locked
EnumProcessModules failed with ERROR_ACCESS_DENIED error code??

    Question

  • Hi All,

    I wish to find the Name of the Application at the time of Process creation. I got the exact ProcessId at the time of creation, but not getting the correct Process Name. I m opening a Notepad from the shortcut in Desktop, and I passed the ProcessId to a function then the Process Name returned is "<unknown>", EnumProcessModules() failed with error code ERROR_ACCESS_DENIED. Anyone pls send me the solution to overcome this problem. In 32 bit OS like Windows XP, Windows7, Windows 2003server, it worked successfully. But in Vista, I got these problems. The code I m using is follows:

    CString GetNameOfProcess(DWORD dProcessID)
    {
        TCHAR tcProcName[260] = TEXT("<unknown>");

        HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS | PROCESS_VM_READ, FALSE, dProcessID );
        // Get the name of the process ..
        if !hProcess )
        {
            HMODULE hModul;
            DWORD cbNeeded;

            if(EnumProcessModules(hProcess, &hModul, sizeof(hModul), &cbNeeded))
            {
                GetModuleBaseName(hProcess, hModul, tcProcName, sizeof(tcProcName)/sizeof(TCHAR));
            }
            else
            {
                 OutputDebugString("EnumProcessModules failed ..");
                 DWORD dLastErr = GetLastError();
                 CString strErrr;
                 strErrr.Format("GetLastError of EnumProcessModules is: %ld",dLastErr);
                 OutputDebugString(strErrr);
             }
        }

        CString csProcessName(tcProcName);
        CloseHandle(hProcess);
        //
        return csProcessName;
    }

    Thanks in advance...

    Raj.


    • Edited by R-V-R Thursday, October 13, 2011 6:16 AM
    Thursday, October 13, 2011 6:14 AM

Answers

  • Have you tried it with the local administrative account / or as elevated process in Vista / 7 to be sure it is a "software problem" (some type of wrong used API) and not a problem of insufficient access rights?

    for me it is very strange that Win 7 works and Vista not!

    • Edited by Bordon Thursday, October 13, 2011 12:33 PM
    • Marked as answer by R-V-R Thursday, October 20, 2011 5:58 AM
    Thursday, October 13, 2011 12:32 PM

All replies

  • Does it work if you change the first parameter of OpenProcess to PROCESS_QUERY_INFORMATION | PROCESS_VM_READ?

    Thursday, October 13, 2011 7:09 AM
  • No, it didn't work.

    I got the same problem when I changed the first parameter of OpenProcess to PROCESS_QUERY_INFORMATION | PROCESS_VM_READ. If you have any solution then pls send me.

    Thanks for your reply..

    Raj.

    Thursday, October 13, 2011 12:19 PM
  • Have you tried it with the local administrative account / or as elevated process in Vista / 7 to be sure it is a "software problem" (some type of wrong used API) and not a problem of insufficient access rights?

    for me it is very strange that Win 7 works and Vista not!

    • Edited by Bordon Thursday, October 13, 2011 12:33 PM
    • Marked as answer by R-V-R Thursday, October 20, 2011 5:58 AM
    Thursday, October 13, 2011 12:32 PM
  • Ok, You are Right.. Its because of some Software problem, and I corrected that problem. Now its working.. Thanks for your reply..

    But, sometimes I got the error code from EnumProcessModules() is ERROR_PARTIAL_COPY, why this is happening? pls send any solution..

    Raj.

    Friday, October 14, 2011 4:42 AM