Databases
StackOverflow2013
Postsdbo
POOpenProcess on x64 images from Win32 app
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POOpenProcess on x64 images from Win32 app
    text
    copied!<p>This is weird. Earlier, running Windows 7 x64, I had trouble calling the Win32 OpenProcess against 64-bit processes. Googled around a bit, and came to the sinking conclusion this just wasn't gonna happen.</p> <p>Then a funny thing happened. I tried it against the process ID for explorer.exe, and <i>holy carp</i>, it worked! Started throwing other process IDs at it, and it's just a darned crapshoot.</p> <p>As it turns out, I can call OpenProcess against a good number of x64 processes -- explorer, itype, ipoint, taskhost, cmd, mstsc, ..., etc.</p> <p>And others pop a 5 (Access is denied) -- winlogon, csrss, services, svchost, mdm, ...</p> <p>I'm confirming the "bitness" and process ID using Process Explorer. Plus, calling GetModuleFileNameEx on 64-bit processes always fails, so that offers a double-check for 32/64.</p> <p>This is the code:</p> <pre><code>' Get a handle to the process. hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, ProcessID) If hProcess Then ' Grab the filename for base module. nChars = GetModuleFileNameEx(hProcess, 0, Buffer, Len(Buffer)) ' If running in x64, http://winprogger.com/?p=26 If Err.LastDllError = ERROR_PARTIAL_COPY Then nChars = GetProcessImageFileName(hProcess, Buffer, Len(Buffer)) End If ' Truncate and return buffer. If nChars Then GetProcessFileName = Left$(Buffer, nChars) End If Call CloseHandle(hProcess) Else Debug.Print "LastDllError:"; Err.LastDllError End If </code></pre> <p>Nothing fancy. Just want to query the processes for things like filename or process times. Anyone have any idea what differentiates between the ones I can open and the ones I can't?</p> <p>Extra info: Running process as administrator. UAC turned off. Yes, it's a 32-bit app. I have had no better results using PROCESS_QUERY_LIMITED_INFORMATION.</p> <p>Thanks... Karl</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload