1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

_STARPID & @PID[] after START /ELEVATED

Discussion in 'Support' started by vefatica, Mar 10, 2012.

  1. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,784
    Likes Received:
    29
    After you START /ELEVATED exename (and wait a while) both _STARTPID and @PID[exename] are 0.
     
  2. rconn

    rconn Administrator
    Staff Member

    Joined:
    May 14, 2008
    Messages:
    9,726
    Likes Received:
    80
    I'm afraid that the Windows security isn't quite as pitiful as you would like it to be ...
     
  3. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,784
    Likes Received:
    29
    I don't understand your remark. TASKLIST shows the PID of a process started with "START /ELEVATED" so I'd think @PID[] should be able to get it. I don't know about START/_STARTPID ... Does it use CreateProcess()?
     
  4. rconn

    rconn Administrator
    Staff Member

    Joined:
    May 14, 2008
    Messages:
    9,726
    Likes Received:
    80
    It does not use CreateProcess(); that API cannot start elevated tasks from a non-elevated process. START /elevated uses ShellExecuteEx(), which does not return a PID. It does return a process handle, but Windows will not let a non-elevated process query process information for an elevated process. (It'd be a useless pile of security junk if it did allow that!)
     
  5. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,784
    Likes Received:
    29
    What about @PID[]?
     
  6. rconn

    rconn Administrator
    Staff Member

    Joined:
    May 14, 2008
    Messages:
    9,726
    Likes Received:
    80
    What about it?

    If you're an admin user, @PID will use an undocumented API to return a pseudo-PID (not the real one, but one that Windows will associate with the process).

    However, it's useless, because you cannot actually do anything with the PID. Even if you had the real one, Windows will still not let you do anything with that PID unless you're running in an elevated process. (In which case, TCC would have used CreateProcess(), and this whole exercise would have been pointless.)

    So unless you just like to look at PIDs and imagine what you would do with them if you could actually do anything with them (and you can't), you can just substitute @RANDOM.
     
  7. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,784
    Likes Received:
    29
    As an admin uner UAC, @PID[elevated] is 0. Running elevated, it returns the actual PID ... the one seen in TaskMgr.

    And that PID's not entirely useless. My WHICHWIN can filter on it to show its (and only its) windows. There's probably more you could do with it (but probably nothing too exciting).
     
  8. mathewsdw

    Joined:
    May 24, 2010
    Messages:
    855
    Likes Received:
    0
    Vince, I am not quite sure what you meant when you said "As an admin user UAC". If you are running Windows 7 (and I tend to believe that you are from previous postings but I could be wrong) there are no "true" "Administrative" users unless you "dug up", "revived", and unhid the true "Administrator" account. First user created on a Windows 7 machine is only a pseudo-administrator (i.e., will be bugged by UAC unless UAC is turned off), and programs that were not launched "elevated" are not administrative at all, and have no "access" to administrative things. - Dan
     
  9. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,784
    Likes Received:
    29
    That's me ... the pseudo-admin ... and I can do a lot without having to ask or reply to UAC at all ... run any of the MSC plugins (configure services, change security policy), configure network stuff, and more. I can seamlessly do nearly anything "administrative" (except set the time) without dealing with UAC.
     
  10. mathewsdw

    Joined:
    May 24, 2010
    Messages:
    855
    Likes Received:
    0
    Vince, Please excuse me if this is a stupid question. Didn't you have to turn UAC off entirely for that to be the case? I haven't turned mine off because it helps to keep me from making stupid mistakes (which, as I have said previously, I'm quite fond of). I do keep an "Elevated" TCC session running at all times, but I try real hard to avoid using it when I don't actually require administrative privileges. - Dan
     
  11. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,784
    Likes Received:
    29
    No, I have not turned UAC off. It simply lets me do those things. If you are the "pseudo-admin" just type something like "services.msc" or "secpol.msc" (+ enter) in the start menu.
     

Share This Page