首页
社区
课程
招聘
源码分享:系统服务环境运行前台工具(不是什么新的东西,大牛请飘过)
发表于: 2011-3-21 09:20 3642

源码分享:系统服务环境运行前台工具(不是什么新的东西,大牛请飘过)

2011-3-21 09:20
3642
由于系统服务环境面向的是硬件和操作系统,它默认的窗口桌面、注册表等与管理员权限还不同。如果你要运行诸如pstore等程序是得不到正常的结果。如果要运行前台程序,还需要进行进程令牌的设置,利用CreateProcessAsUser进行启动。
废话就不多说。直接给代码:
#include <windows.h>
#include <stdio.h>
#include <psapi.h>
#pragma comment(lib,"PsApi.lib")

DWORD ProcessToPID(char *InputProcessName)
{
    DWORD aProcesses[1024], cbNeeded, cProcesses;
    unsigned int i;
    HANDLE hProcess;
    HMODULE hMod;
    char szProcessName[MAX_PATH] = "UnknownProcess";
           
    if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )  return 0;
    cProcesses = cbNeeded / sizeof(DWORD);
    
    for ( i = 0; i < cProcesses; i++ ) 
    {
        
        hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
                        PROCESS_VM_READ,
                        FALSE, aProcesses[i]);
        
        if ( hProcess )
        {
            if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) )
            {
                GetModuleBaseName( hProcess, hMod, 
                                        szProcessName, sizeof(szProcessName) );
                
                if(!_stricmp(szProcessName, InputProcessName)){
                    CloseHandle( hProcess );
                    return aProcesses[i];
                }
            }
        }
    }
    CloseHandle( hProcess );
    return 0;
}

//////////////////////////////////   
BOOL   GetTokenByName(HANDLE   &hToken,LPSTR   lpName)   
{          
        if(!lpName) return   FALSE;                  
        DWORD ProcessID = ProcessToPID(lpName);
        if(ProcessID==0) return FALSE;
        HANDLE   hProcess   =   OpenProcess(PROCESS_QUERY_INFORMATION, FALSE,ProcessID);                                    
        return   OpenProcessToken(hProcess,TOKEN_ALL_ACCESS,&hToken);                                   
}

int main( int argc, char *argv[])
{
        if( argc == 2 )
        {
                HANLE hToken;
                if( !GetTokenByName(hToken,"Explorer.exe") )
                {
                        printf("GetTokenByName Failed!\n");
                        return 0;
                }

                PROCESS_INFORMATION pi;
                STARTUPINFO         si;
                ZeroMemory( &si, sizeof(STARTUPINFO) );
                siStartInfo.cb = sizeof(STARTUPINFO);

                ret = CreateProcessAsUser( hToken,
                                                                   NULL,
                                                                   argv[1],
                                                                   NULL,
                                                                   NULL,
                                                                   TRUE,
                                                                   0,
                                                                   NULL,
                                                                   NULL,
                                                                   &si,
                                                                   &pi );
                CloseHandle(hToken);

                printf("CreateProcess Success!\n");
                return 1;

        }

        printf("Parameter Error!\n");
        return 0;
}
用法很简单,后面跟你要执行的exe就行。

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

收藏
免费 0
支持
分享
最新回复 (1)
雪    币: 52
活跃值: (56)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
2
不好意思,发了两次,版主可以删去本帖
2011-3-21 09:21
0
游客
登录 | 注册 方可回帖
返回
//