[OT] OpenProcess shows "Access Denied (5)" on some Processes,...
Kerem Gümrükcü
i have a Application that first calls CreateToolhelp32Snapshot(), then
calls Process32First() and finally the Process32Next() functions until
there is no more data. This works fine! When i try to open the the
Process with OpenProcess (with PROCESS_ALL_ACCESS) and
want to return a handle from where i can do a EnumProcessModules()
and then a GetModuleFileNameEx() to return the fully qualified path
to the main executable, i get a GetLastError() == 5 (access denied) from
the OpenProcess (the return value in this case is NULL from OpenProcess).
But this happens only to processes not started with my User Account, most
likely
with SYSTEM Account. How can i open a handle to these Processes to work
with them with functions like e.g. EnumProcessModules() and
GetModuleFileNameEx()?
When i look at e.g. Process Explorer, i can see that it has been handled
there, but
i also know that PE is working with Kernel Mode Code and a Driver in Kernel
Mode running. I dont want to do some stuff like IPC and Kernel
Modules/Process
Tables since there must be some other User Mode Stuff that can be
done,.....i think.
TIA
Best regards
Kerem Gümrükcü