1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

@PID and system processes?

Discussion in 'Support' started by vefatica, Aug 27, 2017.

  1. vefatica

    Joined:
    May 20, 2008
    Messages:
    8,058
    Likes Received:
    30
    Why doesn't @PID work with a system process? TASKLIST can pair up PIDs and process names for system processes.

    Code:
    v:\> echo %@pid[serv-u.exe.exe]
    0
    
    v:\> echo %@word[0,%@execstr[tasklist | ffind /k /m /t"serv-u"]]
    1804
     
  2. rconn

    rconn Administrator
    Staff Member

    Joined:
    May 14, 2008
    Messages:
    10,021
    Likes Received:
    84
    Because Microsoft doesn't want you to do that if you're not running an elevated session. (Works fine elevated.)

    Specifically, the reason it doesn't work is because GetModuleFileNameEx() fails on system processes if you're not elevated. @PID needs to call GetModuleFileNameEx() so it can compare pathnames, not just a shortname.
     
  3. vefatica

    Joined:
    May 20, 2008
    Messages:
    8,058
    Likes Received:
    30
    I see. I never knew @PID used paths. It makes sense that windows won't give you WM_READ for a system process.

    It's funny, though, that ProcessExplorer, which doesn't require elevation, will show you the fully-qualified name in a balloon if you hover on an exe name or if you look at the properties of such a process. I wonder how it's done.
     
  4. AnrDaemon

    Joined:
    Aug 23, 2010
    Messages:
    51
    Likes Received:
    1
    A signed program could self-elevate without a user's consent, if certificate permits.
     

Share This Page