本文介绍了OpenProcess:仅在 Windows 8.1 上出现访问被拒绝错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

限时删除!!

我有一个程序可以调整 SeDebugPrivilege,然后开始遍历系统进程并为它们调用 OpenProcess(并执行其他操作,但现在并不重要).当然,该程序也以管理员模式运行.在 Windows XP 和 Windows 7 上它工作正常,但在 Windows 8.1 上,OpenProcess 对于以下系统进程失败,并显示 ERROR_ACCESS_DENIED(5):smss.exe、csrss.exe、services.exeem>.据我所知,使用 SeDebugPrivilege 我应该能够打开这些进程并为它们检索句柄.有没有人知道,什么样的魔法导致这个错误只在 Windows 8.1 上?

I have a program which adjusts SeDebugPrivilege and then starts to iterate through system processes and calls OpenProcess for them (and does other stuff, but it's not important now). Also the program runs in administrator mode of course. On Windows XP and Windows 7 it works fine, but on Windows 8.1 OpenProcess fails for the following system processes with ERROR_ACCESS_DENIED(5): smss.exe, csrss.exe, services.exe. As I know with SeDebugPrivilege I should be able to open these processes and retrieve a handle for them. Does anybody have a clue, what kind of magic causes this error only on Windows 8.1?

(无论如何,我对 CreateToolhelp32Snapshot 的相同进程有相同的错误)

(Anyway I have the same error with the same processes for CreateToolhelp32Snapshot)

推荐答案

Windows 8.1 引入了 系统保护进程.这是在第三方反恶意软件的上下文中记录的,但假设它也用于保护特别关键的系统进程似乎是合理的.

Windows 8.1 introduces the concept of a system protected process. This is documented in the context of third-party anti-malware software, but it seems reasonable to suppose that it is also used to protect particularly critical system processes.

系统保护进程是 Protected Process 机制(Microsoft Word 文档)作为 DRM 措施在 Windows Vista 中引入.

System protected processes are an extension of the Protected Process mechanism (Microsoft Word document) introduced in Windows Vista as a DRM measure.

即使具有调试权限,您也无法获得受保护进程的任何这些访问权限:

You cannot obtain any of these access rights for a protected process, even with debug privilege:

  • 删除
  • READ_CONTROL
  • WRITE_DAC
  • WRITE_OWNER
  • PROCESS_CREATE_THREAD
  • PROCESS_DUP_HANDLE
  • PROCESS_QUERY_INFORMATION
  • PROCESS_SET_QUOTA
  • PROCESS_SET_INFORMATION
  • PROCESS_VM_OPERATION
  • PROCESS_VM_READ
  • PROCESS_VM_WRITE

您应该仍然可以通过请求 PROCESS_QUERY_LIMITED_INFORMATION 访问权限来打开该进程.根据文档,还允许 SYNCHRONIZEPROCESS_TERMINATE 访问.

You should still be able to open the process by requesting PROCESS_QUERY_LIMITED_INFORMATION access. According to the documentation, SYNCHRONIZE and PROCESS_TERMINATE access are also permitted.

这篇关于OpenProcess:仅在 Windows 8.1 上出现访问被拒绝错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

1403页,肝出来的..

09-07 01:20