获取 winlogon.exe 的会话 ID 和进程 ID [英] obtain session id and process id for winlogon.exe

问题描述

我正在尝试创建一个进程来启动需要 UI 的应用程序.所以它不能在会话 0 中.我的想法是获取当前登录用户的 winlogon.exe 的进程 ID.通过这种方式，我可以复制 winlogon 令牌并使用 CreateProcessAsUser 函数运行我的应用程序.到目前为止我的代码:(当需要我想要运行的应用程序时调用它)

I'm trying to create a process that starts up an application that requires a UI. So it can't be in session 0. My idea was to obtain the process id of winlogon.exe of the current logged on user. In this way I could duplicate the winlogon token and run my application using the CreateProcessAsUser function. my code so far:(this is being called when the application i want run is required)

#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>

this function()
{
  HANDLE hProcessSnap;
  HANDLE hProcess;
  PROCESSENTRY32 pe32;
  DWORD dwPriorityClass;

  // Take a snapshot of all processes in the system.
  hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );

  // Set the size of the structure before using it.
  pe32.dwSize = sizeof( PROCESSENTRY32 );

  //get the active session id
  DWORD sessionID = WTSGetActiveConsoleSessionId();

  // Now walk through the snapshot of processes
  //I want to narrow this down to processes called winlogon
  //if multiple users logged on system i want to make sure the active user
  //will get the application run the their screen
  do
  {
  // Retrieve the priority class.
    dwPriorityClass = 0;

    //here i want to compare the sessionID with session IDs of each winlogon process
    //stuck for implementation here
    //when i find a match i can use the processID to gain the token and create
    //a duplicate so it can be used in CreateAsUser function.
  }while( Process32Next( hProcessSnap, &pe32 ) );

 }

所以基本上我需要一些帮助，将进程的快照范围缩小到winlogon"并遍历这些进程的会话 ID 以匹配活动用户的 sessionID.提前致谢:D

So basically i need some help narrowing down the snapshot of the processes to just "winlogon" and iterating through the session IDs of these processes to match sessionID of the active user. Thanks in advance:D

推荐答案

您可以使用 ProcessIdToSessionId 获取匹配winlogon.exe"的每个进程的会话ID，然后将结果与WTSGetActiveConsoleSessionId.

You can use ProcessIdToSessionId to get the session ID of each process that matches "winlogon.exe", then compare the result to WTSGetActiveConsoleSessionId.

这是您可以在循环中使用的片段:

Here's a snipped you could use in your loop:

if (_wcsicmp(pe32.szExeFile, L"winlogon.exe") == 0)
{
    DWORD ProcessSessionId = 0;
    ProcessIdToSessionId(pe32.th32ProcessID, &ProcessSessionId);
    if (ProcessSessionId == sessionID)
    {
        DoYourMagic(pe32.th32ProcessID);
        break;
    }
}

这篇关于获取 winlogon.exe 的会话 ID 和进程 ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！