[英]Access Denied Error while trying to get the client process executable path
我正在使用作為Windows服務托管的WCF服務,該服務使用命名管道-NamedPipeServerStream (用戶特權)在服務器和客戶端進程之間建立安全連接。 為了檢查客戶端進程的真實性,我需要驗證客戶端進程可執行文件的數字簽名,因此我嘗試使用其進程ID獲取客戶端的可執行文件路徑。
我使用Windows 7 Professional SP1(64位)操作系統和Visual Studio 2015 Community Edition進行開發。 服務器(Windows服務)和客戶端進程(其他exe)都僅在Release x64模式下構建。
當某些客戶端進程連接到服務器時,我試圖獲取客戶端進程exe路徑,但在以下代碼行中拋出“訪問被拒絕”錯誤 :
return Process.GetProcessById(processId).MainModule.FileName;
因此,為了解決此問題,我在Google周圍搜索並嘗試了如下所述的其他一些實驗性試驗,但這些試驗似乎也沒有奏效。
實驗性試驗
OpenProcess(ProcessAccessFlags.PROCESS_QUERY_INFORMATION, false, processId);
OpenProcess(ProcessAccessFlags.PROCESS_QUERY_LIMITED_INFORMATION, false, processId);
但是,我在一個示例Windows控制台應用程序中嘗試了所有上述方法,該應用程序運行正常,沒有任何錯誤,並且在Windows服務中也無法正常運行。 我也嘗試將控制台應用程序轉換為dll並在服務器中引用它以獲取客戶端進程信息,但失敗->再次訪問被拒絕
我對正在發生的事情以及如何解決它一無所知。 您的建議將非常有幫助。
編輯:請找到如下所示的OpenProcess和ProcessAccessFlags的代碼片段:
public static string GetProcessExecutablePath(int processId)
{
try
{
string exePath = string.Empty;
//If running on Vista or later use the new function
if (Environment.OSVersion.Version.Major >= 6)
{
return GetProcessExecutablePathAboveVista(processId);
}
return Process.GetProcessById(processId).MainModule.FileName;
}
catch (Exception ex)
{
return "Exception in GetProcessExecutablePath(): " + ex.Message + ": " + ex.InnerException;
}
}
private static string GetProcessExecutablePathAboveVista(int processId)
{
var buffer = new StringBuilder(1024);
IntPtr hprocess = NativeMethods.OpenProcess(NativeMethods.ProcessAccessFlags.PROCESS_QUERY_LIMITED_INFORMATION,
false, processId);
if (hprocess != IntPtr.Zero)
{
try
{
int size = buffer.Capacity;
if (NativeMethods.QueryFullProcessImageName(hprocess, 0, buffer, out size))
{
return buffer.ToString();
}
else
{
return "Failed in QueryFullProcessImageName(): " + Marshal.GetLastWin32Error();;
}
}
catch (Exception ex)
{
return "Exception in: " + ex.Message;
}
finally
{
NativeMethods.CloseHandle(hprocess);
}
}
else
{
return "Handle is Zero: " + Marshal.GetLastWin32Error();
}
}
NativeMethods.cs
[Flags]
public enum ProcessAccessFlags
{
PROCESS_TERMINATE = 0x0001,
PROCESS_CREATE_THREAD = 0x0002,
PROCESS_VM_OPERATION = 0x0008,
PROCESS_VM_READ = 0x0010,
PROCESS_VM_WRITE = 0x0020,
PROCESS_DUP_HANDLE = 0x0040,
PROCESS_CREATE_PROCESS = 0x0080,
PROCESS_SET_QUOTA = 0x0100,
PROCESS_SET_INFORMATION = 0x0200,
PROCESS_QUERY_INFORMATION = 0x0400,
PROCESS_SUSPEND_RESUME = 0x0800,
PROCESS_QUERY_LIMITED_INFORMATION = 0x1000,
SYNCHRONIZE = 0x100000,
DELETE = 0x00010000,
READ_CONTROL = 0x00020000,
WRITE_DAC = 0x00040000,
WRITE_OWNER = 0x00080000,
STANDARD_RIGHTS_REQUIRED = 0x000F0000,
PROCESS_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFFF
}
[DllImport("Kernel32.dll", EntryPoint = "OpenProcess", SetLastError = true)]
public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("Kernel32.dll", EntryPoint = "QueryFullProcessImageName", SetLastError = true)]
public static extern bool QueryFullProcessImageName(IntPtr hprocess, int dwFlags, StringBuilder lpExeName, out int size);
[DllImport("Kernel32.dll", EntryPoint = "CloseHandle", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CloseHandle(IntPtr hHandle);
對於從Vista開始的Windows,通過pid獲取進程映像文件名,可以使用NtQuerySystemInformation(SystemProcessInformation, ...)
為每個進程獲取SYSTEM_PROCESS_INFORMATION
結構的數組。 此結構具有PVOID UniqueProcessId
以查找您要查找的pid和UNICODE_STRING ImageName
以獲取圖像文件名,請參閱https://msdn.microsoft.com/ru-ru/library/windows/desktop/ms724509(v=vs.85 ).aspx https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/sysinfo/process.htm
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.