CODEWITHSUNDEEP
c++visual-studio-2012
someone_ smiley
someone_ smiley

Reputation: 1066

C++ OpenProcess success with Admin Privilege IDE but failed when execute in Admin CMD

I'm trying to fix a problem where my program is unable to the get Process Path by process ID (csrss.exe).

Below is my simplest reproducible C++ code on Visual Studio 2012:

#include "stdafx.h"
#include <iostream>
#include <psapi.h>


int get_proc_path_by_id(const DWORD dwProcID, TCHAR* procPath)
{
    HANDLE h = ::OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION , FALSE, dwProcID);

    if (h)
    {
        if (::GetProcessImageFileName(h, procPath, MAX_PATH))
        {
            return ERROR_SUCCESS;
        }
        else
        {
            return GetLastError();
        }
    }
    else
    {
        return GetLastError();
    }
}

int _tmain(int argc, _TCHAR* argv[])
{
    DWORD procID = 1256; // csrss.exe ProcID

    TCHAR procPath[MAX_PATH];

    int procPathErrorCode = get_proc_path_by_id(procID, procPath);
    if(procPathErrorCode == ERROR_SUCCESS)
    {
        std::wcout << procPath;
    }
    else
    {
        std::cout  << "Failed with error code : " << procPathErrorCode;
    }

    return 0;
}

I'm testing this program with Process "csrss.exe" as the original code in my product was tested with this process.

I'm able to get the process path when running the code with Admin Privilege Visual Studio 2012.

enter image description here

But When I open a command prompt with Admin Privilege and run this executable, the function get_proc_path_by_id return error code "5" (Access Violation).

enter image description here

How can I get the program able to get the process path using Admin CMD?

Upvotes: 0

Views: 406

Answers (1)

3CxEZiVlQ
3CxEZiVlQ

Reputation: 38341

IMHO it is clearly enough documented in the OpenProcess manual

If the specified process is the Idle process or one of the CSRSS processes, this function fails and the last error code is ERROR_ACCESS_DENIED because their access restrictions prevent user-level code from opening them.

The command prompt with Admin Privilege is a user-level application.

Additionally, this manual has the remarks

To open a handle to another local process and obtain full access rights, you must enable the SeDebugPrivilege privilege. For more information, see Changing Privileges in a Token.

Namely Visual Studio 2012 with Admin Privilege is running with the SeDebugPrivilege privilege.

Upvotes: 1

Related Questions