Kill already running process and launch new process with command line in restricted environment. RRS feed

  • Question

  • Hi,

    The title might be confusing, but I'll explain what I mean,

    1. I want create a process with different privileges and access rights. i.e with different token(restricted environment)

    2. I decide what processes to launch in restricted environment on the basis of command line of process.

    3. It is easy for me with the processes having command line associated with them

    4. But, real issue comes with the processes (excel.exe) those uses DDE (dynamic data exchange), who gets the command line from explorer as messages.

    5. So, I am not able to identify whether to launch this process in restricted environment or not.

    6. I tried hooking shellexecute, also tried of disabling DDE which solves problem but is not proper way of handling this issue.

    So,  can anyone suggest something? Sorry for long description and bad english. thanks

    Tuesday, May 31, 2016 5:08 AM


  • This is definitely not something to try in the kernel, in general trying to create a process from a kernel mode driver (the focus of this forum) is a fools errand. 

    You might look up the Detours package (search for Microsoft Research Detours) and see if that can give you the data you need.  This is a user space problem, I would ask further questions on one of the forums such as the Windows Desktop SDK forum.

    Don Burn Windows Driver Consulting Website:

    Tuesday, May 31, 2016 1:06 PM