VC UAC for win7

typedef BOOL (CALLBACK * PWTSQueryUserToken)(ULONG SessionId, PHANDLE phToken);

BOOL DSCreateProcess(DWORD flags, DWORD session, LPCTSTR lpApplicationName, LPTSTR lpCommandLine,
        LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes,
        BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCTSTR lpCurrentDirectory,
        LPSTARTUPINFO lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
{
 DWORD Error;
 DWORD SessId = 0;
 BOOL bQueryed = FALSE;
 HANDLE hToken = NULL;
 PWTSQueryUserToken pWTSQueryUserToken;
 FARPROC pQuery = GetProcAddress(GetModuleHandle("Wtsapi32.dll"), "WTSQueryUserToken");
 pWTSQueryUserToken = (PWTSQueryUserToken)pQuery;

 if ((flags & CPIF_SESSION) != 0 &&
  bQueryed == FALSE && pWTSQueryUserToken != NULL) {
  bQueryed = pWTSQueryUserToken(session, &hToken);
  //DS_ASSERT(bQueryed != FALSE || ERROR_NO_TOKEN == GetLastError());
  SessId = session;
 }
 
 if ((flags & CPIF_SESSION) != 0 && bQueryed == FALSE) {
  Error = GetActiveLogonSession(&SessId, &hToken, session, TRUE);
  bQueryed = (Error == ERROR_SUCCESS);
 }

 if (bQueryed == FALSE && (CPIF_FIXEDSESS & flags)) {
  Error = ERROR_TIMEOUT;
  return FALSE;
 }

 while (bQueryed == FALSE) {
  Error = GetActiveSession(&SessId);
  if (Error == ERROR_SUCCESS) {
   if (pWTSQueryUserToken != NULL) {
    bQueryed = pWTSQueryUserToken(SessId, &hToken);
    gLogger.info("WTSQueryUserToken: %d %d, hToken %p\n", GetLastError(), bQueryed, hToken);
    break;
   }
   
   Error = GetActiveLogonSession(&SessId, &hToken, session, TRUE);
   if (Error == ERROR_SUCCESS) {
    /* Only for Windows 2000! */
    bQueryed = TRUE;
    break;
   }
  }
  
  if (Error != ERROR_NOT_LOGON_PROCESS) {
   /* Terminal Service is not running! */
   //DS_ASSERT(Error == RPC_S_INVALID_BINDING);
   Error = GetActiveLogonSession(&SessId, &hToken, session, FALSE);
   bQueryed = (Error == ERROR_SUCCESS);
   break;
  }

  break;
 }

 if (bQueryed == FALSE &&
  ((CPIF_SYSTEM| CPIF_INTERACITVE) & flags) == CPIF_SYSTEM) {
  BOOL created = CreateProcess(lpApplicationName, lpCommandLine,
   lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags,
   lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation);
  return created;
 }
 
 if (bQueryed != FALSE &&
  (CPIF_SYSTEM & flags) == CPIF_SYSTEM) {
  BOOL bSuccess;
  HANDLE hDuplicatedToken = NULL;

  CloseHandle(hToken);
  bSuccess = OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken);
  if (bSuccess == FALSE) {
   return FALSE;
  }
  
  bSuccess = DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL,
   SecurityIdentification, TokenPrimary, &hDuplicatedToken);
  CloseHandle(hToken);

  if (bSuccess == FALSE) {
   return FALSE;
  }

  hToken = hDuplicatedToken;
  bSuccess = SetTokenInformation(hDuplicatedToken, TokenSessionId, (void*)&SessId, sizeof(SessId));
  if (bSuccess == FALSE) {
   CloseHandle(hToken);
   return FALSE;
  }
 }

#if 0
 LUID luid;
 TOKEN_PRIVILEGES tp;
 if ( LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid) ) {
  tp.PrivilegeCount = 1;
  tp.Privileges[0].Luid = luid;
  tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
  AdjustTokenPrivileges(hDuplicatedToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, NULL);
 }
#endif
 
 if (bQueryed != FALSE) {
  BOOL created = FALSE;
  HANDLE hDuplicatedToken = NULL;
  
  if (DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL,
   SecurityIdentification, TokenPrimary, &hDuplicatedToken) ) {
   created = CreateProcessAsUser(hDuplicatedToken, lpApplicationName, lpCommandLine,
    lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags,
    lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation);
   gLogger.info("CreateProcessAsUser token %p, error %d, created %d\n", hDuplicatedToken, GetLastError(), created);
   CloseHandle(hDuplicatedToken);
  }
  
  CloseHandle(hToken);
  return created;
 }

 return FALSE;
}

以高权限启动新进程

// 启动Shell 
OSVERSIONINFOEX OSVerInfo; 
OSVerInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX); 
if(!GetVersionEx((OSVERSIONINFO *)&OSVerInfo)) 
{ 
         OSVerInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); 
         GetVersionEx((OSVERSIONINFO *)&OSVerInfo); 
} 

TCHAR atszVerb[16]; 
if(OSVerInfo.dwMajorVersion >= 6) // Vista 以上 
{ 
         _tcscpy(atszVerb,_T("runas")); 
} 
else 
{ 
         _tcscpy(atszVerb,_T("")); 
} 

USES_CONVERSION; 

SHELLEXECUTEINFO se ; 
memset(&se,0,sizeof(SHELLEXECUTEINFO)); 
se.cbSize = sizeof(SHELLEXECUTEINFO); 
se.lpVerb = atszVerb; 
se.lpFile = W2T(m_bstrShellExe); 
se.lpParameters = atszBootCmd; 
se.nShow = SW_HIDE ; 
se.fMask = SEE_MASK_NOCLOSEPROCESS ; 

if(ShellExecuteEx(&se)) 
{ 
        // 启动成功 
} 
else 
{ 
        // 启动失败，可能UAC没有获得用户许可 
}