UAC环境下，从服务启动用户界面程序

之前从服务启动用户界面程序，使用的都是CreateProcess，或者.net库里面的Process::Start函数。但是在WIN2008上面碰到了问题，进程能启动，但是界面出不来。

原因是微软搞得UAC技术。

UAC(User Account Control，用户账户控制) 是微软为提高系统安全而在Windows Vista中引入的新技术，通过限制应用软件而改进Windows操作系统的安全性。

 

具体到我的程序上，就是无法从服务直接创建窗口。

实际上，用户窗口还是被创建出来了。但是由于服务是用system用户运行的，有自己的窗口站，和我们默认使用的winsta0不是一个窗口站，不能直接通讯，交互，所以当然不能在 "winsta0" 中的默认桌面上显示了。

虽然在VISTA里面就有了，但以前在项目中碰不到。因为用户很少用Vista或者Win7，服务端也都是WIN2003。现在WIN2008用的多了，问题就出来了。

 

在网上搜了半天，找到了解决方案：

服务启动UI程序不能直接CreateProcess(),否则因为service session，程序UI不能看见
拿到当前explorer.exe的token，然后CreateProcessAsUser模拟当前用户启动进程...这样就可以显示界面了

代码如下：

bool GetTokenByName(ref IntPtr hToken, string lpName)
{
    IntPtr hProcessSnap = IntPtr.Zero;
    bool bRet = false;

    hProcessSnap = CreateToolhelp32Snapshot(0x00000002, 0);
    if ((int)hProcessSnap <= 0)
    {
        return false;
    }

    //--------------------------------------------
    //
    ProcessEntry32 pe32 = new ProcessEntry32();
    pe32.dwSize = (uint)Marshal.SizeOf(pe32);
    int bMore = Process32First(hProcessSnap, ref pe32);
    while (bMore == 1)
    {
        if (0 == string.Compare(pe32.szExeFile, lpName, true))
        {
            int hProcess = OpenProcess(0x0400, false, (int)pe32.th32ProcessID);
            System.IntPtr p = new IntPtr(hProcess);
            bRet = OpenProcessToken(p, (int)TOKEN_ALL_ACCESS, ref hToken);

            CloseHandle(hProcessSnap);

            return bRet;
        }
        bMore = Process32Next(hProcessSnap, ref pe32);
    }
    CloseHandle(hProcessSnap);

    return false;
}

public bool RunProcess(string szExe, string szPath)
{
    IntPtr hToken = new IntPtr();
    if (!GetTokenByName(ref hToken, "explorer.exe"))
    {
        return false;
    }
    STARTUPINFO si = new STARTUPINFO();
    si.cb = Marshal.SizeOf(si);

    PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
    SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES();
    sa.Length = Marshal.SizeOf(sa);

    bool result = CreateProcessAsUser(
                                 hToken,
                                 szExe,
                                 String.Empty,
                                 ref sa, ref sa,
                                 false, 0, IntPtr.Zero,
                                 szPath, ref si, ref pi);

    return result;
}

[DllImport("KERNEL32.DLL ")]
public static extern IntPtr CreateToolhelp32Snapshot(uint flags, uint processid);
[DllImport("KERNEL32.DLL ")]
public static extern int CloseHandle(IntPtr handle);
[DllImport("KERNEL32.DLL ")]
public static extern int Process32First(IntPtr handle, ref   ProcessEntry32 pe);
[DllImport("KERNEL32.DLL ")]
public static extern int Process32Next(IntPtr handle, ref   ProcessEntry32 pe);

[StructLayout(LayoutKind.Sequential)]
public struct ProcessEntry32
{
    public uint dwSize;
    public uint cntUsage;
    public uint th32ProcessID;
    public IntPtr th32DefaultHeapID;
    public uint th32ModuleID;
    public uint cntThreads;
    public uint th32ParentProcessID;
    public int pcPriClassBase;
    public uint dwFlags;

    [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)]
    public string szExeFile;
};

[DllImport("kernel32.dll")]
public static extern int OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
public static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);

private const int TOKEN_ASSIGN_PRIMARY = 0x1;
private const int TOKEN_DUPLICATE = 0x2;
private const int TOKEN_IMPERSONATE = 0x4;
private const int TOKEN_QUERY = 0x8;
private const int TOKEN_QUERY_SOURCE = 0x10;
private const int TOKEN_ADJUST_PRIVILEGES = 0x20;
private const int TOKEN_ADJUST_GROUPS = 0x40;
private const int TOKEN_ADJUST_DEFAULT = 0x80;
private const int TOKEN_ALL_ACCESS = TOKEN_ASSIGN_PRIMARY
      + TOKEN_DUPLICATE + TOKEN_IMPERSONATE + TOKEN_QUERY
      + TOKEN_QUERY_SOURCE + TOKEN_ADJUST_PRIVILEGES
      + TOKEN_ADJUST_GROUPS + TOKEN_ADJUST_DEFAULT;
private const int ANYSIZE_ARRAY = 1;
[StructLayout(LayoutKind.Sequential)]
public struct STARTUPINFO
{
    public Int32 cb;
    public string lpReserved;
    public string lpDesktop;
    public string lpTitle;
    public Int32 dwX;
    public Int32 dwY;
    public Int32 dwXSize;
    public Int32 dwXCountChars;
    public Int32 dwYCountChars;
    public Int32 dwFillAttribute;
    public Int32 dwFlags;
    public Int16 wShowWindow;
    public Int16 cbReserved2;
    public IntPtr lpReserved2;
    public IntPtr hStdInput;
    public IntPtr hStdOutput;
    public IntPtr hStdError;
}

[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
    public IntPtr hProcess;
    public IntPtr hThread;
    public Int32 dwProcessID;
    public Int32 dwThreadID;
}

[StructLayout(LayoutKind.Sequential)]
public struct SECURITY_ATTRIBUTES
{
    public Int32 Length;
    public IntPtr lpSecurityDescriptor;
    public bool bInheritHandle;
}

public enum SECURITY_IMPERSONATION_LEVEL
{
    SecurityAnonymous,
    SecurityIdentification,
    SecurityImpersonation,
    SecurityDelegation
}

[DllImport("kernel32.dll", SetLastError = true,
    CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern bool CreateProcessAsUser(
    IntPtr hToken,
    string lpApplicationName,
    string lpCommandLine,
    ref SECURITY_ATTRIBUTES lpProcessAttributes,
    ref SECURITY_ATTRIBUTES lpThreadAttributes,
    bool bInheritHandle,
    Int32 dwCreationFlags,
    IntPtr lpEnvrionment,
    string lpCurrentDirectory,
    ref STARTUPINFO lpStartupInfo,
    ref PROCESS_INFORMATION lpProcessInformation);