locked
Required process rights to get its token RRS feed

  • Question

  • As I have read in MSDN, you need to call OpenProcess with PROCESS_QUERY_INFORMATION access rights in order to get its token with OpenProcessToken. After trying several combinations, I've found, that PROCESS_QUERY_LIMITED_INFORMATION whould be enough; the more so: the former requires elevation, while the latter is granted with standard rights. But you've got to have at least PROCESS_QUERY_INFORMATION in previous Windows versions!

    If someone knows why that is so, please explain Smile Thank you.

    Monday, March 26, 2007 11:57 PM

Answers

  • Not everything PROCESS_QUERY_INFORMATION allowed was safe from a UAC perspective (from the non-elevated version of the user targetting the elevated one).

    PROCESS_QUERY_LIMITED_INFORMATION was introduced in Vista to include the safe queries.

    Wednesday, April 4, 2007 5:06 PM

All replies

  • Not everything PROCESS_QUERY_INFORMATION allowed was safe from a UAC perspective (from the non-elevated version of the user targetting the elevated one).

    PROCESS_QUERY_LIMITED_INFORMATION was introduced in Vista to include the safe queries.

    Wednesday, April 4, 2007 5:06 PM
  • A-ha! Thanks... They should've written it more, hmm, explicitly in MSDN.

    I now see it was written there, about it being introduced in Vista, but at the very bottom Smile

    Wednesday, April 4, 2007 7:27 PM
  • Hi all,

     

      I tried this in Vista and it works only for typical processes, how can I get the process name for all processes (typical or protected) in Vista using this new Vista API, or any other means? I also tried the PERFORMANCE_DATA registry hive, it works only if UAC is off, when running under regular user or admin with UAC on, the RegQueryValueEx( HKEY_PERFORMANCE_DATA...  will return error code indicates access denied.

     

      According to this doc, Protected Processes(http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/process_Vista.doc)  it's allowed to get PROCESS_QUERY_LIMITED_INFORMATION access right on a protected process and I assume that I can use QueryFullProcessImageName() to get the process name. however, for all the protected processes the OpenProcess reutun NULL in Vista. Basically, I can only get current users process handle or some of the "LOCAL SERVICE"'s process handle.

     

      I am trying to use the process IDs getting from EnumProcesses() and retrieve the process name.

     

      Here is the sample code after passing in a PID (processID)

     

    HANDLE hProcess = OpenProcess( PROCESS_QUERY_LIMITED_INFORMATION,FALSE, processID );

    if( NULL != hProcess )

    {

        LPTSTR lpExeName[MAX_PATH];

        DWORD dwSize = MAX_PATH;

        DWORD dwFlags = 0;

        if(QueryFullProcessImageName(hProcess,dwFlags,(LPTSTR)lpExeName,&dwSize))

        {

            _tprintf( TEXT("Get ProcessImageName for (PID: %u)|%s\n"), processID,lpExeName);

        }

    }

     

    any help would be appreicated.

     

     

     

    Thanks

     

    Thursday, April 26, 2007 9:51 PM
  • Never mind. I found solution using tlhelp32, CreateToolhelp32Snapshot() which works fine in Vista and serves my purpose.

     

     

    Thanks

    Friday, April 27, 2007 4:21 AM