//Function to run a process as active user from Windows servicevoidImpersonateactiveuserandrun () {DWORD session_id= -1; DWORD Session_count=0; Wts_session_infoa*psession =NULL; if(Wtsenumeratesessions (Wts_current_server_handle,0,1, &psession, &Session_count)) {printf ("psession=====%d\n", psession); printf ("session_count=====%d\n", Session_count); } Else{printf ("wtsenumeratesessions ===============failed \ n"); return; } for(DWORD i =0; i < Session_count; i++) {session_id=Psession[i]. SessionId; printf ("session_id=====%d\n", session_id); Wts_connectstate_class wts_connect_state=wtsdisconnected; Wts_connectstate_class* Ptr_wts_connect_state =NULL; DWORD bytes_returned=0; if(:: Wtsquerysessioninformation (Wts_current_server_handle, session_id, Wtsconnectstat E, reinterpret_cast<LPTSTR*> (&ptr_wts_connect_state),&bytes_returned)) {Wts_connect_state= *ptr_wts_connect_state; :: Wtsfreememory (Ptr_wts_connect_state); printf ("wts_connect_state=====%d\n", wts_connect_state); //if (wts_connect_state! = wtsactive) continue; } Else{printf ("wtsquerysessioninformation ===============failed \ n"); Continue; } HANDLE Himpersonationtoken=0; BOOL BRet= Wtsqueryusertoken (session_id, &Himpersonationtoken); if(BRet = =false) {printf ("wtsqueryusertokenerror:%d\n", GetLastError ()); } printf ("himpersonationtoken=====%d\n", Himpersonationtoken); //Get Real token from impersonation tokenDWORD neededSize1 =0; HANDLE*realtoken =NewHANDLE; if(GetTokenInformation (Himpersonationtoken, (:: Token_information_class) Tokenlinkedtoken, RealToken,sizeof(HANDLE), &neededSize1)) {CloseHandle (Himpersonationtoken); Himpersonationtoken= *Realtoken; } Else { //Log Error Continue; } }}
This function has dead end, to be debugged is almost the same--impersonateactiveuserandrun