System.ComponentModel.Win32Exception (0x80004005): Access is denied

0

I have this struct with a method GetParentProcess(IntPtr handle) for returning Parent process by passing handle. 

[StructLayout(LayoutKind.Sequential)]
public struct ParentProcessUtilities
{

    internal IntPtr Reserved1;
    internal IntPtr PebBaseAddress;
    internal IntPtr Reserved2_0;
    internal IntPtr Reserved2_1;
    internal IntPtr UniqueProcessId;
    internal IntPtr InheritedFromUniqueProcessId;

    [DllImport("ntdll.dll")]
    public static extern int NtQueryInformationProcess(IntPtr processHandle, int processInformationClass, ref ParentProcessUtilities processInformation, int processInformationLength, out int returnLength);


    public static Process GetParentProcess()
    {
        return GetParentProcess(Process.GetCurrentProcess().Handle);
    }


    public Process GetParentProcess(int id)
    {
        Process process = Process.GetProcessById(id);
        return GetParentProcess(process.Handle);
    }


    public static Process GetParentProcess(IntPtr handle)
    {
        ParentProcessUtilities pbi = new ParentProcessUtilities();
        int returnLength;
        int status = NtQueryInformationProcess(handle, 0, ref pbi, Marshal.SizeOf(pbi), out returnLength);
        if (status != 0)
            throw new Win32Exception(status);

        try
        {
            return Process.GetProcessById(pbi.InheritedFromUniqueProcessId.ToInt32());
        }
        catch (ArgumentException)
        {

            return null;
        }
    }
}

Everything is working fine until i get on process "smss.exe". When i want to get parent of that process it throws me this exception 

 Unexpected exception : System.ComponentModel.Win32Exception (0x80004005): Access is denied
   at System.Diagnostics.ProcessManager.OpenProcess(Int32 processId, Int32 access, Boolean throwIfExited)
   at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited)
   at System.Diagnostics.Process.OpenProcessHandle(Int32 access)
   at System.Diagnostics.Process.get_Handle()

I am running application with admin privileges. Thanks for help

c#
process
asked on Stack Overflow Mar 6, 2019 by Christián Szeman

1 Answer

0

smss.exe is the Session Manager Subsystem, see this Wikipedia article for detailed information. It is the first user-mode process started by the Windows kernel and performs many privileged operations. Hence, your ordinary process won't have access to manage this process, thus the “Access is denied” exception.

answered on Stack Overflow Mar 6, 2019 by Ondrej Tucny

User contributions licensed under CC BY-SA 3.0