Re: Obtain PID's
From: Gil Hamilton (gil_hamilton_at_hotmail.com)
Date: 04/20/04
- Next message: John Phillips: "Re: Auto Log out"
- Previous message: Elaine: "Auto Log out"
- In reply to: AA: "Obtain PID's"
- Messages sorted by: [ date ] [ thread ]
Date: 20 Apr 2004 03:54:57 -0700
"AA" <not@noreply.com> wrote in message news:<#j0tnigJEHA.1388@TK2MSFTNGP09.phx.gbl>...
> I would like to know how to obtain a processe's owner from its pid
>
> The sequence of
> OpenProcess
> OpenProcessToken
> GetTokenInformation
> LookupAccountSid
> does not work on system processes.
> The said method works on all processes except system(pid 8) process
>
> and CRSS process.
>
> 1)Why does this not work on these processes ?
>
> 2)Are there any other rights that have to be assigned to get this to work ?
>
> 3)Is there any other method that doesnt require these rights
>
> to obtain the process owner name ?
There is a utility in the Microsoft Platform SDK called pview.exe (not
to be confused with the relatively lame utility of the same name that
comes with Visual Studio). It is an interactive program that allows
you, among other things, to browse the security descriptors and access
tokens associated with all the processes and threads on the system.
Get it and play with it; examine the security on the various system
objects until you understand the model.
On my XP system, for example, I have to modify the security descriptor
on some process tokens before I can examine the contents of the
tokens. And in some cases, I need to modify the process security
descriptor before I'm permitted to even look at the security
descriptor on the process access token. I can ultimately get the
descriptors and tokens for everything except process 0 -- the System
Idle Process -- which doesn't have any.
- GH
- Next message: John Phillips: "Re: Auto Log out"
- Previous message: Elaine: "Auto Log out"
- In reply to: AA: "Obtain PID's"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
