简体繁体 English

使用LocalSystem Service CreateProcessAsUser启动程序相当于登录时双击该图标？ [C＃]

[英]Launching a program using LocalSystem Service CreateProcessAsUser equivalent to double-clicking on the icon when logged in? [C#]

原文 2009-09-18 13:57:34 6 2 c#/ winapi

At my company we have a product which pretty much interacts with everything you can imagine... registry, databases, devices, etc... it is composed of many parts but the entire application is launched by a single executable (start.exe) which is responsbile for launching everything else - this is all legacy code and run under a USER account. 在我公司，我们的产品几乎可以与您想象的所有内容进行交互...注册表，数据库，设备等...它由许多部分组成，但是整个应用程序是由单个可执行文件（start.exe）启动的它负责启动其他所有内容-这是所有旧代码，并在USER帐户下运行。

Currently this is launched as a STARTUP item (or by double-clicking on the desktop icon) in Windows, meaning when the user logins into the USER account the application (start.exe) automatically kicks off, under this account it has all the permissions it needs to run and everything has been fine for years... 当前，它作为Windows中的STARTUP项目（或通过双击桌面图标）启动，这意味着当用户登录到USER帐户时，应用程序（start.exe）自动启动，在该帐户下它具有所有权限它需要运行，并且一切都好多年了...

Now comes the change - I have written a service (Serv.exe) that is running as LocalSystem - this service is responsible for updating the various software components of our product and works as follows: - when the product detects an update it signals the LocalSystem service (Serv.exe) and then terminates itself - Serv.exe will then perform all the updating 现在进行更改-我编写了一个以LocalSystem运行的服务（Serv.exe）-该服务负责更新我们产品的各种软件组件，其工作方式如下：-当产品检测到更新时，它会发出信号通知LocalSystem服务（Serv.exe），然后终止自身-Serv.exe将执行所有更新

Now, after everything is done, the product (via start.exe) needs to be launched again automatically ... and this is where I need some advice ... what is the best way to restart the product (start.exe)? 现在，完成所有操作后，需要再次自动启动产品（通过start.exe）...这是我需要的一些建议...重新启动产品（start.exe）的最佳方法是什么？

Right now I use the LocalSystem Service (Serv.exe) and impersonate the USER account as follows: - CreateEnvironmentBlock for the USER - CreateProcessAsUser(start.exe) as the USER with the corresponding EnvBlock - DestroyEnvironmentBlock 现在，我使用LocalSystem Service（Serv.exe）并模拟USER帐户，如下所示：-USER的CreateEnvironmentBlock-USER和相应的EnvBlock一起作为USER-CreateProcessAsUser（start.exe）-DestroyEnvironmentBlock

But is this really 100% equivalent to double-clicking on the icon in the USER account context? 但这真的100％等同于双击USER帐户上下文中的图标吗？ I need to ensure that everything is identical when it is either launched on STARTUP of USER or by Impersonation from Serv.exe (LocalSystem) - is there a risk involved? 我需要确保在用户启动时启动或通过Serv.exe（LocalSystem）中的模拟启动时，所有内容都相同-是否存在风险？ Will I still have the same rights/abilities with all databases? 我对所有数据库仍然拥有相同的权利/功能吗？ registry? 注册表？ device interaction? 设备交互？ etc.. 等等..

By loading the EnvBlock I seem to get everything I need but ... is this not a good way to do it...? 通过加载EnvBlock，我似乎可以得到所需的一切，但是...这不是一个好方法吗？

Kind of hoping for some guidance and advice from the pro's out there ... Any help or hints would be much appreciated. 希望能从专业人士那里获得一些指导和建议。非常感谢您的帮助或提示。 Thanks, 谢谢，

2 个解决方案

Update: Here is a post named: Launching an interactive process from Windows Service in Windows Vista and later . 更新：这是一篇名为：从Windows Vista及更高版本中的Windows Service启动交互式过程的文章。 Which is exactly what you are looking for. 正是您要找的东西。 It starts with: 它开始于：

The first thing you should do about it is that; 您应该做的第一件事是： don't do it. 不要做 There are many limitations and bad implications and restrictions involved. 有很多局限性，涉及的不良影响和局限性。

So first test if your current solution works. 因此，首先测试您当前的解决方案是否可行。 That depend on what the process is doing. 这取决于过程在做什么。 If it is not involving user interaction. 如果不涉及用户交互。 Or manipulating the current user session. 或操纵当前用户会话。 Then you don't need this complex solution. 然后，您不需要此复杂的解决方案。 If you need it, than good luck! 如果您需要它，那就不如祝您好运！

Before update: Its not 100% equivalent. 更新前：不是100％等效。 Except authorization there are, in windows, sessions and, in each session, there are desktops. 除授权外，在Windows，会话中都有，并且在每个会话中都有桌面。 The process that is lunched from the service will run on the service session and desktop ( if the service has it). 从服务中获取午餐的过程将在服务会话和桌面上运行（如果服务具有）。 Depending on what the start.exe does, it may be important or not. 根据start.exe的作用，它可能很重要或不重要。

Look at the SetTokenInformation function. 查看SetTokenInformation函数。

Instead of launching the application directly as a "startup item" you could start a "launcher.exe" that then would launch your application. 可以直接启动“ launcher.exe”，而不是直接将其作为“启动项”启动应用程序。 The service could then signal "launcher.exe" that another instance of the application should start after an update. 然后，该服务可能会向“ launcher.exe”发出信号，表明应在更新后启动该应用程序的另一个实例。 Using this method you can't use the service to update "launcher.exe", but this executable should be very simple and hopefully not require any updates. 使用这种方法，您不能使用该服务来更新“ launcher.exe”，但是该可执行文件应该非常简单，希望不需要任何更新。 Using this method would avoid all the pitfalls of trying to start an interactive application from a service. 使用此方法将避免尝试从服务启动交互式应用程序的所有陷阱。