Menu
I'm trying to get a process name from its pid. User is running as Administrator, UAC enabled, not elevated.
Some system processes, like services.exe, have their security set up in such way that OpenProcess(PROCESS_QUERY_INFORMATION ... fails with ERROR_ACCESS_DENIED. Same result with PROCESS_QUERY_LIMITED_INFORMATION access right. However, I can see that Process Explorer can at least list all these processes, along with their pid and file name (when running as non-elevated Administrator).
My question is, how can I do the same (get file name from pid), given that non-elevated administrator cannot follow the usual route of OpenProcess() + GetProcessImageFileName()?
656
Have you tried Process32First() and Process32Next() with a handle retrieved by CreateToolhelp32Snapshot()? It doesn't give you the full path but should at least let you get the file name.
50
Have you tried PROCESS_QUERY_LIMITED_INFORMATION instead? It requests a lower level of access that can provide at least the name of the executable. It allows you to call QueryFullProcessImageName which provides the information you're looking for
45
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
