如何运行在Vista(.NET)中没有提升
发布时间:2020-12-13 21:01:26 所属栏目:Windows 来源:网络整理
导读:我有一个应用程序,我必须以管理员身份运行。 该应用程序的一小部分是使用Process.Start启动其他应用程序 启动的应用程序也将作为管理员运行,但我宁愿看到它们作为“普通”用户运行。 我该如何做到这一点? /约翰/ WinSafer API允许一个进程作为有限的,普
我有一个应用程序,我必须以管理员身份运行。
该应用程序的一小部分是使用Process.Start启动其他应用程序 启动的应用程序也将作为管理员运行,但我宁愿看到它们作为“普通”用户运行。 我该如何做到这一点? /约翰/
WinSafer API允许一个进程作为有限的,普通的或升级的用户启动。
样品用法: CreateSaferProcess(@"calc.exe","",SaferLevel.NormalUser); 源代码: //http://odetocode.com/Blogs/scott/archive/2004/10/28/602.aspx public static void CreateSaferProcess(String fileName,String arguments,SaferLevel saferLevel) { IntPtr saferLevelHandle = IntPtr.Zero; //Create a SaferLevel handle to match what was requested if (!WinSafer.SaferCreateLevel( SaferLevelScope.User,saferLevel,SaferOpen.Open,out saferLevelHandle,IntPtr.Zero)) { throw new Win32Exception(Marshal.GetLastWin32Error()); } try { //Generate the access token to use,based on the safer level handle. IntPtr hToken = IntPtr.Zero; if (!WinSafer.SaferComputeTokenFromLevel( saferLevelHandle,// SAFER Level handle IntPtr.Zero,// NULL is current thread token. out hToken,// Target token SaferTokenBehaviour.Default,// No flags IntPtr.Zero)) // Reserved { throw new Win32Exception(Marshal.GetLastWin32Error()); } try { //Now that we have a security token,we can lauch the process //using the standard CreateProcessAsUser API STARTUPINFO si = new STARTUPINFO(); si.cb = Marshal.SizeOf(si); si.lpDesktop = String.Empty; PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); // Spin up the new process Boolean bResult = Windows.CreateProcessAsUser( hToken,fileName,arguments,IntPtr.Zero,//process attributes IntPtr.Zero,//thread attributes false,//inherit handles 0,//CREATE_NEW_CONSOLE IntPtr.Zero,//environment null,//current directory ref si,//startup info out pi); //process info if (!bResult) throw new Win32Exception(Marshal.GetLastWin32Error()); if (pi.hProcess != IntPtr.Zero) Windows.CloseHandle(pi.hProcess); if (pi.hThread != IntPtr.Zero) Windows.CloseHandle(pi.hThread); } finally { if (hToken != IntPtr.Zero) Windows.CloseHandle(hToken); } } finally { WinSafer.SaferCloseLevel(saferLevelHandle); } } P /调用声明: using System; using System.Collections.Generic; using System.Text; using System.Runtime.InteropServices; namespace PInvoke { public class WinSafer { /// <summary> /// The SaferCreateLevel function opens a SAFER_LEVEL_HANDLE. /// </summary> /// <param name="scopeId">The scope of the level to be created.</param> /// <param name="levelId">The level of the handle to be opened.</param> /// <param name="openFlags">Must be SaferOpenFlags.Open</param> /// <param name="levelHandle">The returned SAFER_LEVEL_HANDLE. When you have finished using the handle,release it by calling the SaferCloseLevel function.</param> /// <param name="reserved">This parameter is reserved for future use. IntPtr.Zero</param> /// <returns></returns> [DllImport("advapi32",SetLastError = true,CallingConvention = CallingConvention.StdCall)] public static extern bool SaferCreateLevel(SaferLevelScope scopeId,SaferLevel levelId,SaferOpen openFlags,out IntPtr levelHandle,IntPtr reserved); /// <summary> /// The SaferComputeTokenFromLevel function restricts a token using restrictions specified by a SAFER_LEVEL_HANDLE. /// </summary> /// <param name="levelHandle">SAFER_LEVEL_HANDLE that contains the restrictions to place on the input token. Do not pass handles with a LevelId of SAFER_LEVELID_FULLYTRUSTED or SAFER_LEVELID_DISALLOWED to this function. This is because SAFER_LEVELID_FULLYTRUSTED is unrestricted and SAFER_LEVELID_DISALLOWED does not contain a token.</param> /// <param name="inAccessToken">Token to be restricted. If this parameter is NULL,the token of the current thread will be used. If the current thread does not contain a token,the token of the current process is used.</param> /// <param name="outAccessToken">The resulting restricted token.</param> /// <param name="flags">Specifies the behavior of the method.</param> /// <param name="lpReserved">Reserved for future use. This parameter should be set to IntPtr.EmptyParam.</param> /// <returns></returns> [DllImport("advapi32",CallingConvention = CallingConvention.StdCall)] public static extern bool SaferComputeTokenFromLevel(IntPtr levelHandle,IntPtr inAccessToken,out IntPtr outAccessToken,SaferTokenBehaviour flags,IntPtr lpReserved); /// <summary> /// The SaferCloseLevel function closes a SAFER_LEVEL_HANDLE that was opened by using the SaferIdentifyLevel function or the SaferCreateLevel function.</summary> /// <param name="levelHandle">The SAFER_LEVEL_HANDLE to be closed.</param> /// <returns>TRUE if the function succeeds; otherwise,FALSE. For extended error information,call GetLastWin32Error.</returns> [DllImport("advapi32",CallingConvention = CallingConvention.StdCall)] public static extern bool SaferCloseLevel(IntPtr levelHandle); } //class WinSafer /// <summary> /// Specifies the behaviour of the SaferComputeTokenFromLevel method /// </summary> public enum SaferTokenBehaviour : uint { /// <summary></summary> Default = 0x0,/// <summary>If the OutAccessToken parameter is not more restrictive than the InAccessToken parameter,the OutAccessToken parameter returns NULL.</summary> NullIfEqual = 0x1,/// <summary></summary> CompareOnly = 0x2,/// <summary></summary> MakeInert = 0x4,/// <summary></summary> WantFlags = 0x8 } /// <summary> /// The level of the handle to be opened. /// </summary> public enum SaferLevel : uint { /// <summary>Software will not run,regardless of the user rights of the user.</summary> Disallowed = 0,/// <summary>Allows programs to execute with access only to resources granted to open well-known groups,blocking access to Administrator and Power User privileges and personally granted rights.</summary> Untrusted = 0x1000,/// <summary>Software cannot access certain resources,such as cryptographic keys and credentials,regardless of the user rights of the user.</summary> Constrained = 0x10000,/// <summary>Allows programs to execute as a user that does not have Administrator or Power User user rights. Software can access resources accessible by normal users.</summary> NormalUser = 0x20000,/// <summary>Software user rights are determined by the user rights of the user.</summary> FullyTrusted = 0x40000 } /// <summary> /// The scope of the level to be created. /// </summary> public enum SaferLevelScope : uint { /// <summary>The created level is scoped by computer.</summary> Machine = 1,/// <summary>The created level is scoped by user.</summary> User = 2 } public enum SaferOpen : uint { Open = 1 } } //namespace PInvoke (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
相关内容
- Windows上的Mercurial:abort:错误:远程主机强行关闭现有
- 安装签名的msi安装程序时出现奇数’程序名’
- windows phone 7数据库
- windows-server-2008 – 终端服务器使用的RAID布局 – 我的
- Windows Server 2016-三种方法备份还原DHCP服务器
- windows – 尝试使用win xp cmd与设备通信
- windows使用记录---2019.8月补丁更新后出现windows7系列UEF
- 窗口 – 在DWM组合的窗口上使用GDI绘制时可以防止撕裂伪影吗
- windows – __deref_out_opt和__deref_opt_out之间有什么区
- 重新创建Win32的标题是一个好主意吗?
推荐文章
站长推荐
热点阅读