服務啟動一個程式

#include <TLHELP32.H>
#include <psapi.h>
#include <WtsApi32.h>
#include <UserEnv.h>
#include <tchar.h>
#pragma comment(lib,"psapi.lib")
#pragma comment(lib,"WtsApi32.lib")
#pragma comment(lib,"UserEnv.lib")

//根據程式名稱獲取Token
BOOL GetTokenByName(HANDLE &hToken, LPSTR lpName)
{
	if (!lpName)
	{
		return FALSE;
	}
	HANDLE         hProcessSnap = NULL;
	BOOL           bRet = FALSE;
	PROCESSENTRY32 pe32 = { 0 };

	hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if (hProcessSnap == INVALID_HANDLE_VALUE)
	{
		return (FALSE);
	}

	pe32.dwSize = sizeof(PROCESSENTRY32);

	if (Process32First(hProcessSnap, &pe32))
	{
		do
		{
			if (!strcmp(_strupr(pe32.szExeFile), _strupr(lpName)))
			{
				HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,
					FALSE, pe32.th32ProcessID);
				bRet = OpenProcessToken(hProcess, TOKEN_ALL_ACCESS, &hToken);
				CloseHandle(hProcessSnap);
				return (bRet);
			}
		} while (Process32Next(hProcessSnap, &pe32));
	}
	else
	{
		bRet = FALSE;
	}

	CloseHandle(hProcessSnap);
	return (bRet);
}

//啟動一個程式
BOOL  StartProcessBySysService(const char* pAppFullFileName, const char* pRunParameter)
{
	BOOL bRet = FALSE;
	HANDLE hToken = NULL;
	//獲取管理員的token
	bRet = GetTokenByName(hToken, "EXPLORER.EXE");
	if (bRet)
	{
		char szSoftWare[1024] = { 0 };
		if (pRunParameter != NULL)
		{
			::sprintf_s(szSoftWare, 1024, "\"%s\" %s", pAppFullFileName, pRunParameter);
		}
		else
		{
			::sprintf_s(szSoftWare, 1024, "\"%s\"", pAppFullFileName);
		}

		//目錄工作路徑
		char szProgrammeWorkPath[MAX_PATH] = { 0 };
		::strcpy_s(szProgrammeWorkPath, MAX_PATH - 1, pAppFullFileName);//+1,從c:\..開始
		if (::strchr(szProgrammeWorkPath, ':') != NULL &&
			::strrchr(szProgrammeWorkPath, '\\') != NULL)
		{
			(_tcsrchr(szProgrammeWorkPath, '\\'))[1] = 0;
		}

		TCHAR szUsername[MAX_PATH];
		TCHAR para[MAX_PATH] = { 0 };
		TCHAR szUsernamePath[MAX_PATH];
		DWORD dwUsernameLen = MAX_PATH;
		DWORD UsernamePathSize = ARRAYSIZE(szUsernamePath);
		//獲取到當前使用者路徑
		if (!GetUserProfileDirectory(hToken, szUsernamePath, &UsernamePathSize))
		{
			return FALSE;
		}

		BOOL bResult = FALSE;
		PROCESS_INFORMATION pi = { 0 };
		STARTUPINFO         si;
		ZeroMemory(&si, sizeof(STARTUPINFO));
		si.cb = sizeof(STARTUPINFO);
		si.dwFlags = STARTF_USESHOWWINDOW;
		si.lpDesktop = "winsta0\\default";

		LPVOID environment;
		BOOL blockRet = CreateEnvironmentBlock(&environment, hToken, FALSE);
		if (!blockRet)
		{
			return NULL;
		}
		else
		{
			DWORD creationFlags = NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW | CREATE_UNICODE_ENVIRONMENT;
			bResult = CreateProcessAsUser(
				hToken,
				NULL,
				szSoftWare,
				NULL,
				NULL,
				FALSE,
				creationFlags,
				environment,
				szProgrammeWorkPath,
				&si,
				&pi
			);
			if (bResult && pi.hProcess != INVALID_HANDLE_VALUE)
			{
				bRet = TRUE;
				//WaitForSingleObject(pi.hProcess, INFINITE);
				CloseHandle(pi.hProcess);
			}
			else
			{
				int nErrorCode = GetLastError();
				bRet = FALSE;
			}
			if (pi.hThread != INVALID_HANDLE_VALUE)
			{
				CloseHandle(pi.hThread);
			}
			DestroyEnvironmentBlock(environment);
		}

		CloseHandle(hToken);
	}

	return bRet;
}

//測試程式碼
BOOL  bRet = StartProcessBySysService("C:\\Windows\\system32\\calc.exe",NULL);