On Vista, Enum Processes got issue with UAC enabled RRS feed

  • Question

  • Hi,

    A normal user launched an application with administrator privilege, and in this program, I try to get a specified process'  handle, which will be used in a waitting function, the code looks as following:

    HANDLE GetProcessHandle(const char* appName)
     HANDLE hProcessRet = NULL;

      DWORD aProcesses[1024], cbNeeded, cProcesses;

      if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
       return NULL;
      // Calculate how many process identifiers were returned.
      cProcesses = cbNeeded / sizeof(DWORD);

      // find the process.
      for (unsigned int i = 0; i < cProcesses; i++ ){
       char szProcessName[MAX_PATH] = "unknown";
       HANDLE hProcess = OpenProcess(
        FALSE, aProcesses[ i ]);
       // Get the process name.
       if ( hProcess )
        HMODULE hMod;
        DWORD cbNeeded;
        if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod),
         &cbNeeded) )
         GetModuleBaseName( hProcess, hMod, szProcessName,
          sizeof(szProcessName) );
       if(strcmp(appName, szProcessName) == 0)
        hProcessRet = hProcess;
       CloseHandle( hProcess );

     return hProcessRet;

    In debugging, I found the issue caused by API call "OpenProcess" -- the returned process handles all are "NULL". Which access flag should I use?

    Any help will be greatly appreciated!

    Raul Zhang

    Thursday, March 22, 2007 8:32 AM

All replies

  • If all you want to do is wait on the process to finish, SYNCHRONIZE access is all you need.
    Note that if the unelevated process started the elevated one, it may already have its handle (SHELLEXECUTEINFO::hProcess).

    Thursday, March 22, 2007 10:49 PM
  • Thanks for your reply! But it also can't work fine.

    Consider below situation:

    A normal user runs some applications; a program is launched with "run as administrator"; and the designer wants to do wait in this program: to wait another applications, some are launched by normal user, and some launched by administrator, how do you do?

    I have tested above code with "SYNCHRONIZE" set as parameter of "OpenProcess", but it fails.

    The issues exist here: administrator can only enum his processes in above code. But in windows standard application "task monitor", there is a check box which can be used for viewing and managing all processes on machine. Should I do accout/privilege change here to get waitable handle of the normal user's process?

    Friday, March 23, 2007 9:16 AM
  • The OpenProcess may fail on some processes (like services).

    You could ignore these failures.

    I expect the call to succeed for processes running under the same LogonSID (i.e. for most processes running as users in the same TS session).

    By the way, you'll need PROCESS_QUERY_INFORMATION | PROCESS_VM_READ as well to enumerate the modules (and this will fail from a standard user process when targetting an admin process).

    Wednesday, April 4, 2007 1:35 AM