Mail Archives: cygwin/2004/05/19/05:16:41

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2004/05/19/05:16:41

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

From: "Dave Korn" <dk AT artimi DOT com>

To: <cygwin AT cygwin DOT com>

Subject: [OT] RE: Problems listing tasks under cygwin.

Date: Wed, 19 May 2004 10:16:07 +0100

MIME-Version: 1.0

In-Reply-To: <40AA571A.C2ACDB24@dessent.net>

Message-ID: <NUTMEGJMXehYSoOZzHZ0000017f@NUTMEG.CAM.ARTIMI.COM>

X-OriginalArrivalTime: 19 May 2004 09:16:07.0788 (UTC) FILETIME=[EB1DA2C0:01C43D81]

> -----Original Message-----
> From: cygwin-owner On Behalf Of Brian Dessent
> Sent: 18 May 2004 19:34

> Dave Korn wrote:
> 
> >   Actually, SYSTEM has higher privileges in general than 
> root.  It may well
> > be impossible to kill some tasks belonging to system 
> because they may not
> > allow full access even to users with admin rights.  The 
> error message may be
> > misleading, and maybe it should be saying "Access denied".
> 
> FYI, you can kill SYSTEM processes as a regular user administrator
> account using Process Explorer from sysinternals.com.  I 
> haven't checked
> but I believe the program installs a helper driver that runs as SYSTEM
> to perform these actions as proxy for the user.  A lot of the
> sysinternals tools do something like that it seems.

  Yep.  A quick check with PEView shows that procexp.exe contains two binary
resources, RCDRIVERNT and RCDRIVER9X; the ..NT one clearly contains a .sys
driver file that creates a device.  Interesting functions it links against
include  ZwOpenProcess, KeDetachProcess and KeAttachProcess, and
ZwOpenProcessToken.  Looks like it attaches a thread into the process to be
killed and I'd guess it then gives access rights to the token allowing the
gui process to get at it.

[ObCygwin]  Sysinternals' tools are invaluable for diagnosing cygwin
problems just as much as windoze problems.  Trouble with access perms for
your cron daemon service?  See what's going on with tokenmon.  Trouble with
file access?  Filemon will show you what files are involved.  Need lofs
functionality?  Use HandleEx or ProcExp.  And so on!

    cheers, 
      DaveK
-- 
Can't think of a witty .sigline today....

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
From:	"Dave Korn" <dk AT artimi DOT com>
To:	<cygwin AT cygwin DOT com>
Subject:	[OT] RE: Problems listing tasks under cygwin.
Date:	Wed, 19 May 2004 10:16:07 +0100
MIME-Version:	1.0
In-Reply-To:	<40AA571A.C2ACDB24@dessent.net>
Message-ID:	<NUTMEGJMXehYSoOZzHZ0000017f@NUTMEG.CAM.ARTIMI.COM>
X-OriginalArrivalTime:	19 May 2004 09:16:07.0788 (UTC) FILETIME=[EB1DA2C0:01C43D81]