windows - How to get a process file name from pid, if OpenProcess() fails with ACCESS_DENIED?

Question

Welcome To Ask or Share your Answers For Others

windows - How to get a process file name from pid, if OpenProcess() fails with ACCESS_DENIED?

asked Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

windows - How to get a process file name from pid, if OpenProcess() fails with ACCESS_DENIED?

I'm trying to get a process name from its pid. User is running as Administrator, UAC enabled, not elevated.

Some system processes, like services.exe, have their security set up in such way that OpenProcess(PROCESS_QUERY_INFORMATION ... fails with ERROR_ACCESS_DENIED. Same result with PROCESS_QUERY_LIMITED_INFORMATION access right. However, I can see that Process Explorer can at least list all these processes, along with their pid and file name (when running as non-elevated Administrator).

My question is, how can I do the same (get file name from pid), given that non-elevated administrator cannot follow the usual route of OpenProcess() + GetProcessImageFileName()?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Answer

深蓝 · Answer 1 · 2021-10-23T20:00:52+0000

Have you tried Process32First() and Process32Next() with a handle retrieved by CreateToolhelp32Snapshot()? It doesn't give you the full path but should at least let you get the file name.

Categories

windows - How to get a process file name from pid, if OpenProcess() fails with ACCESS_DENIED?

windows - How to get a process file name from pid, if OpenProcess() fails with ACCESS_DENIED?

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags