Clarification on calling CreateProcessAsUser with command line parameters using C++

Question

I'm somewhat confused about the proper way of calling CreateProcessAsUser with command line parameters. So without going into details of filling out the rest of its parameters, can someone confirm that this is how it should be done? (In other words, should I put the exe file path as the first command line parameter, or specifying it as lpApplicationName is enough?)

LPCTSTR pExePath = L"c:\\program files\\sub dir\\program.exe";
LPCTSTR pCmdLine = L"v=\"one two\"";

TCHAR buff[MAX_PATH];
StringCchCopy(buff, MAX_PATH, _T("\""));
StringCbCat(buff, MAX_PATH, pExePath);
StringCbCat(buff, MAX_PATH, _T("\" "));
StringCbCat(buff, MAX_PATH, pCmdLine);

CreateProcessAsUser(hToken, pExePath, buff, NULL, NULL, FALSE, dwFlags, NULL, NULL, &si, &pi);

Answer 1

If 2nd param to CreateProcessAsUser is NULL, then the module name must be the first white space–delimited token in the 3rd param.

If 2nd param to CreateProcessAsUser is not NULL, then it will be taken as the executable to execute. In this case, the 3rd param can either be

a) "EXENAME p1 p2"

or it can be

b) "p1 p2"

If you chose a), then the child process will have the following

argv[0] --> EXENAME

argv[1] --> p1

argv[2] --> p2

If you chose b), then the child process will have

argv[0] --> p1

argv[1] --> p2

Either way, the process to be executed would be EXENAME (the 2nd param to CreateProcessAsUser). The called process however should be aware of the way command line arguments are going to be coming in.

If you use b), you also have the option of passing 2nd param to CreateProcessAsUser as NULL.