unit Unit1;interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;const
LOGON_WITH_PROFILE = 1;
LOGON_NETCREDENTIALS_ONLY = 2;function CreateProcessWithLogon(
lpUsername: PWChar;
lpDomain: PWChar;
lpPassword: PWChar;
dwLogonFlags: DWORD;
lpApplicationName: PWChar;
lpCommandLine: PWChar;
dwCreationFlags: DWORD;
lpEnvironment: Pointer;
lpCurrentDirectory: PWChar;
const lpStartupInfo: TStartupInfo;
var lpProcessInfo: TProcessInformation
): BOOL; stdcall;type
TForm1 = class(TForm)
Button1: TButton;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;var
Form1: TForm1;implementation
{$R *.dfm}
function CreateProcessWithLogon; external advapi32 name ‘CreateProcessWithLogonW’;
procedure TForm1.Button1Click(Sender: TObject);
var
wUsername, wDomain, wPassword, wApplicationName: WideString;
pwUsername, pwDomain, pwPassword, pwApplicationName: PWideChar;
StartupInfo: TStartupInfo;
ProcessInfo: TProcessInformation;
begin
wUsername := ‘administrator’;
wDomain := “;
wPassword := ‘123456’;
wApplicationName := ‘cmd.exe’;
pwUsername := Addr(wUsername[1]);
pwDomain := Addr(wDomain[1]);
pwPassword := Addr(wPassword[1]);
pwApplicationName := Addr(wApplicationName[1]);FillChar(StartupInfo, SizeOf(TStartupInfo), 0);
StartupInfo.cb := SizeOf(TStartupInfo);
if not CreateProcessWithLogon(pwUsername,pwDomain,pwPassword,LOGON_WITH_PROFILE,
pwApplicationName,nil,CREATE_DEFAULT_ERROR_MODE,
nil,nil,StartupInfo,ProcessInfo) then
RaiseLastOSError;
end;end.
可帶入其他使用者的Profile,使用上比LogonUser、CreateProcessAsUser簡單,省去設定SE_TCB_NAME privilege
