Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

elevated plugin questions

Alpengreis

Alpengreis

Jan
950
19
Hi Charles

I tried out your elevated plugin and have some questions about:

1) I thought that an invalid PID give always a -1 but that isn't the case. Is this WAD?

2) It seems that a check in unelevated tcc prompt can't resolve (some) elevated processes. One example was the smss.exe (Windows Sitzungs Manager // Windows session manager). There I receive correctly a 1 from an elevated tcc prompt but -1 from unelevated ... is this WAD?

Thank you for your work and greetings!
 
Alpengreis said:
I tried out your elevated plugin and have some questions about:

1) I thought that an invalid PID give always a -1 but that isn't the case. Is this WAD?
Click to expand...

Not sure if this is what you mean, but the lowest two bits of a PID are ignored. This is a Windows implementation detail, and may change in future versions of Windows.

2) It seems that a check in unelevated tcc prompt can't resolve (some) elevated processes. One example was the smss.exe (Windows Sitzungs Manager // Windows session manager). There I receive correctly a 1 from an elevated tcc prompt but -1 from unelevated ... is this WAD?
Click to expand...

This probably means that the plugin can't open the process with even PROCESS_QUERY_LIMITED_INFORMATION rights. It happens sometimes; I don't know why.
 
Charles Dye said:
Not sure if this is what you mean, but the lowest two bits of a PID are ignored. This is a Windows implementation detail, and may change in future versions of Windows.
Click to expand...

I've seen instances of Windows returning some Process info for a while after the process has exited; can't repro it at the moment.

Charles Dye said:
This probably means that the plugin can't open the process with even PROCESS_QUERY_LIMITED_INFORMATION rights. It happens sometimes; I don't know why.
Click to expand...

Your plugin, unelevated, can't target any SYSTEM process ... no surprise.
 
1) Ahh, I didn't know that about the last two bits of a PID, that explains it, ok. I meant NOT that with remaining PIDs BUT interesting info, Vince!

2) Ok, Charles, all right, thanks (also for your info again, Vince, which is nothing than logical).
 
You must log in or register to reply here.
Back
Top