创建任意进程,父进程为explorer.exe
#include "stdafx.h" #include <windows.h> #include <shlwapi.h> #include <shlobj.h> #pragma comment(lib, "shlwapi.lib") // use the shell view for the desktop using the shell windows automation to find the // desktop web browser and then grabs its view // // returns: // IShellView, IFolderView and related interfaces HRESULT GetShellViewForDesktop(REFIID riid, void **ppv) { *ppv = NULL; IShellWindows *psw; HRESULT hr = CoCreateInstance(CLSID_ShellWindows, NULL, CLSCTX_LOCAL_SERVER, IID_PPV_ARGS(&psw)); if (SUCCEEDED(hr)) { HWND hwnd; IDispatch* pdisp; VARIANT vEmpty = {}; // VT_EMPTY if (S_OK == psw->FindWindowSW(&vEmpty, &vEmpty, SWC_DESKTOP, (long*)&hwnd, SWFO_NEEDDISPATCH, &pdisp)) { IShellBrowser *psb; hr = IUnknown_QueryService(pdisp, SID_STopLevelBrowser, IID_PPV_ARGS(&psb)); if (SUCCEEDED(hr)) { IShellView *psv; hr = psb->QueryActiveShellView(&psv); if (SUCCEEDED(hr)) { hr = psv->QueryInterface(riid, ppv); psv->Release(); } psb->Release(); } pdisp->Release(); } else { hr = E_FAIL; } psw->Release(); } return hr; } // From a shell view object gets its automation interface and from that gets the shell // application object that implements IShellDispatch2 and related interfaces. HRESULT GetShellDispatchFromView(IShellView *psv, REFIID riid, void **ppv) { *ppv = NULL; IDispatch *pdispBackground; HRESULT hr = psv->GetItemObject(SVGIO_BACKGROUND, IID_PPV_ARGS(&pdispBackground)); if (SUCCEEDED(hr)) { IShellFolderViewDual *psfvd; hr = pdispBackground->QueryInterface(IID_PPV_ARGS(&psfvd)); if (SUCCEEDED(hr)) { IDispatch *pdisp; hr = psfvd->get_Application(&pdisp); if (SUCCEEDED(hr)) { hr = pdisp->QueryInterface(riid, ppv); pdisp->Release(); } psfvd->Release(); } pdispBackground->Release(); } return hr; } HRESULT ShellExecInExplorerProcess(PCWSTR pszFile) { IShellView *psv; HRESULT hr = GetShellViewForDesktop(IID_PPV_ARGS(&psv)); if (SUCCEEDED(hr)) { IShellDispatch2 *psd; hr = GetShellDispatchFromView(psv, IID_PPV_ARGS(&psd)); if (SUCCEEDED(hr)) { BSTR bstrFile = SysAllocString(pszFile); hr = bstrFile ? S_OK : E_OUTOFMEMORY; if (SUCCEEDED(hr)) { VARIANT vtEmpty = {}; // VT_EMPTY hr = psd->ShellExecuteW(bstrFile, vtEmpty, vtEmpty, vtEmpty, vtEmpty); SysFreeString(bstrFile); } psd->Release(); } psv->Release(); } return hr; } int _tmain(int argc, _TCHAR* argv[]) { HRESULT hr = CoInitializeEx(NULL, COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE); if (SUCCEEDED(hr)) { ShellExecInExplorerProcess(L"calc.exe"); CoUninitialize(); } return 0; }