Go Back   TechArena Community > Technical Support > Computer Help > Windows Security
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



process username OpenProcess -> OpenProcessToken access denied

Windows Security


Reply
 
Thread Tools Search this Thread
  #1  
Old 24-02-2008
Member
 
Join Date: Oct 2005
Posts: 61
process username OpenProcess -> OpenProcessToken access denied

I am getting error while running a .net code. I need some experts help on the same. I am not able to find where I am going wrong. There is as .net code that I found through System.Management.ManagementObject. It runs but it is extremely slow and I am not able to figure out why. Also I am getting access denied error while modifying the process used by it. I had posted the entire code below.
Code:
void sysLog( LPTSTR lpFrom )
{
WCHAR s[512];
DWORD dwErr = ::GetLastError();
::ZeroMemory( s, 512 );

if( (FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
dwErr,
0,
s,
512,
NULL ) ) == 0 )
{
::std::wcout << lpFrom <<  L" FormatMessage error ::GetLastError()
was " << dwErr << std::endl;
}
else
{
::std::wcout << lpFrom << L" Error: " << dwErr << L" " << s <<
std::endl;
}
}


BOOL SetPrivilege(
HANDLE hToken,          // access token handle
LPCTSTR lpszPrivilege,  // name of privilege to enable/disable
BOOL bEnablePrivilege   // to enable or disable privilege
)
{
TOKEN_PRIVILEGES tp;
LUID luid;

if ( !LookupPrivilegeValue(
NULL,            // lookup privilege on local system
lpszPrivilege,   // privilege to lookup
&luid ) )        // receives LUID of privilege
{
printf("LookupPrivilegeValue error: %u\n", GetLastError() );
return FALSE;
}

tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if (bEnablePrivilege)
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
tp.Privileges[0].Attributes = 0;

// Enable the privilege or disable all privileges.

if ( !AdjustTokenPrivileges(
hToken,
FALSE,
&tp,
sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES) NULL,
(PDWORD) NULL) )
{
printf("AdjustTokenPrivileges error: %u\n", GetLastError() );
return FALSE;
}

if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)

{
printf("The token does not have the specified privilege. \n");
return FALSE;
}

return TRUE;
}

BOOL GetCurrentUserAndDomain(	DWORD dwPID,
PTSTR szUser, PDWORD pcchUser,
PTSTR szDomain, PDWORD pcchDomain)
{

BOOL         fSuccess = FALSE;
HANDLE       hToken   = NULL;
PTOKEN_USER  ptiUser  = NULL;
DWORD        cbti     = 0;
SID_NAME_USE snu;
HANDLE hProc = NULL;

HANDLE hProcSelf = NULL;
HANDLE hTokenSelf   = NULL;

__try
{



// not needed if dwPID is the id of this process
hProcSelf = ::OpenProcess( PROCESS_ALL_ACCESS,
FALSE,
::GetCurrentProcessId() );

::OpenProcessToken(	hProcSelf,
TOKEN_ADJUST_PRIVILEGES,
&hTokenSelf);

SetPrivilege( hTokenSelf, SE_DEBUG_NAME, TRUE );

// always fails
//SetPrivilege( hTokenSelf, SE_TCB_NAME, TRUE );
//SetPrivilege( hTokenSelf, SE_IMPERSONATE_NAME, TRUE );


hProc = ::OpenProcess(	PROCESS_QUERY_INFORMATION,
FALSE,
dwPID );

if( NULL == hProc )
{
sysLog( L"OpenProcess" );
__leave;
}

// fails here always
if( 0 == ::OpenProcessToken(	hProc,
TOKEN_QUERY,
&hToken))
{
sysLog( L"OpenProcessToken" );
__leave;
}

// always fails
//SetPrivilege( hToken, SE_DEBUG_NAME, TRUE );
//SetPrivilege( hTokenSelf, SE_TCB_NAME, TRUE );
//SetPrivilege( hToken, SE_IMPERSONATE_NAME, TRUE );

// Obtain the size of the user information in the token.
if (GetTokenInformation(hToken, TokenUser, NULL, 0, &cbti))
{
sysLog( L"GetTokenInformation" );
// Call should have failed due to zero-length buffer.
__leave;

}
else
{
// Call should have failed due to zero-length buffer.
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
sysLog( L"GetTokenInformation" );
__leave;
}
}

// Allocate buffer for user information in the token.
ptiUser = (PTOKEN_USER) HeapAlloc(GetProcessHeap(), 0, cbti);
if (!ptiUser)
{
sysLog( L"GetTokenInformation" );
__leave;
}

// Retrieve the user information from the token.
if (!GetTokenInformation(hToken, TokenUser, ptiUser, cbti, &cbti))
{
sysLog( L"GetTokenInformation" );
__leave;
}

// Retrieve user name and domain name based on user's SID.
if (!LookupAccountSid(	NULL, ptiUser->User.Sid, szUser, pcchUser,
szDomain, pcchDomain, &snu))
{
sysLog( L"GetTokenInformation" );
__leave;
}

fSuccess = TRUE;
}
__finally
{
if( hTokenSelf )
::CloseHandle( hTokenSelf );

// Free resources.
if( hProcSelf )
::CloseHandle( hProcSelf );

if (hToken)
::CloseHandle(hToken);

if (ptiUser)
::HeapFree(::GetProcessHeap(), 0, ptiUser);

if( hProc )
::CloseHandle( hProc );
}

return fSuccess;
}
// http://win32.mvps.org/
int _tmain(int argc, _TCHAR* argv[])
{
TCHAR szUN[64];
TCHAR szD[64];

DWORD dwUNSize = 64;
DWORD dwDSize = 64;

DWORD dwPID = 0;

BOOL bStatus = FALSE;

if( argc == 2 )
{
dwPID = (DWORD)_ttoi( argv[1] );
std::wcout << "Looking up user account for pid: " << dwPID <<
std::endl;
bStatus = GetCurrentUserAndDomain( dwPID, szUN, &dwUNSize, szD,
&dwDSize );
}
else
{
dwPID = ::GetCurrentProcessId();
std::wcout << "Looking up user account for current process pid: " <<
dwPID << std::endl;
bStatus = GetCurrentUserAndDomain( dwPID, szUN, &dwUNSize, szD,
&dwDSize );
}

if( bStatus )
std::wcout << L"User: " << szUN << " Domain: " << szD << std::endl;
}

Reply With Quote
  #2  
Old 01-11-2012
Member
 
Join Date: Oct 2005
Posts: 32
Re: process username OpenProcess -> OpenProcessToken access denied

Here is a small link that has ample of resources on what you are looking for. I will advice you to have a look on the same. I think there is something missing and reading the below article will help you to get more highlight on the same.
OpenProcessToken function
Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Security
Tags: , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "process username OpenProcess -> OpenProcessToken access denied"
Thread Thread Starter Forum Replies Last Post
Every process is without username Erakna Operating Systems 6 05-08-2011 03:10 PM
Netgear wifi router does not provide access with username and password Lahu Lugan Networking & Security 5 29-03-2011 07:54 PM
How to remove a running process that gives you "access denied" when you try to kill it maketu Window 2000 Help 3 13-05-2009 08:49 AM
Access Denied, Access Denied- like a broken record! Sam Vista Help 7 26-04-2008 10:24 AM
File server denied access by Domain Controller: Access is denied because of failure to authenticate Jim Windows Server Help 2 24-05-2007 09:46 AM


All times are GMT +5.5. The time now is 09:14 AM.