的說,所謂的security context集中體現在用戶權限方面的限制。
msdn上的確是說了,it runs on a desktop that is not visible and cannot receive user input. 但是樓主你漏掉了下面的Remarks部分。
By default, CreateProcessAsUser creates the new process on a noninteractive window station with a desktop that is not visible and cannot receive user input. To enable user interaction with the new process, you must specify the name of the default interactive window station and desktop, "winsta0\default", in the lpDesktop member of the STARTUPINFO structure. In addition, before calling CreateProcessAsUser, you must change the discretionary access control list (DACL) of both the default interactive window station and the default desktop. The DACLs for the window station and desktop must grant access to the user or the logon session represented by the hToken parameter.
此外,還有需要注意的地方是:
CreateProcessAsUser does not load the specified user's profile into the HKEY_USERS registry key. Therefore, to access the information in the HKEY_CURRENT_USER registry key, you must load the user's profile information into HKEY_USERS with the LoadUserProfile function before calling CreateProcessAsUser. Be sure to call UnloadUserProfile after the new process exits
msdn上的確是說了,it runs on a desktop that is not visible and cannot receive user input. 但是樓主你漏掉了下面的Remarks部分。
By default, CreateProcessAsUser creates the new process on a noninteractive window station with a desktop that is not visible and cannot receive user input. To enable user interaction with the new process, you must specify the name of the default interactive window station and desktop, "winsta0\default", in the lpDesktop member of the STARTUPINFO structure. In addition, before calling CreateProcessAsUser, you must change the discretionary access control list (DACL) of both the default interactive window station and the default desktop. The DACLs for the window station and desktop must grant access to the user or the logon session represented by the hToken parameter.
此外,還有需要注意的地方是:
CreateProcessAsUser does not load the specified user's profile into the HKEY_USERS registry key. Therefore, to access the information in the HKEY_CURRENT_USER registry key, you must load the user's profile information into HKEY_USERS with the LoadUserProfile function before calling CreateProcessAsUser. Be sure to call UnloadUserProfile after the new process exits
jiangkeredgirl 2008-01-10
- 打赏
- 举报
还有个问题:msdn说“该新进程是不交互的”
那即使我用CreateProcessAsUser 创建 Skype进程成功 也没办法用了
因为它运行在一个不可见也不接受用户输入的桌面上
那即使我用CreateProcessAsUser 创建 Skype进程成功 也没办法用了
因为它运行在一个不可见也不接受用户输入的桌面上
jiangkeredgirl 2008-01-10
- 打赏
- 举报
谢谢 啊 太感动了
vecri 2008-01-10
- 打赏
- 举报
有个方法:
调用runas.exe程序。。
只需要以runas /user:anotheruser "password" whatisgoingtorun
运行一个新进程就解决了
而windows默认的runas.exe是交互式输入密码, 看雪上有人将它改为了参数式输入密码(即上面的形式)
详见看雪论坛
以下是该帖子网址:
http://www.pediy.com/bbshtml/bbs8/pediy8-45.htm
调用runas.exe程序。。
只需要以runas /user:anotheruser "password" whatisgoingtorun
运行一个新进程就解决了
而windows默认的runas.exe是交互式输入密码, 看雪上有人将它改为了参数式输入密码(即上面的形式)
详见看雪论坛
以下是该帖子网址:
http://www.pediy.com/bbshtml/bbs8/pediy8-45.htm
jiangkeredgirl 2008-01-10
- 打赏
- 举报
这个问题 1天了 还没解决 看了许多关于CreateProcessAsUser函数的调用问题,该了无数次参数,调用都失败了
failed: GetLastError returned 0
贴出关键代码,有人指点下么?
HANDLE hToken;
HANDLE hNewToken;
LogonUser( m_szAccount,".",m_szAccountpwd, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken);
//提升权限
SECURITY_ATTRIBUTES sa;
sa.nLength=sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle=TRUE;
sa.lpSecurityDescriptor=NULL;
// HANDLE hNewToken;
DuplicateTokenEx(
hToken, // handle to token to duplicate
MAXIMUM_ALLOWED, // access rights of new token
&sa, // attributes
SecurityAnonymous, //level
TokenPrimary, // primary or impersonation token
&hNewToken // handle to duplicated token
);
}
//启动skype
PROCESS_INFORMATION pi;
PSID pSid = NULL;
STARTUPINFO si;
BOOL bResult;
memset(&si, 0, sizeof(si));
si.cb = sizeof(si);
memset(&pi, 0,sizeof(pi));
bResult = CreateProcessAsUser(hNewToken,"E:\\SS\\SkpyeAPI\\Skype.exe",NULL, NULL,NULL,TRUE,
0/*CREATE_NEW_CONSOLE|NORMAL_PRIORITY_CLASS*/,
NULL,
NULL,
&si,
&pi
);
if(!bResult)
{
CHAR szBuf[80];
DWORD dw = GetLastError();
sprintf(szBuf, "failed: GetLastError returned %u\n", NULL, dw);
MessageBox(szBuf, NULL, MB_OK);
ExitProcess(dw);
}
failed: GetLastError returned 0
贴出关键代码,有人指点下么?
HANDLE hToken;
HANDLE hNewToken;
LogonUser( m_szAccount,".",m_szAccountpwd, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken);
//提升权限
SECURITY_ATTRIBUTES sa;
sa.nLength=sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle=TRUE;
sa.lpSecurityDescriptor=NULL;
// HANDLE hNewToken;
DuplicateTokenEx(
hToken, // handle to token to duplicate
MAXIMUM_ALLOWED, // access rights of new token
&sa, // attributes
SecurityAnonymous, //level
TokenPrimary, // primary or impersonation token
&hNewToken // handle to duplicated token
);
}
//启动skype
PROCESS_INFORMATION pi;
PSID pSid = NULL;
STARTUPINFO si;
BOOL bResult;
memset(&si, 0, sizeof(si));
si.cb = sizeof(si);
memset(&pi, 0,sizeof(pi));
bResult = CreateProcessAsUser(hNewToken,"E:\\SS\\SkpyeAPI\\Skype.exe",NULL, NULL,NULL,TRUE,
0/*CREATE_NEW_CONSOLE|NORMAL_PRIORITY_CLASS*/,
NULL,
NULL,
&si,
&pi
);
if(!bResult)
{
CHAR szBuf[80];
DWORD dw = GetLastError();
sprintf(szBuf, "failed: GetLastError returned %u\n", NULL, dw);
MessageBox(szBuf, NULL, MB_OK);
ExitProcess(dw);
}
jiangkeredgirl 2008-01-10
- 打赏
- 举报
2,终于知道什么是环境了,原来就是进程寻找进程中模块的路径
