我知道如何使用以下命令从进程启动具有管理员权限的进程:
proc.StartInfo.UseShellExecute = true;
proc.StartInfo.Verb = "runas";
其中proc是System.Diagnostics.Process。但是,如何做相反的事情呢?
如果您所处的进程已经提升,那么如何在没有管理员权限的情况下启动新进程?更准确地说,我们需要使用与Windows资源管理器相同的权限级别启动新进程,因此如果禁用UAC则无需更改,但如果启用了UAC,但我们的进程正在升级,则需要执行某项操作因为我们正在创建一个虚拟驱动器,并且如果它是使用提升的权限创建的,并且Windows资源管理器运行速度不高,它将不会显示。
随意将标题更改为更好的内容,我无法想出一个好的描述。
答案 0 :(得分:18)
您的解决方案是使用EXPLORER.exe进程。
我们的想法是使用Windows的文件浏览器进程explorer.exe(info)以UN-ELEVATED模式运行该进程。
让我们说我们要启动的流程是$TEMP\MyUnElevatedProcess.exe。
因此,对于NSIS代码,我只会写:(但可以用任何语言运行)
Exec '"$WINDIR\explorer.exe" "$TEMP\MyUnElevatedProcess.exe"'
示例代码(使用NSIS安装程序)
Exec '"$WINDIR\explorer.exe" "$TEMP\MyUnElevatedProcess.exe"'
***代码取自http://mdb-blog.blogspot.com/2013/01/nsis-lunch-program-as-user-from-uac.html
答案 1 :(得分:8)
我们最终使用了此代码项目文章中的示例:High elevation can be bad for your application: How to start a non-elevated process at the end of the installation
它似乎工作到目前为止,我收集它注入RunDll32.exe,我的C ++ / Win32相当弱,所以我没有看太多的实际实现,只是它的使用。确认它在Vista和Win7中都适用于x86和x64(至少对于我们来说,x86和x64需要不同的dll,在安装时检查并使用正确的dll)。
答案 2 :(得分:1)
Raymond Chen在他的博客中谈到了这一点:
How can I launch an unelevated process from my elevated process and vice versa?
在GitHub中搜索此代码的C#版本,我在Microsoft的用于Visual Studio的 Node.js工具存储库中找到以下实现:SystemUtilities.cs({{ 1}}函数)。
以防万一文件消失了,这是文件的内容:
ExecuteProcessUnElevated答案 3 :(得分:0)
如果你想从一个升级过程中启动一个非高效的过程,你可以复制shell过程的访问令牌并使用它来启动一个新过程。
public static class UnelevatedProcessStarter
{
public static void Start(string cmdArgs)
{
// 1. Get the shell
var shell = NativeMethods.GetShellWindow();
if (shell == IntPtr.Zero)
{
throw new Exception("Could not find shell window");
}
// 2. Copy the access token of the process
NativeMethods.GetWindowThreadProcessId(shell, out uint shellProcessId);
var hShellProcess = NativeMethods.OpenProcess(0x00000400 /* QueryInformation */, false, (int)shellProcessId);
if (!NativeMethods.OpenProcessToken(hShellProcess, 2 /* TOKEN_DUPLICATE */, out IntPtr hShellToken))
{
throw new Win32Exception();
}
// 3. Dublicate the acess token
uint tokenAccess = 8 /*TOKEN_QUERY*/ | 1 /*TOKEN_ASSIGN_PRIMARY*/ | 2 /*TOKEN_DUPLICATE*/ | 0x80 /*TOKEN_ADJUST_DEFAULT*/ | 0x100 /*TOKEN_ADJUST_SESSIONID*/;
var securityAttributes = new SecurityAttributes();
NativeMethods.DuplicateTokenEx(
hShellToken,
tokenAccess,
ref securityAttributes,
2 /* SecurityImpersonation */,
1 /* TokenPrimary */,
out IntPtr hToken);
// 4. Create a new process with the copied token
var si = new Startupinfo();
si.cb = Marshal.SizeOf(si);
if (!NativeMethods.CreateProcessWithTokenW(
hToken,
0x00000002 /* LogonNetcredentialsOnly */,
null,
cmdArgs,
0x00000010 /* CreateNewConsole */,
IntPtr.Zero,
null,
ref si,
out ProcessInformation _))
{
throw new Win32Exception();
}
}
public class NativeMethods
{
[DllImport("user32.dll")]
public static extern IntPtr GetShellWindow();
[DllImport("user32.dll", SetLastError = true)]
public static extern uint GetWindowThreadProcessId(IntPtr hWnd, out uint lpdwProcessId);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern IntPtr OpenProcess(int processAccess, bool bInheritHandle, int processId);
[DllImport("advapi32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool OpenProcessToken(IntPtr processHandle, UInt32 desiredAccess, out IntPtr tokenHandle);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool DuplicateTokenEx(IntPtr hExistingToken, uint dwDesiredAccess,
ref SecurityAttributes lpTokenAttributes,
int impersonationLevel,
int tokenType,
out IntPtr phNewToken);
[DllImport("advapi32", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool CreateProcessWithTokenW(
IntPtr hToken, int dwLogonFlags,
string lpApplicationName, string lpCommandLine,
int dwCreationFlags, IntPtr lpEnvironment,
string lpCurrentDirectory, [In] ref Startupinfo lpStartupInfo, out ProcessInformation lpProcessInformation);
}
[StructLayout(LayoutKind.Sequential)]
public struct ProcessInformation
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[StructLayout(LayoutKind.Sequential)]
public struct SecurityAttributes
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public int bInheritHandle;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct Startupinfo
{
public Int32 cb;
public string lpReserved;
public string lpDesktop;
public string lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public IntPtr hStdInput;
public IntPtr hStdOutput;
public IntPtr hStdError;
}
}
答案 4 :(得分:-1)
您可以使用ProcessStartInfo.UserName和ProcessStartInfo.Password来指定您希望流程运行的帐户。
class Program
{
static void Main(string[] args)
{
var psi = new ProcessStartInfo(@"c:\windows\system32\whoami.exe");
var password = new SecureString();
password.AppendChar('s');
password.AppendChar('e');
password.AppendChar('c');
password.AppendChar('r');
password.AppendChar('e');
password.AppendChar('t');
psi.Password = password;
psi.UserName = "username";
psi.UseShellExecute = false;
psi.RedirectStandardOutput = true;
var p = new Process();
p.StartInfo = psi;
p.Start();
p.WaitForExit();
Console.WriteLine(p.StandardOutput.ReadToEnd());
}
}