Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Process SE DEBUG mode is not set on Windows #1429

Merged
merged 7 commits into from Feb 25, 2019
Merged

Conversation

giampaolo
Copy link
Owner

@giampaolo giampaolo commented Feb 24, 2019

From the code:

/*
 * Set this process in SE DEBUG mode so that we have more chances of
 * querying processes owned by other users, including many owned by
 * Administrator and Local System.
 * https://docs.microsoft.com/windows-hardware/drivers/debugger/debug-privilege
 */

^ that is what we are supposed to do on module import. While I was refactoring this function I realized that the code which uses it never checks return code/error, so possibly SE DEBUG has never been set (or it has been broken at some point, I wouldn't know). Now it's set and will raise exception on import in case of error (not what I want - will change it later). Perhaps this means we're now gonna get less AccessDenied exceptions for PIDs owned by other/system users?

@jloden - you wrote this code 10 years ago - brings back memories =)

UPDATE: confirmed SE DEBUG was not set. I tested with a limited user and it seems we get slightly less AD exceptions .

giampaolo added 7 commits Feb 24, 2019
…id we ever set SE DEBUG at all?) - if SE DEBUG can't be set we now raise an exception on import; that's bad - I'll change it later, and I will probably replace it with a warning
@giampaolo giampaolo changed the title Fix / investigate SE DEBUG on Windows Process SE DEBUG mode is not set on Windows Feb 25, 2019
@giampaolo
Copy link
Owner Author

giampaolo commented Feb 25, 2019

Confirmed SE DEBUG was not set. I tested with a limited user and it seems we get slightly less AD exceptions .

@giampaolo giampaolo merged commit f326539 into master Feb 25, 2019
@giampaolo giampaolo deleted the fix-win-set-debug branch Feb 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant