Menu
Say, if I created a process using CreateProcess or CreateProcessAsUser APIs, does it means that calling TerminateProcess(PROCESS_INFORMATION.hProcess) will always kill that process no matter what context my host process is running in (low privileged user, built-in Guest, etc)?
601
I haven't tested it, but according the documentation you should always be able to successfully terminate process using the handle returned in the PROCESS_INFORMATION. In Windows security model permissions are normally only checked against the handle being used, nothing else. According to the MSDN documentation on Process Security and Access Rights:
The handle returned by the CreateProcess function has PROCESS_ALL_ACCESS access to the process object.
The documentation for CreateProcessAsUser supports this with:
This security descriptor may not allow access for the caller, in which case the process may not be opened again after it is run. The process handle is valid and will continue to have full access rights.
The only permission requirement givein in the documentation for TerminateProcess is:
The handle must have the PROCESS_TERMINATE access right.
So any handle return by CreateProcess and CreateProcessAsUser should have necessary and sufficient access-rights to allow killing the new process using TerminateProcess.
85
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
