I'm working on enumerating instances of iexplore.exe across all users. I'm able to get a list of the matching processes on the machine, but to identify the user, I need to use OpenProcess. This works on my own instances, but even with Run as Administrator and EnableDebugPriv, I'm still getting the access denied message. Am I missing something? Is iexplore.exe somehow protected?
Here's what I'm using for the debug priv:
void EnableDebugPriv()
{
HANDLE hToken;
LUID luid;
TOKEN_PRIVILEGES tkp;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
if (!::LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid))
{
wprintf(_T("ERROR %u\n"),GetLastError());
CloseHandle(hToken);
return;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = luid;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!::AdjustTokenPrivileges(hToken, false, &tkp, sizeof(tkp), NULL, NULL))
{
wprintf(_T("ERROR %u\n"),GetLastError());
CloseHandle(hToken);
return;
}
CloseHandle(hToken);
wprintf(_T("Should have worked"));
}
No errors occur when I run this. The ACCESS DENIED error occurs when I run
hProcess = OpenProcess( PROCESS_QUERY_INFORMATION|PROCESS_VM_READ|PROCESS_TERMINATE , FALSE, pe32.th32ProcessID );
For processes that don't belong to me. The "other" users are Standard and Guest accounts created on this machine in a normal way from Control Panel. Any ideas would be much appreciated. I'm stuck! Ultimately I want to offer the user the ability to shut down the app, but even with just PROCESS_QUERY_LIMITED_INFORMATION it fails. I still need to check if this is the problem with other applications besides IE.
Update I ultimately got this to work. The error was in OpenProcessToken instead. And I needed a different privilege than I asked for.
WTSEnumerateProcesses. It returns you all the processes, their names, and their owners - all at one shot. – Raymond Chen