process question
-
is there a way to get the handle of aprocess without calling openprocess if i have the pid ? gabby
-
is there a way to get the handle of aprocess without calling openprocess if i have the pid ? gabby
Definitely, no. Definitely, yes - if you can access information on the Kernel internal structures. But even if so, your app may not work on different Windows versions. One always gets the deserved.
http://www.silveragesoftware.com/hffr.html
Update your source code with my tool HandyFile Find And Replace! -
Definitely, no. Definitely, yes - if you can access information on the Kernel internal structures. But even if so, your app may not work on different Windows versions. One always gets the deserved.
http://www.silveragesoftware.com/hffr.html
Update your source code with my tool HandyFile Find And Replace!Even if he had kernel access he couldn't! The kernel does not use handles for the process. It uses pointers to EPROCESS structures! Don't try it, just do it! ;-)
-
Even if he had kernel access he couldn't! The kernel does not use handles for the process. It uses pointers to EPROCESS structures! Don't try it, just do it! ;-)
I know that I can make a driver and use deviceiocontrol and get the handle out but just tell me the function. The EPROCESS structure doesn't have a member for the handle. I know about this function NTSYSAPI NTSTATUS NTAPI PsLookupProcessByProcessId ( IN ULONG ProcessId, OUT PEPROCESS *Process ); and this is all I know about eprocess typedef struct _EPROCESS { KPROCESS Pcb; EX_PUSH_LOCK ProcessLock; ... UCHAR ImageFileName[16]; ... UCHAR PriorityClass; BOOLEAN WorkingSetAcquiredUnsafe; } EPROCESS, *PEPROCESS; is KPROCESS the process HANDLE and if it is what ACCESS does it have, i supose PROCESS_ALL_ACCESS right ??/ gabby