CODEWITHSUNDEEP
c#process
Christián Szeman
Christián Szeman

Reputation: 65

System.ComponentModel.Win32Exception (0x80004005): Access is denied

I have this struct with a method GetParentProcess(IntPtr handle) for returning Parent process by passing handle. 

[StructLayout(LayoutKind.Sequential)]
public struct ParentProcessUtilities
{

    internal IntPtr Reserved1;
    internal IntPtr PebBaseAddress;
    internal IntPtr Reserved2_0;
    internal IntPtr Reserved2_1;
    internal IntPtr UniqueProcessId;
    internal IntPtr InheritedFromUniqueProcessId;

    [DllImport("ntdll.dll")]
    public static extern int NtQueryInformationProcess(IntPtr processHandle, int processInformationClass, ref ParentProcessUtilities processInformation, int processInformationLength, out int returnLength);


    public static Process GetParentProcess()
    {
        return GetParentProcess(Process.GetCurrentProcess().Handle);
    }


    public Process GetParentProcess(int id)
    {
        Process process = Process.GetProcessById(id);
        return GetParentProcess(process.Handle);
    }


    public static Process GetParentProcess(IntPtr handle)
    {
        ParentProcessUtilities pbi = new ParentProcessUtilities();
        int returnLength;
        int status = NtQueryInformationProcess(handle, 0, ref pbi, Marshal.SizeOf(pbi), out returnLength);
        if (status != 0)
            throw new Win32Exception(status);

        try
        {
            return Process.GetProcessById(pbi.InheritedFromUniqueProcessId.ToInt32());
        }
        catch (ArgumentException)
        {

            return null;
        }
    }
}

Everything is working fine until i get on process "smss.exe". When i want to get parent of that process it throws me this exception 

 Unexpected exception : System.ComponentModel.Win32Exception (0x80004005): Access is denied
   at System.Diagnostics.ProcessManager.OpenProcess(Int32 processId, Int32 access, Boolean throwIfExited)
   at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited)
   at System.Diagnostics.Process.OpenProcessHandle(Int32 access)
   at System.Diagnostics.Process.get_Handle()

I am running application with admin privileges. Thanks for help

Upvotes: 1

Views: 4319

Answers (1)

Ondrej Tucny
Ondrej Tucny

Reputation: 27974

smss.exe is the Session Manager Subsystem, see this Wikipedia article for detailed information. It is the first user-mode process started by the Windows kernel and performs many privileged operations. Hence, your ordinary process won't have access to manage this process, thus the “Access is denied” exception.

Upvotes: 1

Related Questions