Hi,
I'm trying ot kill a desktop process from my application which a user will launch and my process will run in a different security context as as the local administrator. For example if I launch notepad.exe using Run As I cannot terminate it with the following:
Process('notepad.exe').Terminate;
However when I launch notepad normally in my security context the above works. I've tried using PROCESS_ALL_ACCESS but can't figure out how to use it. The furthest I got is:
Process('notepad.exe').GetHandle(PROCESS_ALL_ACCESS)
but I'm stuck at this point.
Any ideas?
Thanks,
Steve
Terminate a process running in other users security context
The reason for the problems might be insufficient privileges. Try the following code. After having called that Process.Terminate might work.
Code: Select all
procedure EnableAllPrivileges;
type TTokenPrivileges = record
PrivilegeCount : dword;
Privileges : array [0..maxInt shr 4 - 1] of TLUIDAndAttributes;
end;
var c1, c2 : dword;
i1 : integer;
ptp : ^TTokenPrivileges;
begin
if OpenProcessToken(windows.GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, c1) then
try
c2 := 0;
GetTokenInformation(c1, TokenPrivileges, nil, 0, c2);
if c2 <> 0 then begin
ptp := pointer(LocalAlloc(LPTR, c2 * 2));
if GetTokenInformation(c1, TokenPrivileges, ptp, c2 * 2, c2) then begin
for i1 := 0 to integer(ptp^.PrivilegeCount) - 1 do
ptp^.Privileges[i1].Attributes := ptp^.Privileges[i1].Attributes or SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(c1, false, PTokenPrivileges(ptp)^, c2, PTokenPrivileges(nil)^, cardinal(pointer(nil)^));
end;
LocalFree(dword(ptp));
end;
finally CloseHandle(c1) end;
end;
madshi,
Many thanks. Once I enable all privileges with your code it now works fine. The peculiar thing is I tested on my home PC (XP SP2) and the original code worked fine. However my laptop is part of a corporate domain and has XP SP2 + lotsa hotfixes and it wouldn't work on that. However all is well when the extra privileges are added and I will now purchase madCollection tomorrow
SteveO
Many thanks. Once I enable all privileges with your code it now works fine. The peculiar thing is I tested on my home PC (XP SP2) and the original code worked fine. However my laptop is part of a corporate domain and has XP SP2 + lotsa hotfixes and it wouldn't work on that. However all is well when the extra privileges are added and I will now purchase madCollection tomorrow
SteveO