BOOL CImageUtility::CreateMediumIntegrityProcess(PCTSTR pszApplicationName, PTSTR pszCommandLine, PPROCESS_INFORMATION pPI, BOOL bShowWnd) { BOOL bRet = FALSE; CAccessToken ProcToken; CAccessToken PrimaryToken; PSID pSid = NULL; STARTUPINFO si = { sizeof(si) }; if (!ProcToken.GetEffectiveToken(TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT | TOKEN_QUERY | TOKEN_ASSIGN_PRIMARY)) { goto FUNC_EXIT; } if (!ProcToken.CreatePrimaryToken(&PrimaryToken)) { goto FUNC_EXIT; } TCHAR szIntegritySid[20] = _T("S-1-16-8192"); ConvertStringSidToSid(szIntegritySid, &pSid); TOKEN_MANDATORY_LABEL TIL; TIL.Label.Attributes = SE_GROUP_INTEGRITY; TIL.Label.Sid = pSid; if (!SetTokenInformation(PrimaryToken.GetHandle(), (TOKEN_INFORMATION_CLASS)TokenIntegrityLevel, &TIL, sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(pSid))) { goto FUNC_EXIT; } GetStartupInfo(&si); si.dwFlags = si.dwFlags|STARTF_USESHOWWINDOW; si.wShowWindow = SW_HIDE; bRet = CreateProcessAsUser(PrimaryToken.GetHandle(), pszApplicationName, pszCommandLine, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, pPI); FUNC_EXIT: if (pSid != NULL) { LocalFree(pSid); } if (!bRet) { bRet = CreateProcess(pszApplicationName, pszCommandLine, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, pPI); } return bRet; }