;   printf( "MakeAbsoluteSD() = %d\n", GetLastError() );

        bError = TRUE;
        goto Cleanup;
      }
    }
    else
    {
      printf( "MakeAbsoluteSD() = %d\n", GetLastError() );

      bError = TRUE;
      goto Cleanup;
    }
  }

  //
  // 将具有所有访问权限的访问控制列表 pNewDAcl 加入到新的
  // 安全描述符 pNewSd 中
  //
  if ( !SetSecurityDescriptorDacl( pNewSd, bDAcl, pNewDAcl, bDefDAcl ) )
  {
    printf( "SetSecurityDescriptorDacl() = %d\n", GetLastError() );

    bError = TRUE;
    goto Cleanup;
  }

  //
  // 将新的安全描述符加到 TOKEN 中
  //
  if ( !SetKernelObjectSecurity( hToken, DACL_SECURITY_INFORMATION, pNewSd ) )
  {
    printf( "SetKernelObjectSecurity() = %d\n", GetLastError() );

    bError = TRUE;
    goto Cleanup;
  }

  //
  // 再次打开 WINLOGON 进程的 TOKEN，这时已经具有所有访问权限
  //
  if ( !OpenProcessToken( hProcess, TOKEN_ALL_ACCESS, &hToken ) )
  {
    printf( "OpenProcessToken() = %d\n", GetLastError() );  

    bError = TRUE;
    goto Cleanup;
  }

  //
  // 复制一份具有相同访问权限的 TOKEN
  //
  if ( !DuplicateTokenEx( hToken,
                          TOKEN_ALL_ACCESS,
                          NULL,
                          SecurityImpersonation,
                          TokenPrimary,
                          &hNewToken ) )
  {
    printf( "DuplicateTokenEx() = %d\n", GetLastError() );  

    bError = TRUE;
    goto Cleanup;
  }


  ZeroMemory( &si, sizeof( STARTUPINFO ) );
  si.cb = sizeof( STARTUPINFO );

  //