Granting Process Access Rights
CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 4 of 4

Thread: Granting Process Access Rights

  1. #1
    Join Date
    Sep 2009
    Posts
    8

    Granting Process Access Rights

    Hello,

    I'm currently trying to create a process that will have the PROCESS_QUERY_INFORMATION access right. I'm trying to create a new security descriptor to be used with CreateProcess(). However, MSDN is very confusing on this, and I am getting completely bogged down on DACL's and ACE's.

    I also can't seem to find any examples relating to process'.

    Here is some code I have so far:

    Code:
    PSECURITY_DESCRIPTOR pSD;
    pSD = (PSECURITY_DESCRIPTOR) LocalAlloc (LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
    InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION);
    SetSecurityDescriptorDacl(pSD, TRUE, (PACL)NULL, FALSE);
        
    // SECURITY_ATTRIBUTES struct
    SECURITY_ATTRIBUTES sa;
    sa.nLength = sizeof(SECURITY_ATTRIBUTES);
    sa.lpSecurityDescriptor = pSD;
    sa.bInheritHandle = TRUE;
        
    // Create process without the window
    if (!CreateProcessW(utilityName, parameters, &sa, 0, FALSE, CREATE_PRESERVE_CODE_AUTHZ_LEVEL | CREATE_NO_WINDOW, 0, 0, &siStartupInfo, &piProcessInfo)){
        PrintLastError();
        return FALSE;
    }
    I need this access right because the process being created needs to call OpenProcessToken(). If I run the program as seen above, the newly created process just crashes upon hitting OpenProcessToken(). Is this expected behaviour assuming the PROCESS_QUERY_INFORMATION permission isn't set? I don't even know if this is the reason for the crash (I would of thought that it would give me an error message, but I can't think of any other reasons)...

  2. #2
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,022

    Re: Granting Process Access Rights

    I'm currently trying to create a process that will have the PROCESS_QUERY_INFORMATION access right.
    And what makes you believe it has not?

    I need this access right because the process being created needs to call OpenProcessToken(). If I run the program as seen above, the newly created process just crashes upon hitting OpenProcessToken(). Is this expected behaviour assuming the PROCESS_QUERY_INFORMATION permission isn't set? I don't even know if this is the reason for the crash (I would of thought that it would give me an error message, but I can't think of any other reasons)...
    Sorry, but I think, before making questionable assumptions, it'd be more efficient to show your code that doesn't work. BTW, are you aware of GetLastError function?
    Best regards,
    Igor

  3. #3
    Join Date
    Sep 2009
    Posts
    8

    Re: Granting Process Access Rights

    Yes I am, but the program crashes before I even have a chance to call GetLastError().

    If you would like to see the code that is broken, here it is:

    Code:
    HANDLE hToken = NULL;  
    OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, &hToken);
    MessageBox(NULL, "This does not get run", "", MB_OK);
    The reason I believe that the process doesn't have the permission is because it is getting created with CreateProcess() and the default DACL. Maybe GetCurrentProcess() is causing the crash, I don't know.

    Edit just to clarify... there are two processes I am working with here. The code in my first post creates the process that runs the code in this post.

  4. #4
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,022

    Re: Granting Process Access Rights

    So you think it's normal for WinAPI call to crash the entire application when some security stuff isn't sufficient for doing something.

    Did you ever try to run your second app in debugger session?
    Best regards,
    Igor

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Windows Mobile Development Center


Click Here to Expand Forum to Full Width

This is a CodeGuru survey question.


Featured


HTML5 Development Center