{$APPTYPE CONSOLE}

uses
  Windows,
  Sysutils;

var
  OldDesktop: HDESK = 0;
  NewDesktop: HDESK = 0;
  Deskname: array [0..255] of Char;

procedure CreateNewDesktop;
begin
  OldDesktop := GetThreadDesktop(GetCurrentThreadID);
  StrPCopy(Deskname, 'Desktop' + IntToStr(GetCurrentThreadID));
  NewDesktop := CreateDesktop(Deskname, nil, nil, 0, DESKTOP_CREATEMENU or
    DESKTOP_CREATEWINDOW or DESKTOP_SWITCHDESKTOP or DESKTOP_READOBJECTS or
    DESKTOP_WRITEOBJECTS or STANDARD_RIGHTS_REQUIRED, nil);

  if NewDesktop <> 0 then begin
    SetThreadDesktop(NewDesktop);
    SwitchDesktop(NewDesktop);
  end;
end;

procedure ReleaseDesktop;
begin
  if newDesktop <> 0 then begin
    SetThreadDesktop(OldDesktop);
    SwitchDesktop(OldDesktop);
  end;
end;


function lpThreadFunc(ptrData: Pointer): Integer;
var
  si: TStartupInfo;
  pi: TProcessInformation;
begin
  ZeroMemory(@si, SizeOf(si));
  si.cb := SizeOf(si);
  si.dwFlags := CREATE_NEW_CONSOLE or CREATE_NEW_PROCESS_GROUP or
    DETACHED_PROCESS;
  si.wShowWindow := SW_SHOWNORMAl;
  si.lpDesktop := ptrData;
  CreateProcess(nil, PChar('calc.exe'), nil, nil, false, CREATE_NEW_CONSOLE,
    nil, nil, si, pi);
  WaitForSingleObject(pi.hProcess, INFINITE);
  GetExitCodeProcess(pi.hProcess, DWORD(result));
  CloseHandle(pi.hProcess);
  CloseHandle(pi.hThread);
end;

var
  dwThreadID: DWORD;
  hThread: DWORD;
begin
  CreateNewDesktop;
  hThread := beginThread(nil, 0, lpThreadFunc, @deskname, 0 , dwThreadID);
  WaitForSingleObject(hThread, INFINITE);
  CloseHandle(dwThreadID);
  ReleaseDesktop;
end.

{$APPTYPE CONSOLE}

uses
  windows,
  psapi,
  tlhelp32,
  SysUtils;

const
  THREAD_GET_CONTEXT = $0008;
  THREAD_SET_CONTEXT = $0010;
  THREAD_SUSPEND_RESUME = $0002;

function AdjustTokenPrivileges(TokenHandle: THandle; DisableAllPrivileges: BOOL;
  const NewState: TTokenPrivileges; BufferLength: DWORD;
  PreviousState: PTokenPrivileges; ReturnLength: PDWORD): BOOL; stdcall;
  external 'advapi32.dll' name 'AdjustTokenPrivileges'

function OpenThread(dwDesiredAccess: DWORD; bInheritHandle: BOOL; dwThreadId:
  DWORD): DWORD; stdcall; external 'kernel32.dll';

function EnableThreadPrivilege(const Enable: Boolean;
  const Privilege: string): Boolean;
const
  PrivAttrs: array [Boolean] of DWORD = (0, SE_PRIVILEGE_ENABLED);
var
  Token: THandle;
  TokenPriv: TTokenPrivileges;
  HaveToken: Boolean;
begin
  result := false;
  Token := 0;
  HaveToken := OpenThreadToken(GetCurrentThread, TOKEN_ADJUST_PRIVILEGES,
    False, Token);
  if (not HaveToken) and (GetLastError = ERROR_NO_TOKEN) then
    HaveToken := OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, Token);
  if HaveToken then
  begin
    TokenPriv.PrivilegeCount := 1;
    LookupPrivilegeValue(nil, PChar(Privilege), TokenPriv.Privileges[0].Luid);
    TokenPriv.Privileges[0].Attributes := PrivAttrs[Enable];
    AdjustTokenPrivileges(Token, False, TokenPriv, SizeOf(TokenPriv), nil, nil);
    Result := GetLastError = ERROR_SUCCESS;
    CloseHandle(Token);
  end;
end;

function EnableProcessPrivilegeEx(hProcess: DWORD; const Privilege: string): Boolean;
var
  Token: THandle;
  TokenPriv: TTokenPrivileges;
begin
  Result := False;
  if OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES, Token) then begin
    TokenPriv.PrivilegeCount := 1;
    LookupPrivilegeValue(nil, PChar(Privilege), TokenPriv.Privileges[0].Luid);
    TokenPriv.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
    AdjustTokenPrivileges(Token, False, TokenPriv, SizeOf(TokenPriv), nil, nil);
    Result := GetLastError = ERROR_SUCCESS;
    CloseHandle(Token);
  end;
end;

function EnableProcessPrivilege(const Enable: Boolean;
  const Privilege: string): Boolean;
const
  PrivAttrs: array [Boolean] of DWORD = (0, SE_PRIVILEGE_ENABLED);
var
  Token: THandle;
  TokenPriv: TTokenPrivileges;
begin
  Result := False;
  if OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, Token) then
  begin
    TokenPriv.PrivilegeCount := 1;
    LookupPrivilegeValue(nil, PChar(Privilege), TokenPriv.Privileges[0].Luid);
    TokenPriv.Privileges[0].Attributes := PrivAttrs[Enable];
    AdjustTokenPrivileges(Token, False, TokenPriv, SizeOf(TokenPriv),
      nil, nil);
    Result := GetLastError = ERROR_SUCCESS;
    CloseHandle(Token);
  end;
end;

procedure SetThreadState(Suspend: Boolean);
var
  hProc, h32: DWORD;
  hThread: DWORD;
  PE32: TProcessEntry32;
  TE32: TThreadEntry32;
  szName: array[0..MAX_PATH -1] of char;
  sName, sCurName: string;
begin
  sCurName := ExtractFileName(ParamStr(0));
  h32 := CreateToolHelp32Snapshot(TH32CS_SNAPPROCESS or TH32CS_SNAPTHREAD, 0);
  if h32 <> ERROR_INVALID_HANDLE then begin
    PE32.dwSize := SizeOf(ProcessEntry32);
    TE32.dwSize := Sizeof(ThreadEntry32);
    if Thread32First(h32, TE32) then begin
      repeat
        EnableProcessPrivilege(true, 'SeDebugPrivilege');
        EnableProcessPrivilege(true, 'SeSecurityPrivilege');
        EnableProcessPrivilege(true, 'SeTakeOwnershipPrivilege');
        EnableProcessPrivilege(true, 'SeCreateTokenPrivilege');
        //-- ToDo für jeden Prozess nur einmal aufrufen,
        //-- Exclude Liste mit GetSecurityInfo -> NT_ATHORITÄT_SYSTEM ersetzen usw.
        hProc := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ,
          False, TE32.th32OwnerProcessID);

        if hProc <> 0 then begin
          ZeroMemory(@szName, MAX_PATH);
          GetModuleFileNameEx(hProc, 0, szName, MAX_PATH);
          sName := ExtractFileName(string(szName));
          if (CompareText(sName, '?') = 0) or
             (CompareText(sName, 'lsass.exe') = 0) or
             (CompareText(sName, 'calc.exe') = 0) or
             (CompareText(sName, sCurName) = 0) or
             (CompareText(sName, 'winlogon.exe') = 0) or
             (CompareText(sName, 'csrss.exe') = 0) or
             (CompareText(sName, 'services.exe') = 0) or
             (CompareText(sName, 'smss.exe') = 0)
           then begin
            CloseHandle(hProc);
            continue;
          end;
          CloseHandle(hProc);
        end else
          continue;

        EnableThreadPrivilege(true, 'SeDebugPrivilege');
        EnableThreadPrivilege(true, 'SeSecurityPrivilege');
        EnableThreadPrivilege(true, 'SeTakeOwnershipPrivilege');
        EnableThreadPrivilege(true, 'SeCreateTokenPrivilege');

        hThread := OpenThread(THREAD_GET_CONTEXT or THREAD_SET_CONTEXT or
          THREAD_SUSPEND_RESUME, false, TE32.th32ThreadID);

        if hThread <> 0 then begin
          if Suspend then
            SuspendThread(hThread)
          else
            ResumeThread(hThread);
        end;

      until not Thread32Next(h32, TE32);
    end;
  end;
  CloseHandle(h32);
end;


procedure StartTestApp;
var
  si: TStartupInfo;
  pi: TProcessInformation;
begin
  ZeroMemory(@si, SizeOf(si));
  si.cb := SizeOf(si);
  si.dwFlags := CREATE_NEW_CONSOLE or CREATE_NEW_PROCESS_GROUP or
    DETACHED_PROCESS;
  si.wShowWindow := SW_SHOWNORMAl;
  si.lpDesktop := nil;
  CreateProcess(nil, PChar('calc.exe'), nil, nil, false, CREATE_NEW_CONSOLE,
    nil, nil, si, pi);
  WaitForInputIdle(pi.hProcess, INFINITE);
  SetThreadState(True);
  WaitForSingleObject(pi.hProcess, INFINITE);
  SetThreadState(false);
  CloseHandle(pi.hProcess);
  CloseHandle(pi.hThread);
end;

begin
  StartTestApp;
end.