This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[OT] RE: Problems listing tasks under cygwin.


> -----Original Message-----
> From: cygwin-owner On Behalf Of Brian Dessent
> Sent: 18 May 2004 19:34

> Dave Korn wrote:
> 
> >   Actually, SYSTEM has higher privileges in general than 
> root.  It may well
> > be impossible to kill some tasks belonging to system 
> because they may not
> > allow full access even to users with admin rights.  The 
> error message may be
> > misleading, and maybe it should be saying "Access denied".
> 
> FYI, you can kill SYSTEM processes as a regular user administrator
> account using Process Explorer from sysinternals.com.  I 
> haven't checked
> but I believe the program installs a helper driver that runs as SYSTEM
> to perform these actions as proxy for the user.  A lot of the
> sysinternals tools do something like that it seems.

  Yep.  A quick check with PEView shows that procexp.exe contains two binary
resources, RCDRIVERNT and RCDRIVER9X; the ..NT one clearly contains a .sys
driver file that creates a device.  Interesting functions it links against
include  ZwOpenProcess, KeDetachProcess and KeAttachProcess, and
ZwOpenProcessToken.  Looks like it attaches a thread into the process to be
killed and I'd guess it then gives access rights to the token allowing the
gui process to get at it.

[ObCygwin]  Sysinternals' tools are invaluable for diagnosing cygwin
problems just as much as windoze problems.  Trouble with access perms for
your cron daemon service?  See what's going on with tokenmon.  Trouble with
file access?  Filemon will show you what files are involved.  Need lofs
functionality?  Use HandleEx or ProcExp.  And so on!


    cheers, 
      DaveK
-- 
Can't think of a witty .sigline today....


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]