Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

OpenProcess: access denied error only on Windows 8.1

Tags:

windows

winapi

windows-8.1

openprocess

I have a program which adjusts SeDebugPrivilege and then starts to iterate through system processes and calls OpenProcess for them (and does other stuff, but it's not important now). Also the program runs in administrator mode of course. On Windows XP and Windows 7 it works fine, but on Windows 8.1 OpenProcess fails for the following system processes with ERROR_ACCESS_DENIED(5): smss.exe, csrss.exe, services.exe. As I know with SeDebugPrivilege I should be able to open these processes and retrieve a handle for them. Does anybody have a clue, what kind of magic causes this error only on Windows 8.1?

(Anyway I have the same error with the same processes for CreateToolhelp32Snapshot)

like image 342
Zoltán Várnagy Avatar asked Feb 03 '15 16:02

Zoltán Várnagy

People also ask

How do I fix Access Denied on my computer?

Right-click the file or folder, and then click Properties. Click the Security tab. Under Group or user names, click your name to see the permissions that you have. Click Edit, click your name, select the check boxes for the permissions that you must have, and then click OK.

How do I fix Access Denied administrator?

Folder Access Denied as AdminIdentify the folder and right-click on it. From the menu, tap “Properties” to open a new screen. Navigate to “Security,” then select the admin account. Check the “Permissions” section to ensure that all permissions have been granted.

How do I bypass access denied CMD?

Go to the Start menu by clicking on the icon at the bottom-left corner of your screen. Type in “cmd” at the Search bar. Once the cmd option pops up, right-click on it then select Run as administrator. On the Command Prompt, type in “net user administrator /active: yes” then press Enter on your keyboard.

1 Answers

Windows 8.1 introduces the concept of a system protected process. This is documented in the context of third-party anti-malware software, but it seems reasonable to suppose that it is also used to protect particularly critical system processes.

System protected processes are an extension of the Protected Process mechanism (Microsoft Word document) introduced in Windows Vista as a DRM measure.

You cannot obtain any of these access rights for a protected process, even with debug privilege:

  • DELETE
  • READ_CONTROL
  • WRITE_DAC
  • WRITE_OWNER
  • PROCESS_CREATE_THREAD
  • PROCESS_DUP_HANDLE
  • PROCESS_QUERY_INFORMATION
  • PROCESS_SET_QUOTA
  • PROCESS_SET_INFORMATION
  • PROCESS_VM_OPERATION
  • PROCESS_VM_READ
  • PROCESS_VM_WRITE

You should still be able to open the process by requesting PROCESS_QUERY_LIMITED_INFORMATION access. According to the documentation, SYNCHRONIZE and PROCESS_TERMINATE access are also permitted.

like image 64
Harry Johnston Avatar answered Sep 19 '22 08:09

Harry Johnston
Sign in to Comment

Related questions

Is developing an iOS app using PhoneGap on Windows 7 possible?
VS2012 compiler Strange memory deallocation issues
Why python uppercases all environment variables in windows
Passing parameters to powershell script
Immortal process in Windows; no way to kill it
Removing NotifyIcon from the notification area
Call functions in AutoIt DLL using Python ctypes
Mount .iso file win windows 8 with a batch file [closed]
installing rmagick gem on windows
Using COM Exe Server w/o Registry in Win7
How do you merge two directories, or move with replace, from the windows command line without copying?
QT Creator 3.0.1 Debugging On Windows Suddenly Becomes Slow. Why?
How to import fontforge to python in windows 7
Create an array in batch in multiple lines
Why wouldn't I want to add Python.exe to my System Path at install time?
Powershell 3.0 : Alternative to "Get-Volume"
Lua - io.open() only up to 2 GB?
Making sense of UMDH compare output
diskpart does not process script correctly when executed from CreateProcess()
Atomicity, Volatility and Thread Safety in Windows

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!