使用提升权限的程序中的用户权限启动程序 [英] Start program with user rights from within a elevated program

问题描述

我有一个需要提升权限的应用程序(这类似于自定义安装程序). 在此应用程序中，我使用ShellExecute()来显示PDF文件. 似乎Adobe Reader以与调用应用程序相同的权限启动.我希望Adobe Reader可以从标准用户权限入手，而不是提升权限.

I have an application that requires elevated rights (it is something like a custom installer). From within this application, I use ShellExecute() to show a PDF file. It seems as if the Adobe Reader is started with the same rights as the calling application. I would like the Adobe Reader however to be started with standard user rights and not elevated.

有什么办法可以做到这一点? (可能在Delphi中，但是对于这个问题，语言可能并不重要).

Is there some way I can do that? (It would be in Delp but for this problem the language probably doesn't matter).

推荐答案

您要实现的目标很难实现，并且不受支持.但是，可以使用少量黑客攻击.亚伦·玛格西斯(Aaron Margosis)写了

What you are trying to achieve cannot be done very easily and is not supported. However, it is possible using a modicum of hacking. Aaron Margosis wrote an article describing one technique.

要引用相关部分，您将需要执行以下步骤:

To quote the pertinent section, you will need to carry out these steps:

1. 在当前令牌中启用SeIncreaseQuotaPrivilege
2. 获取代表桌面外壳的HWND(GetShellWindow)
3. 获取与该窗口关联的进程的进程ID(PID)(GetWindowThreadProcessId)
4. 打开该进程(OpenProcess)
5. 从该进程获取访问令牌(OpenProcessToken)
6. 使用该令牌(DuplicateTokenEx)创建主令牌
7. 使用该主要令牌(CreateProcessWithTokenW)启动新进程

1. Enable the SeIncreaseQuotaPrivilege in your current token
2. Get an HWND representing the desktop shell (GetShellWindow)
3. Get the Process ID (PID) of the process associated with that window (GetWindowThreadProcessId)
4. Open that process (OpenProcess)
5. Get the access token from that process (OpenProcessToken)
6. Make a primary token with that token (DuplicateTokenEx)
7. Start the new process with that primary token (CreateProcessWithTokenW)

本文包含一些演示C ++源代码的下载链接，从中应该足够容易地转换为Delphi.

The article contains a download link for some demo C++ source from which it should be simple enough to translate to Delphi.

这篇关于使用提升权限的程序中的用户权限启动程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！