Get process info when running in administrator

delphi package - easy access to kernel objects etc.

Get process info when running in administrator

Postby Sylfelin » Thu Jun 12, 2014 8:13 pm

Hi,

I test madshi for my company before buy it.

This delphi code:
Code: Select all
  countProcesses := Processes.ItemCount;
  for i1 := 0 to countProcesses - 1 do
  begin
  exe:=Processes.Items[i1].ExeFile;
    if UpperCase( exe).Contains( UpperCase('GecoMaes.exe')) then
    begin
      ip := Processes.Items[i1];
      mmo1.Lines.Add('IProcess.Session:' + ip.Session.ToString());
      mmo1.Lines.Add('IProcess.GetHandle:' + ip.GetHandle().Handle.ToString());
      mmo1.Lines.Add('ExeFile:' + Processes.Items[i1].ExeFile);
      mmo1.Lines.Add('UserName:' + Processes.Items[i1].UserName);
    end;
  end;


And the result:
Code: Select all
IProcess.Session:1
IProcess.GetHandle:424
ExeFile:C:\aaaaaa\bbbb\jjjjjjjj.exe
UserName:xxxxxx


But if the app is running whit "Execute as administrator" the result is :
Code: Select all
IProcess.Session:1
IProcess.GetHandle:4294967295
ExeFile:GecoMaes.exe
UserName:


I'don't view the exe path and the handle is false.

How can i do for resolve that.

Thank's
Sylfelin
 
Posts: 1
Joined: Thu Jun 12, 2014 8:02 pm

Re: Get process info when running in administrator

Postby madshi » Thu Jun 12, 2014 10:13 pm

madKernel is freeware.

Try running the following code in your initialization to enable all the admin privileges. Some of the privileges might not be enabled by default:

Code: Select all
var PrivilegesEnabled : boolean = false;
procedure EnableAllPrivileges;
type TTokenPrivileges = record
       PrivilegeCount : dword;
       Privileges     : array [0..maxInt shr 4 - 1] of TLUIDAndAttributes;
     end;
var token : THandle;
    c2    : dword;
    i1    : integer;
    ptp   : ^TTokenPrivileges;
    backup, restore, owner : int64;
begin
  if PrivilegesEnabled then
    exit;
  if OpenProcessToken(windows.GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, token) then
    try
      c2 := 0;
      GetTokenInformation(token, TokenPrivileges, nil, 0, c2);
      if c2 <> 0 then begin
        ptp := pointer(LocalAlloc(LPTR, c2 * 2));
        if GetTokenInformation(token, TokenPrivileges, ptp, c2 * 2, c2) then begin
          // enabling backup/restore privileges breaks Explorer's Samba support
          if not LookupPrivilegeValueA(nil, PAnsiChar(DecryptStr(CSeBackupPrivilege       )), backup ) then backup  := 0;
          if not LookupPrivilegeValueA(nil, PAnsiChar(DecryptStr(CSeRestorePrivilege      )), restore) then restore := 0;
          if not LookupPrivilegeValueA(nil, PAnsiChar(DecryptStr(CSeTakeOwnershipPrivilege)), owner  ) then owner   := 0;
          for i1 := 0 to integer(ptp^.PrivilegeCount) - 1 do
            if (ptp^.Privileges[i1].Luid <> backup ) and
               (ptp^.Privileges[i1].Luid <> restore) and
               (ptp^.Privileges[i1].Luid <> owner  ) then
              ptp^.Privileges[i1].Attributes := ptp^.Privileges[i1].Attributes or SE_PRIVILEGE_ENABLED;
          AdjustTokenPrivileges(token, false, PTokenPrivileges(ptp)^, c2, PTokenPrivileges(nil)^, dword(pointer(nil)^));
        end;
        LocalFree(HLOCAL(ptp));
      end;
    finally CloseHandle(token) end;
  PrivilegesEnabled := true;
end;
madshi
Site Admin
 
Posts: 9413
Joined: Sun Mar 21, 2004 5:25 pm


Return to madKernel

Who is online

Users browsing this forum: No registered users and 1 guest

cron