问题
I'm trying to get a process name from its pid. User is running as Administrator, UAC enabled, not elevated.
Some system processes, like services.exe, have their security set up in such way that OpenProcess(PROCESS_QUERY_INFORMATION ... fails with ERROR_ACCESS_DENIED. Same result with PROCESS_QUERY_LIMITED_INFORMATION access right. However, I can see that Process Explorer can at least list all these processes, along with their pid and file name (when running as non-elevated Administrator).
My question is, how can I do the same (get file name from pid), given that non-elevated administrator cannot follow the usual route of OpenProcess() + GetProcessImageFileName()?
回答1:
Have you tried Process32First() and Process32Next() with a handle retrieved by CreateToolhelp32Snapshot()? It doesn't give you the full path but should at least let you get the file name.
回答2:
You can't open system processes (more precisely, processes running under another account - in this case user SYSTEM) without SE_DEBUG privilege enabled for your process.
If you are running as admin, you can easily set the privilege:
http://support.microsoft.com/kb/131065/en-us
回答3:
Have you tried PROCESS_QUERY_LIMITED_INFORMATION instead? It requests a lower level of access that can provide at least the name of the executable. It allows you to call QueryFullProcessImageName which provides the information you're looking for
- http://msdn.microsoft.com/en-us/library/windows/desktop/ms684919(v=vs.85).aspx
来源:https://stackoverflow.com/questions/40630528/is-possible-to-get-full-file-name-of-a-process-for-which-i-have-no-permissions