My file operation monitor project need get name from process id, in case this process is create by other user, not in same session, generally , it is not, because my program run as service, it is run as local system. get process name became an issue.
it need AdjustTokenPrivileges , I use SE_DEBUG_NAME the high privilege for get process name.
Sample code :
void EnableDebugPriv()
{
HANDLE hToken;
LUID luid;
TOKEN_PRIVILEGES tkp;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
if (!::LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid))
{
wprintf(_T("ERROR %u\n"),GetLastError());
CloseHandle(hToken);
return;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = luid;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!::AdjustTokenPrivileges(hToken, false, &tkp, sizeof(tkp), NULL, NULL))
{
wprintf(_T("ERROR %u\n"),GetLastError());
CloseHandle(hToken);
return;
}
CloseHandle(hToken);
wprintf(_T("Should have worked"));
}
ProcessInfoStruct pInfo ;
DWORD err = ERROR_SUCCESS;
HANDLE Handle;
char buffer[MAX_PATH];
DWORD i = MAX_PATH ;
Handle = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, processHandle);
if (Handle != 0)
{
if (QueryFullProcessImageNameA(Handle, 0, buffer, &i) != 0)
{
pProcess->processHandle = processHandle;
std::string pfullpath(buffer);
Poco::Path pathname(pfullpath);
pProcess->processName = pathname.getFileName();
pProcess->processPath = pathname.parent().toString() ;
pInfo.processHandle = processHandle ;
pInfo.processName = pProcess->processName;
pInfo.processPath = pProcess->processPath ;
processCache.add(processHandle, pInfo);
}
else
{
wprintf(_T("ERROR %u\n"),GetLastError());
}
CloseHandle(Handle);
}
else
{
wprintf(_T("ERROR %u\n"),GetLastError());
}
No comments:
Post a Comment