You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Starting from windows 8.1 and protected processes, it' impossible to get PROCESS_QUERY_INFORMATION | PROCESS_VM_READ on certain processes (protected processes for instance)
psutil retrieves the command line of processes by reading the PEB of those processes (thus needing PROCESS_VM_READ)
Starting from windows 8.1, it's possible to get the commandline of a process using NtQueryInformationProcess with ProcessCommandLineInformation class
To use this, only PROCESS_QUERY_LIMITED_INFORMATION rights are needed on the process
Interesting. I suppose that means less AccessDenied exceptions. Thanks for digging into this. I'm not sure when I'll have time to look into this (definitively not this year) so if you're interested in working on a PR be my guest. =)
…mationProcess (see #1384) (#1398)
#1384, #1398: on windows 8.1, get cmdline() using NtQueryInformationProcess in case the original method fails with ACCESS_DENIED
Starting from windows 8.1 and protected processes, it' impossible to get
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ
on certain processes (protected processes for instance)psutil retrieves the command line of processes by reading the PEB of those processes (thus needing
PROCESS_VM_READ
)Starting from windows 8.1, it's possible to get the commandline of a process using
NtQueryInformationProcess
withProcessCommandLineInformation
classTo use this, only
PROCESS_QUERY_LIMITED_INFORMATION
rights are needed on the processdiscussion about this here :
https://wj32.org/processhacker/forums/viewtopic.php?t=2760
implementation by process hacker here:
https://github.com/processhacker/processhacker/blob/master/phlib/native.c#L721
The text was updated successfully, but these errors were encountered: