在系统内以其它用户权限执行程序
作者:互联网
1
unit main;
2
3interface
4
5uses
6 Windows,Messages,SysUtils,Variants,Classes,Graphics,Controls,Forms,
7 Dialogs,StdCtrls;
8const
9 LOGON_WITH_PROFILE = 1;
10 LOGON_NETCREDENTIALS_ONLY = 2;
11 function CreateProcessWithLogon(lpUsername: PWChar;lpDomain: PWChar;lpPassword: PWChar;dwLogonFlags: DWORD;lpApplicationName: PWChar;lpCommandLine: PWChar;dwCreationFlags: DWORD;lpEnvironment: Pointer;lpCurrentDirectory: PWChar;const lpStartupInfo: TStartupInfo;var lpProcessInfo: TProcessInformation):BOOL;stdcall;
12
13type
14 TForm1 = class(TForm)
15 Button1: TButton;
16 procedure Button1Click(Sender: TObject);
17 private
18 { Private declarations }
19 public
20 { Public declarations }
21 end;
22
23var
24 Form1: TForm1;
25
26implementation
27
28{$R *.dfm}
29function CreateProcessWithLogon;external advapi32 name 'CreateProcessWithLogonW';
30procedure TForm1.Button1Click(Sender: TObject);
31var
32 wUsername,wDomain,wPassword,wApplicationName:WideString;
33 pwUsername,pwDomain,pwPassword,pwApplicationName:PWideChar;
34 StartupInfo:TStartupInfo;
35 ProcessInfo:TProcessInformation;
36begin
37 wUsername:='administrtor ';
38 wDomain:='';
39 wPassword:='wskitxgurhkpgf';
40 wApplicationName:='cmd.exe';
41 pwUsername:=Addr(wUsername[1]);
42 pwDomain:=Addr(wDomain[1]);
43 pwPassword:=Addr(wPassword[1]);
44 pwApplicationName:=Addr(wApplicationName[1]);
45
46 FillChar(StartupInfo, SizeOf(TStartupInfo), 0);
47 StartupInfo.cb := SizeOf(TStartupInfo);
48 if not CreateProcessWithLogon(pwUsername,pwDomain,pwPassword,LOGON_WITH_PROFILE,pwApplicationName,nil,CREATE_DEFAULT_ERROR_MODE,nil,nil,StartupInfo,ProcessInfo) then
49 RaiseLastOSError;
50end;
51
52end.
53
unit main;2
3
interface4
5
uses6
Windows,Messages,SysUtils,Variants,Classes,Graphics,Controls,Forms,7
Dialogs,StdCtrls;8
const 9
LOGON_WITH_PROFILE = 1;10
LOGON_NETCREDENTIALS_ONLY = 2; 11
function CreateProcessWithLogon(lpUsername: PWChar;lpDomain: PWChar;lpPassword: PWChar;dwLogonFlags: DWORD;lpApplicationName: PWChar;lpCommandLine: PWChar;dwCreationFlags: DWORD;lpEnvironment: Pointer;lpCurrentDirectory: PWChar;const lpStartupInfo: TStartupInfo;var lpProcessInfo: TProcessInformation):BOOL;stdcall;12
13
type14
TForm1 = class(TForm)15
Button1: TButton;16
procedure Button1Click(Sender: TObject);17
private18
{ Private declarations }19
public20
{ Public declarations }21
end;22
23
var24
Form1: TForm1;25
26
implementation27
28
{$R *.dfm}29
function CreateProcessWithLogon;external advapi32 name 'CreateProcessWithLogonW';30
procedure TForm1.Button1Click(Sender: TObject);31
var32
wUsername,wDomain,wPassword,wApplicationName:WideString;33
pwUsername,pwDomain,pwPassword,pwApplicationName:PWideChar;34
StartupInfo:TStartupInfo;35
ProcessInfo:TProcessInformation;36
begin37
wUsername:='administrtor ';38
wDomain:='';39
wPassword:='wskitxgurhkpgf';40
wApplicationName:='cmd.exe';41
pwUsername:=Addr(wUsername[1]);42
pwDomain:=Addr(wDomain[1]);43
pwPassword:=Addr(wPassword[1]);44
pwApplicationName:=Addr(wApplicationName[1]);45
46
FillChar(StartupInfo, SizeOf(TStartupInfo), 0);47
StartupInfo.cb := SizeOf(TStartupInfo);48
if not CreateProcessWithLogon(pwUsername,pwDomain,pwPassword,LOGON_WITH_PROFILE,pwApplicationName,nil,CREATE_DEFAULT_ERROR_MODE,nil,nil,StartupInfo,ProcessInfo) then49
RaiseLastOSError;50
end;51
52
end.53
转载于:https://www.cnblogs.com/zhaoyong/archive/2009/07/03/1516003.html
标签:Addr,内以,PWChar,CreateProcessWithLogon,执行程序,StartupInfo,TStartupInfo,权限,LOGON 来源: https://blog.csdn.net/weixin_33923762/article/details/94541306