windows服务启动程序没有窗体的问题处理

这个问题,主要是服务是以system帐号启动的,在session0界面上,一般我们用户是在session1界面上,所以看不见窗体。

网上有说用Cjwdev.WindowsApi.dll 处理的, 这种方法明显时好时坏,也有网友说要创建一个没密码的用户才会成功,这明白很不安全,不适合服务器。

还有说有一个值守程序的,服务器启动时,值守程序未必已启动,也是一堆问题,后来Google几天,在要放弃时,看到一位大神的文章:

https://www.codeproject.com/Articles/35773/Subverting-Vista-UAC-in-Both-and-bit-Archite

https://www.codeproject.com/Articles/18775/Launch-your-app-into-session-using-a-service-hel

还有微软官方文章 :

https://code.msdn.microsoft.com/windowsapps/CSCreateProcessAsUserFromSe-b682134e

他的思想是,发现Winlogin这个进程是以seession1运行的,他就想到用这个进程的Token来启动程序,他成功了。但他这段代码没有判断,没有用户登录的情况,比如刚刚启动系统时,还是没有界面,这时要自已加段代码,判断一下当前有没有用户登录,没有用户登录用没界面的,有用户登录时,再Kill没界面进程,启动有界面的进程。

启动:

ApplicationLoader.PROCESS_INFORMATION procInfo;
ApplicationLoader.StartProcessAndBypassUAC(applicationName, out procInfo);

代码可以在他文章里下载,这里也贴出来:

public class ApplicationLoader
{
#region Structures

[StructLayout(LayoutKind.Sequential)]
public struct SECURITY_ATTRIBUTES
{
public int Length;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle;
}

[StructLayout(LayoutKind.Sequential)]
public struct STARTUPINFO
{
public int cb;
public String lpReserved;
public String lpDesktop;
public String lpTitle;
public uint dwX;
public uint dwY;
public uint dwXSize;
public uint dwYSize;
public uint dwXCountChars;
public uint dwYCountChars;
public uint dwFillAttribute;
public uint dwFlags;
public short wShowWindow;
public short cbReserved2;
public IntPtr lpReserved2;
public IntPtr hStdInput;
public IntPtr hStdOutput;
public IntPtr hStdError;
}

[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public uint dwProcessId;
public uint dwThreadId;
}

#endregion

#region Enumerations

enum TOKEN_TYPE : int
{
TokenPrimary = 1,
TokenImpersonation = 2
}

enum SECURITY_IMPERSONATION_LEVEL : int
{
SecurityAnonymous = 0,
SecurityIdentification = 1,
SecurityImpersonation = 2,
SecurityDelegation = 3,
}

#endregion

#region Constants

public const int TOKEN_DUPLICATE = 0x0002;
public const uint MAXIMUM_ALLOWED = 0x2000000;
public const int CREATE_NEW_CONSOLE = 0x00000010;

public const int IDLE_PRIORITY_CLASS = 0x40;
public const int NORMAL_PRIORITY_CLASS = 0x20;
public const int HIGH_PRIORITY_CLASS = 0x80;
public const int REALTIME_PRIORITY_CLASS = 0x100;

#endregion

#region Win32 API Imports

[DllImport(“kernel32.dll”, SetLastError = true)]
private static extern bool CloseHandle(IntPtr hSnapshot);

[DllImport(“kernel32.dll”)]
static extern uint WTSGetActiveConsoleSessionId();

[DllImport(“advapi32.dll”, EntryPoint = “CreateProcessAsUser”, SetLastError = true, CharSet = CharSet.Ansi, CallingConvention = CallingConvention.StdCall)]
public extern static bool CreateProcessAsUser(IntPtr hToken, String lpApplicationName, String lpCommandLine, ref SECURITY_ATTRIBUTES lpProcessAttributes,
ref SECURITY_ATTRIBUTES lpThreadAttributes, bool bInheritHandle, int dwCreationFlags, IntPtr lpEnvironment,
String lpCurrentDirectory, ref STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation);

[DllImport(“kernel32.dll”)]
static extern bool ProcessIdToSessionId(uint dwProcessId, ref uint pSessionId);

[DllImport(“advapi32.dll”, EntryPoint = “DuplicateTokenEx”)]
public extern static bool DuplicateTokenEx(IntPtr ExistingTokenHandle, uint dwDesiredAccess,
ref SECURITY_ATTRIBUTES lpThreadAttributes, int TokenType,
int ImpersonationLevel, ref IntPtr DuplicateTokenHandle);

[DllImport(“kernel32.dll”)]
static extern IntPtr OpenProcess(uint dwDesiredAccess, bool bInheritHandle, uint dwProcessId);

[DllImport(“advapi32″, SetLastError = true), SuppressUnmanagedCodeSecurityAttribute]
static extern bool OpenProcessToken(IntPtr ProcessHandle, int DesiredAccess, ref IntPtr TokenHandle);

#endregion

/// <summary>
/// Launches the given application with full admin rights, and in addition bypasses the Vista UAC prompt
/// </summary>
/// <param name=”applicationName”>The name of the application to launch</param>
/// <param name=”procInfo”>Process information regarding the launched application that gets returned to the caller</param>
/// <returns></returns>
public static bool StartProcessAndBypassUAC(String applicationName, out PROCESS_INFORMATION procInfo)
{
uint winlogonPid = 0;
IntPtr hUserTokenDup = IntPtr.Zero, hPToken = IntPtr.Zero, hProcess = IntPtr.Zero;
procInfo = new PROCESS_INFORMATION();

// obtain the currently active session id; every logged on user in the system has a unique session id
uint dwSessionId = WTSGetActiveConsoleSessionId();

// obtain the process id of the winlogon process that is running within the currently active session
Process[] processes = Process.GetProcessesByName(“winlogon”);
foreach (Process p in processes)
{
if ((uint)p.SessionId == dwSessionId)
{
winlogonPid = (uint)p.Id;
}
}

// obtain a handle to the winlogon process
hProcess = OpenProcess(MAXIMUM_ALLOWED, false, winlogonPid);

// obtain a handle to the access token of the winlogon process
if (!OpenProcessToken(hProcess, TOKEN_DUPLICATE, ref hPToken))
{
CloseHandle(hProcess);
return false;
}

// Security attibute structure used in DuplicateTokenEx and CreateProcessAsUser
// I would prefer to not have to use a security attribute variable and to just
// simply pass null and inherit (by default) the security attributes
// of the existing token. However, in C# structures are value types and therefore
// cannot be assigned the null value.
SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES();
sa.Length = Marshal.SizeOf(sa);

// copy the access token of the winlogon process; the newly created token will be a primary token
if (!DuplicateTokenEx(hPToken, MAXIMUM_ALLOWED, ref sa, (int)SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, (int)TOKEN_TYPE.TokenPrimary, ref hUserTokenDup))
{
CloseHandle(hProcess);
CloseHandle(hPToken);
return false;
}

// By default CreateProcessAsUser creates a process on a non-interactive window station, meaning
// the window station has a desktop that is invisible and the process is incapable of receiving
// user input. To remedy this we set the lpDesktop parameter to indicate we want to enable user
// interaction with the new process.
STARTUPINFO si = new STARTUPINFO();
si.cb = (int)Marshal.SizeOf(si);
si.lpDesktop = @”winsta0\default”; // interactive window station parameter; basically this indicates that the process created can display a GUI on the desktop

// flags that specify the priority and creation method of the process
int dwCreationFlags = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE;

// create a new process in the current user’s logon session
bool result = CreateProcessAsUser(hUserTokenDup, // client’s access token
null, // file to execute
applicationName, // command line
ref sa, // pointer to process SECURITY_ATTRIBUTES
ref sa, // pointer to thread SECURITY_ATTRIBUTES
false, // handles are not inheritable
dwCreationFlags, // creation flags
IntPtr.Zero, // pointer to new environment block
null, // name of current directory
ref si, // pointer to STARTUPINFO structure
out procInfo // receives information about new process
);

// invalidate the handles
CloseHandle(hProcess);
CloseHandle(hPToken);
CloseHandle(hUserTokenDup);

return result; // return the result
}

}