Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

elevated plugin questions

Jan
649
15
Hi Charles

I tried out your elevated plugin and have some questions about:

1) I thought that an invalid PID give always a -1 but that isn't the case. Is this WAD?

2) It seems that a check in unelevated tcc prompt can't resolve (some) elevated processes. One example was the smss.exe (Windows Sitzungs Manager // Windows session manager). There I receive correctly a 1 from an elevated tcc prompt but -1 from unelevated ... is this WAD?

Thank you for your work and greetings!
 
I tried out your elevated plugin and have some questions about:

1) I thought that an invalid PID give always a -1 but that isn't the case. Is this WAD?

Not sure if this is what you mean, but the lowest two bits of a PID are ignored. This is a Windows implementation detail, and may change in future versions of Windows.

2) It seems that a check in unelevated tcc prompt can't resolve (some) elevated processes. One example was the smss.exe (Windows Sitzungs Manager // Windows session manager). There I receive correctly a 1 from an elevated tcc prompt but -1 from unelevated ... is this WAD?

This probably means that the plugin can't open the process with even PROCESS_QUERY_LIMITED_INFORMATION rights. It happens sometimes; I don't know why.
 
Not sure if this is what you mean, but the lowest two bits of a PID are ignored. This is a Windows implementation detail, and may change in future versions of Windows.

I've seen instances of Windows returning some Process info for a while after the process has exited; can't repro it at the moment.

This probably means that the plugin can't open the process with even PROCESS_QUERY_LIMITED_INFORMATION rights. It happens sometimes; I don't know why.

Your plugin, unelevated, can't target any SYSTEM process ... no surprise.
 
1) Ahh, I didn't know that about the last two bits of a PID, that explains it, ok. I meant NOT that with remaining PIDs BUT interesting info, Vince!

2) Ok, Charles, all right, thanks (also for your info again, Vince, which is nothing than logical).
 

Similar threads

Back
Top