2

我有一个以本地系统帐户启动的 Windows 服务。在此服务中,它使用 CreateProcessAsUser API 使用user1 account 创建一个新进程。进程创建后:

  1. 以Administrator身份登录系统,我可以发现该进程的所有者是user1,我可以停止/恢复/杀死该进程。

  2. 以user1身份登录系统,但我无法停止/恢复/终止该进程,并且出现“拒绝访问”错误。为什么?

这是我的测试代码:

import os
import psutil
import win32process
import win32security
import win32con
import win32api
import win32file


def log(msg):
    with open('C:\\test\\my.log', 'a') as f:
        f.write(msg)
        f.write('\n')

username = 'user1'
password = 'user1'
domain = 'testpc'


try:
    token = win32security.LogonUser (
        username,
        domain,
        password,
        win32con.LOGON32_LOGON_SERVICE,
        win32con.LOGON32_PROVIDER_DEFAULT
    )
    win32security.ImpersonateLoggedOnUser(token)

    cmd = "ping -n 600 localhost"
    cwd = 'c:\\test'
    env = os.environ

    dwCreationFlags = win32con.NORMAL_PRIORITY_CLASS
    startup = win32process.STARTUPINFO()

    (hProcess, hThread, dwProcessId, dwThreadId) = \
        win32process.CreateProcessAsUser(token, None, cmd, None, None, True,
                                         dwCreationFlags, env, cwd, startup)
    log("hProcess=%s, hThread=%s, dwProcessId=%s, dwThreadId=%s" % (hProcess, hThread, dwProcessId, dwThreadId))

    process = psutil.Process(dwProcessId)
    log('process: %s' % process)

    return_code = process.wait()

    win32file.CloseHandle(hThread)
    win32file.CloseHandle(hProcess)
except win32security.error as e:
    log(e)

有人可以帮助我吗?非常感谢。

4

0 回答 0