问题描述
我有一个例程,当我沿着列表向下移动时,我会处理每个进程的 HANDLE 问题在于:
I've got a routine where I process-walk to obtain the HANDLE of each process as I 'walk' down the list (which works fine), but my issue lies when I do:
HANDLE h = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pe32.th32ProcessID) c $ c> PROCESS_ALL_ACCESS 是访问令牌,句柄继承设置为 FALSE ,pe32是 PROCESSENTRY32
HANDLE h = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID) where PROCESS_ALL_ACCESS is the access token, handle inheritance is set to FALSE, and pe32 is a PROCESSENTRY32
GetLastError()返回错误代码5,它不对应任何适当的过程在Spy ++ 32/64(我试过在两个平台目标下构建应用程序,但正如你所期望的,结果是一样的)。
GetLastError() returns error code 5, and all the handles that are made are addresses which do not correspond to any appropriate process in Spy++32/64 (I've tried building the application under both platform targets, but as you'd expect, the result is the same).
我使用的主机进程的SeDebugPrivilege的设置代码是:
The code for setting SeDebugPrivilege for the host process which I'm using is:
BOOL EnableDebugPrivilege(BOOL bEnable)
{
HANDLE hToken = nullptr;
LUID luid;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken)) return FALSE;
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) return FALSE;
TOKEN_PRIVILEGES tokenPriv;
tokenPriv.PrivilegeCount = 1;
tokenPriv.Privileges[0].Luid = luid;
tokenPriv.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
if (!AdjustTokenPrivileges(hToken, FALSE, &tokenPriv, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) return FALSE;
return TRUE;
}
Some questions that would be helpful to you:
- 我正在运行Windows 7 x64 Professional。
- 是的,devenv。 exe以以管理员身份运行权限启动,这意味着调试器和应用程序本身以同一关联性启动。
- 我尝试切换UAC或使用UAC关闭应用程序。仍然错误代码5。
- 我只是试图用
PROCESS_QUERY_LIMITED_INFORMATION,我收到错误代码6或ERROR_INVALID_HANDLE。还尝试使用PROCESS_QUERY_INFORMATION | -
启用SeDebugPrivilege,并使用SysInternals的Process Explorer验证。此外,所有从devenv /调试器调用的任何进程调用继承SeDebugPrivilege所以...这是奇怪的。
- I'm running Windows 7 x64 Professional.
- Yes, devenv.exe is started with "Run as Administrator" privileges, which means that the debugger and the application itself are started under the same affinity.
- I have tried toggling UAC or running the application with UAC off altogether. Still error code 5.
- I just attempted doing it with
PROCESS_QUERY_LIMITED_INFORMATIONand I receive error code 6, orERROR_INVALID_HANDLE. Also attempted withPROCESS_QUERY_INFORMATION | PROCESS_VM_READ, result is error 5 again. SeDebugPrivilegeis enabled, verified with SysInternals' Process Explorer. Additionally, all processes that spawn from devenv/whatever the debugger is called inherit SeDebugPrivilege so...this is weird.
非常感谢您的时间,我将以这个问题结束:S
Thank you all very much for your time, I'm reaching wits end with this issue :S
推荐答案
您确定您不是传递0作为进程ID值吗? ID为0的系统空闲进程以名称[系统进程]包含在快照中,但您无法打开它的句柄,因为OpenProcess的文档明确指出它会失败。它更多说:
Are you sure you are not passing 0 as a process ID value? The system idle process with ID 0 is included in the snapshot under the name [System Process], but you can't open a handle for it as the documentation for OpenProcess specifically says it'll fail. Well it says a bit more:
好吧,这不是完全正确的,因为我能够打开句柄到CSRSS(当然,实际上具有所请求的权限)。但它可能会失败的一些受保护的进程(audiodg),所以你不应该这样做。相反,请检查进程的名称,如果它是你想要的。
Well, it's not completely true as I was able to open handle to CSRSS (of course, it doesn't actually have the requested rights). But it may fail for some protected processes (audiodg), so you shouldn't not do this. Instead, check the name of the process if it's the one you want.
这篇关于WinAPI:OpenProcess()返回错误5与SeDebugPrivilege启用主机进程的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!