Welcome!

By registering with us, you'll be able to discuss, share and exchange private messages with other members of our community.

SignUp Now!

SETP?

vefatica

vefatica

May
12,625
152
I'm seeing this.

Code: 
v:\> echo %@pid[explorer.exe]
1940

v:\> setp 1940 tmp & setp 1940 temp
TCC: Not in environment "tmp"
TCC: Not in environment "temp"

Using my own, I see this.

Code: 
v:\> u:\pset64.exe 1940 tmp & u:\pset64.exe 1940 temp
z:\
z:\

And, funny thing, I actually used TCC's SETP to set them.

Is there a way to debug this?
 
Not reproducible here:

Code: 
[C:\Program Files\JPSoft\TCMD25]echo %@pid[explorer.exe]
16064
[C:\Program Files\JPSoft\TCMD25]setp 16064 tmp
TMP=C:\Users\RCONN_~1\AppData\Local\Temp
[C:\Program Files\JPSoft\TCMD25]setp 16064 temp
TEMP=C:\Users\RCONN_~1\AppData\Local\Temp

That's not a default error message. It can only mean that either TCC wasn't able to obtain debug privileges, or that the variables don't exist in the target app.
 
rconn said:
Not reproducible here:

Code: 
[C:\Program Files\JPSoft\TCMD25]echo %@pid[explorer.exe]
16064
[C:\Program Files\JPSoft\TCMD25]setp 16064 tmp
TMP=C:\Users\RCONN_~1\AppData\Local\Temp
[C:\Program Files\JPSoft\TCMD25]setp 16064 temp
TEMP=C:\Users\RCONN_~1\AppData\Local\Temp

That's not a default error message. It can only mean that either TCC wasn't able to obtain debug privileges, or that the variables don't exist in the target app.
Click to expand...
I didn't do much testing (wish I had). It was the same in a newly started TCC. I rebooted shortly after that for unrelated reasons and after the reboot I couldn't reproduce it.
 
A note on SE_DEBUG_NAME.

Without even attempting to acquire SE_DEBUG_NAME,

1. I (an admin, unelevated) can open non-system processes for the VM read/write and CreateRemoteThread
2. I (an admin, elevated) can also open system processes as above

When I attempt to acquire SE_DEBUG_NAME,

1. as an admin, unelevated, AdjustTokenPrivileges succeeds and GetLastError() is 1300 (Not all privileges or groups referenced are assigned to the caller)
2. as an admin, elevated, AdjustTokenPrivileges succeeds and GetLastError() is 0

In any case, SE_DEBUG_NAME doesn't seem to matter.
 
Well, I'm pretty lost now. As I said before, in my PSET64.EXE, not bothering with SE_DEBUG_NAME at all, running elevated, and targeting a system process, both of these work.

Code: 
OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwPid);
OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, dwPid);

In contrast, in a TCC plugin, TCC running elevated, PSTAT targeting a system process, if I don't acquire SE_DEBUG_NAME, this fails.

Code: 
OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, PID);

Notes:

1. PSET64.EXE is like the internal SETP.
2. In the plugin, PSTAT gets this information:

Code: 
v:\> pstat 3416
PID:            3416
Path:           C:\Windows\System32\w32tmsvc.exe
PPID:           832
Parent:         C:\Windows\System32\services.exe
Started:        2019-12-22 12:00:03
Running:        4:04:57:44
User CPU:       0.0156250 sec
Kernel CPU:     0.0312500 sec
Total CPU:      0.0468750 sec
% CPU:          0.0000%
Cycles:         1420250968
% Cycles:       0.0001%
Working Set:    5224 KB
Virtual Mem:    1176 KB
Threads:        3
Handles:        96
Modules:        24
Priority:       NORMAL
Owner:          SYSTEM
Command Line:   c:\windows\system32\w32tmsvc.exe
 
Here it is again, right after the update-Tuesday restart.

Code: 
v:\> setp 5444 tmp=z:\ & setp 5444 temp=z:\

v:\> setp 5444 tmp & setp 5444 temp
TCC: Not in environment "tmp"
TCC: Not in environment "temp"

v:\> echo %@pset[5444,tmp] & echo %@pset[5444,temp]
z:\
z:\

PID 5444 is Explorer and ProcessExplorer also says TMP and TEMP are set to z:\.

It's the same in other newly-started TCCs. Any ideas on how to debug this?
 
I tried several user apps (below). SETP worked on all but Explorer and (oddly) the current instance of TCC.

Code: 
v:\> setp %@pid[firefox.exe] tmp
TMP=z:\

v:\> setp %@pid[explorer.exe] tmp
TCC: Not in environment "tmp"

v:\> setp %_pid tmp
TCC: Not in environment "tmp"

v:\> echo %tmp
z:\

v:\> setp %@pid[conhost.exe] tmp
TMP=z:\

v:\> setp %@pid[powerpro.exe] tmp
TMP=z:\

v:\> setp 2576 tmp
TMP=z:\

v:\> setp 2364 tmp
TMP=z:\

v:\> setp 1808 tmp
TMP=C:\Users\vefatica\AppData\LocalLow\Mozilla\Temp-{861861a9-fa0b-4c4d-97e3-8a5ab186af61}

v:\> setp 3528 tmp
TMP=C:\Users\vefatica\AppData\LocalLow\Mozilla\Temp-{861861a9-fa0b-4c4d-97e3-8a5ab186af61}
 
Hey @vefatica here's what I get;
Code: 
     _x64: 1
_admin: 1
_elevated: 1

TCC  25.00.26 x64   Windows 10 [Version 10.0.18362.535]
BuildNumber Caption CSDVersion OSArchitecture Version
18362        Microsoft Windows 10 Pro              64-bit          10.0.18362

e:\utils>setp %@pid[explorer.exe] tmp
TMP=C:\Users\JOECAV~1\AppData\Local\Temp

e:\utils>echo %@pid[explorer.exe]
9280

e:\utils>setp 9280 tmp
TCC: Not in environment "tmp"

e:\utils>setp 9280 tmp
TMP=C:\Users\JOECAV~1\AppData\Local\Temp

Joe
 
You must log in or register to reply here.

Similar threads

vefatica
SETP usually fails with a 32 bit process
Replies
4
Views
1K
vefatica
vefatica
R
Documentation Help Nit with SETP
Replies
0
Views
877
RogerB
R
rps
Documentation Advanced directive link to tabcloseprompt & SETP correction
Replies
0
Views
1K
rps
rps
Joe Caverly
SETP and 32-bit process
Replies
2
Views
2K
Joe Caverly
Joe Caverly
Joe Caverly
Documentation SETP correction in help file
Replies
0
Views
1K
Joe Caverly
Joe Caverly
Back
Top