Access denied while getting process path

Asked 3/8, 2010 at 18:55 Answered 6/9, 2010 at 20:43

Solved c#winapi process access-denied win32exception

I am trying to get process path by pid but I'm getting Win32Exception (access id denied).

The code looks like this:

string path = Process.GetProcessById(pid).MainModule.FileName

I have tried using OpenProcess with GetModuleFileNameEx but OpenProcess is returning 0. I even tried enabling SeDebugPrivilege according to C# – How to enable SeDebugPrivilege but it didn't help.

The above code works for most of the processes but throws error for SynTPHelper.exe (Synaptics Pointing Device Helper) The application is running under the same username as my code. Both, my application and the process run in 64 bit.

Is it possible to retrieve the path without running my application as an administrator?

Edit

Task Manager is able to 'open file location' even though I'm not running it as an administrator.

Showroom answered 3/8, 2010 at 18:55 Comment(0)

Finally I managed to solve it. As it turned out there is new function in Vista and above for getting process path and new process access (PROCESS_QUERY_LIMITED_INFORMATION):

QueryFullProcessImageName

Here is the code that works from non-elevated process:

    private static string GetExecutablePathAboveVista(UIntPtr dwProcessId)
    {
        StringBuilder buffer = new StringBuilder(1024);
        IntPtr hprocess = OpenProcess(ProcessAccessFlags.PROCESS_QUERY_LIMITED_INFORMATION, false, dwProcessId);
        if (hprocess != IntPtr.Zero)
        {
            try
            {
                int size = buffer.Capacity;
                if (QueryFullProcessImageName(hprocess, 0, buff, out size))
                {
                    return buffer.ToString();
                }
            }
            finally
            {
                CloseHandle(hprocess);
            }
        }
        return string.Empty;
    }

Showroom answered 6/9, 2010 at 20:43 Comment(5)

Many thanks for aboutmycode.com/net-framework/… (that is the same Giorgi?). Simple Copy/Past/Reformat/Add some Namespaces and it works!!! :) – Extravagancy 25/7, 2012 at 8:46

@Andreas: Yes, that's just my blog. – Showroom 25/7, 2012 at 10:29

PROCESS_QUERY_LIMITED_INFORMATION = 0x1000; msdn.microsoft.com/en-us/library/windows/desktop/… – Treasonable 20/11, 2012 at 3:33

@Showroom Please, how can I ProcessAccessFlags, my project cannot resolve. – Gileadite 11/9, 2014 at 13:40

@LucasRodriguesSena This seems to work (you have to rename PROCESS_QUERY_LIMITED_INFORMATION). – Fungicide 29/8, 2017 at 17:20

Well, it is certainly not unheard of for services to remove access rights so that even an administrator cannot open the process. A service has enough privileges to do so, DRM components like audiodg.exe readily do so. A mouse pad helper doesn't strike me as something that would require such protection. But what the hey, why would anybody ever need to mess with a mouse pad helper?

Phaedra answered 3/8, 2010 at 19:35 Comment(3)

I'm not trying to mess with it, I just want to get list of processes with path running under the current user. – Showroom 3/8, 2010 at 19:47

Contact Synaptics for support. Be prepared for the Why? question. – Phaedra 3/8, 2010 at 19:58

audiodg.exe is also a protected process IIRC so it gets protection like that for free – Deeplaid 4/8, 2010 at 11:9

Recommended topics

Hot tags