我使用OpenProcess从PID获取进程句柄。
该功能应该完成的两个任务是:
WaitForSingleObject (process, INFINITE) GetExitCodeProcess (process, &ret) 问题:是否可以ERROR_ACCESS_DENIED PROCESS_QUERY_LIMITED_INFORMATION而不是SYNCHRONIZE?如果是:哪种情况?
我的完整代码供参考:
/* wait for a pid to end and return its exit code
error codes are returned as negative value
*/
int
waitpid (const int pid)
{
int status = 0;
HANDLE process = NULL;
DWORD ret;
/* windows will wait for the own process to end... abort */
if (pid == _getpid ()) {
status = 0 - ERROR_INVALID_DATA;
return status;
}
/* get process handle */
process = OpenProcess (SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pid);
/* if we don't get access to query the process' exit status try to get at least
access to the process end (needed for WaitForSingleObject)
*/
if (!process && GetLastError () == ERROR_ACCESS_DENIED) {
OpenProcess (SYNCHRONIZE, FALSE, pid);
status = -2;
}
if (process) {
/* wait until process exit */
ret = WaitForSingleObject (process, INFINITE);
if (ret == WAIT_FAILED) {
status = 0 - GetLastError ();
/* get exit code, if possible */
} else if (status != -2) {
if (!GetExitCodeProcess (process, &ret)) {
status = 0 - GetLastError ();
} else {
status = (int) ret;
}
}
CloseHandle (process);
} else {
status = 0 - GetLastError ();
}
return status;
}
(如果您对代码有任何意见:使用评论并分享您的想法)
答案 0 :(得分:3)
是的,这是可能的,因为PROCESS_QUERY_LIMITED_INFORMATION和SYNCHRONIZE绝对独立访问。但是在打开过程之前 - 您需要(如果可能)启用SE_DEBUG_PRIVILEGE - 使用此权限,您可以独立于进程DACL打开任何进程(受系统保护除外)。甚至可以使用PROCESS_QUERY_LIMITED_INFORMATION
我在win 10(1607)上快速检查进程访问掩码
----------------------
0000000000000004 System
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-18 SYSTEM
0 00 00121411 S-1-5-32-544 Administrators
----------------------
0000000000000110 smss.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-18 SYSTEM
0 00 00121411 S-1-5-32-544 Administrators
----------------------
0000000000000170 csrss.exe
T FL AcessMsK Sid
0 00 00020C79 S-1-5-18 SYSTEM
----------------------
00000000000001B4 wininit.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-18 SYSTEM
0 00 00121411 S-1-5-32-544 Administrators
----------------------
00000000000001C0 csrss.exe
T FL AcessMsK Sid
0 00 00020C79 S-1-5-18 SYSTEM
----------------------
0000000000000210 winlogon.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-18 SYSTEM
0 00 00121411 S-1-5-32-544 Administrators
----------------------
000000000000025C services.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-18 SYSTEM
0 00 00121411 S-1-5-32-544 Administrators
----------------------
000000000000026C lsass.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-18 SYSTEM
0 00 00121411 S-1-5-32-544 Administrators
----------------------
00000000000002B4 svchost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-42363 LogonSessionId_0_42363
0 00 00001400 S-1-5-32-544 Administrators
----------------------
00000000000002F0 svchost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-63646 LogonSessionId_0_63646
0 00 00001400 S-1-5-32-544 Administrators
----------------------
0000000000000354 dwm.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-90-0-1 DWM-1
0 00 001FFFFF S-1-5-18 SYSTEM
----------------------
00000000000003A8 svchost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-67924 LogonSessionId_0_67924
0 00 00001400 S-1-5-32-544 Administrators
----------------------
00000000000003B0 svchost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-72026 LogonSessionId_0_72026
0 00 00001400 S-1-5-32-544 Administrators
----------------------
00000000000003D8 svchost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-72302 LogonSessionId_0_72302
0 00 00001400 S-1-5-32-544 Administrators
----------------------
00000000000003F0 svchost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-75312 LogonSessionId_0_75312
0 00 00001400 S-1-5-32-544 Administrators
----------------------
0000000000000184 WUDFHost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-84-0-76843-0-0-0
0 00 00000400 S-1-5-32-544 Administrators
----------------------
0000000000000314 svchost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-78668 LogonSessionId_0_78668
0 00 00001400 S-1-5-32-544 Administrators
----------------------
00000000000004BC svchost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-84911 LogonSessionId_0_84911
0 00 00001400 S-1-5-32-544 Administrators
----------------------
00000000000004C4 svchost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-86762 LogonSessionId_0_86762
0 00 00001400 S-1-5-32-544 Administrators
----------------------
0000000000000528 svchost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-89099 LogonSessionId_0_89099
0 00 00001400 S-1-5-32-544 Administrators
----------------------
00000000000005A0 svchost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-92315 LogonSessionId_0_92315
0 00 00001400 S-1-5-32-544 Administrators
----------------------
0000000000000718 svchost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-136688 LogonSessionId_0_136688
0 00 00001400 S-1-5-32-544 Administrators
----------------------
0000000000000444 WmiPrvSE.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-144257 LogonSessionId_0_144257
0 00 00100001 S-1-5-5-0-63646 LogonSessionId_0_63646
0 00 00100000 S-1-5-18 SYSTEM
----------------------
00000000000006E0 dllhost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-146109 LogonSessionId_0_146109
0 00 00001400 S-1-5-32-544 Administrators
----------------------
0000000000000844 VSSVC.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-157627 LogonSessionId_0_157627
0 00 00001400 S-1-5-32-544 Administrators
----------------------
00000000000008E8 sppsvc.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-279111 LogonSessionId_0_279111
0 00 00001400 S-1-5-32-544 Administrators
----------------------
00000000000008B4 WmiPrvSE.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-18 SYSTEM
0 00 00100001 S-1-5-5-0-63646 LogonSessionId_0_63646
0 00 00100000 S-1-5-18 SYSTEM
----------------------
000000000000092C WmiApSrv.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-5-0-306945 LogonSessionId_0_306945
0 00 00001400 S-1-5-32-544 Administrators
----------------------
00000000000009AC sihost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-21-1621835565-972595261-354493311-1001 Kelly
0 00 001FFFFF S-1-5-18 SYSTEM
0 00 00121411 S-1-5-5-0-315893 LogonSessionId_0_315893
----------------------
0000000000000A64 taskhostw.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-21-1621835565-972595261-354493311-1001 Kelly
0 00 001FFFFF S-1-5-18 SYSTEM
0 00 00121411 S-1-5-5-0-315893 LogonSessionId_0_315893
----------------------
0000000000000A38 explorer.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-21-1621835565-972595261-354493311-1001 Kelly
0 00 001FFFFF S-1-5-18 SYSTEM
0 00 00121411 S-1-5-5-0-315893 LogonSessionId_0_315893
----------------------
0000000000000808 RuntimeBroker.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-21-1621835565-972595261-354493311-1001 Kelly
0 00 00100001 S-1-5-5-0-63646 LogonSessionId_0_63646
0 00 00100000 S-1-5-18 SYSTEM
----------------------
0000000000000E74 SppExtComObj.Exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-20 NETWORK SERVICE
0 00 00100001 S-1-5-5-0-63646 LogonSessionId_0_63646
0 00 00100000 S-1-5-18 SYSTEM
----------------------
0000000000000F88 audiodg.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-80-2676549577-1911656217-2625096541-4178041876-1366760775 Audiosrv
0 00 00001000 S-1-5-11 Authenticated Users
----------------------
0000000000000BB8 backgroundTaskHost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-21-1621835565-972595261-354493311-1001 Kelly
0 00 001FFFFF S-1-5-18 SYSTEM
0 00 00121411 S-1-5-5-0-315893 LogonSessionId_0_315893
0 00 001FFFFF S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
----------------------
0000000000000FB0 conhost.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-32-544 Administrators
0 00 001FFFFF S-1-5-18 SYSTEM
0 00 00121411 S-1-5-5-0-315893 LogonSessionId_0_315893
查看
上的示例0000000000000E74 SppExtComObj.Exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-20 NETWORK SERVICE
0 00 00100001 S-1-5-5-0-63646 LogonSessionId_0_63646
0 00 00100000 S-1-5-18 SYSTEM
说SYSTEM有SYNCHRONIZE(0x00100000)但没有PROCESS_QUERY_LIMITED_INFORMATION(0x1000)或其他例子
00000000000008B4 WmiPrvSE.exe
T FL AcessMsK Sid
0 00 001FFFFF S-1-5-18 SYSTEM
0 00 00100001 S-1-5-5-0-63646 LogonSessionId_0_63646
0 00 00100000 S-1-5-18 SYSTEM
修改
win 8.1的演示测试
我启用SE_DEBUG_PRIVILEGE并尝试使用PROCESS_QUERY_LIMITED_INFORMATION|SYNCHRONIZE打开进程
我成功在系统中打开所有进程,包括受保护的进程
当我尝试使用PROCESS_QUERY_INFORMATION打开时,我得到了下一个进程的错误:
c0000022 0000000000000004 System
c0000022 0000000000000138 smss.exe
c0000022 00000000000001A8 csrss.exe
c0000022 00000000000001EC csrss.exe
c0000022 0000000000000244 services.exe
c0000022 00000000000005B8 sppsvc.exe
所有这些都是受窗口保护的进程。
现在我测试开放禁用SE_DEBUG_PRIVILEGE。结果说自己
-----------尝试使用PROCESS_QUERY_LIMITED_INFORMATION打开
c0000022 00000000000001A8 csrss.exe
c0000022 00000000000001EC csrss.exe
c0000022 000000000000033C dwm.exe
c0000022 00000000000005D0 WUDFHost.exe
c0000022 00000000000007E4 WUDFHost.exe
-----------尝试使用SYNCHRONIZE打开
c0000022 00000000000001A8 csrss.exe
c0000022 00000000000001EC csrss.exe
c0000022 00000000000002A4 svchost.exe
c0000022 00000000000002C8 svchost.exe
c0000022 0000000000000320 svchost.exe
c0000022 000000000000033C dwm.exe
c0000022 0000000000000358 svchost.exe
c0000022 0000000000000390 svchost.exe
c0000022 00000000000003CC svchost.exe
c0000022 00000000000001E0 svchost.exe
c0000022 00000000000005D0 WUDFHost.exe
c0000022 00000000000007F0 svchost.exe
c0000022 00000000000005B8 sppsvc.exe
c0000022 00000000000007E4 WUDFHost.exe
所以请填写不同的SE_DEBUG_PRIVILEGE
但是,如果我可以用SYNCHRONIZE打开,但不能用PROCESS_QUERY_LIMITED_INFORMATION打开