lsakizada Posted March 9, 2014 Share Posted March 9, 2014 (edited) Hi, Can someone please help me on this issue: Using the example script for _WinAPI_GetProcessMemoryInfo: #include <WinAPIProc.au3> Local $Data = _WinAPI_GetProcessMemoryInfo(0) ConsoleWrite('Number of page faults: ' & $Data[0] & @CRLF) When I set the function with proces's pid that is not the pid of current user the script failed with message: "C:UsersuserDesktop_WinAPI_GetProcessMemoryInfo.au3" (5) : ==> Subscript used on non-accessible variable.: after some investigation, I found that this occurs if monitoring process that was launched with other user permission such as System. e.g. Two processess: process 'A' (PID=100) ran as user Process 'B' (PID=200) ran as System CurrentUser = user If calling to _WinAPI_GetProcessMemoryInfo(100) then its pass If calling to _WinAPI_GetProcessMemoryInfo(200) then its failed How do I overcome this issue? EDIT: Adding environment info: OS: win7 64 bit, UAC=off Edited March 9, 2014 by lsakizada Be Green Now or Never (BGNN)! Link to comment Share on other sites More sharing options...
Solution FireFox Posted March 9, 2014 Solution Share Posted March 9, 2014 Hi, As you pointed out, you need permissions to get those memory infos of processes created by other users even if you are admin. For this you will need to adjust the privileges of your process in order to be granted for this request. I just made an example for you : expandcollapse popup#RequireAdmin #include <ProcessConstants.au3> #include <SecurityConstants.au3> #include <Security.au3> #include <WinAPI.au3> #include <WinAPIProc.au3> #include <Array.au3> Example() Func Example() ; Open the current process in ALL ACCESS mode, with no inheritance for child processes. Local $hProcess = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, False, @AutoItPID) ; If the function failed, return False. If $hProcess = 0 Then Return False ; Open the access token associated with the current process (an access token contains ; the security information for a logon session. ; What matter to us is the privileges contained by this token. Local $hToken = _Security__OpenProcessToken($hProcess, $TOKEN_ALL_ACCESS) ; If the function failed, return False. If $hToken = 0 Then Return False ; Close the current process handle. _WinAPI_CloseHandle($hProcess) ; Retrieves the LUID (locally unique identifier) which represents the SE_DEBUG privilege. Local $iLUID = _Security__LookupPrivilegeValue("", $SE_DEBUG_NAME) ; If the function failed, return False. If $iLUID = 0 Then Return False ; Create a struct containing the TOKEN_PRIVILEGES tag. Local $tTOKENPRIV = DllStructCreate($tagTOKEN_PRIVILEGES) ; Fill the struct with the right infos. DllStructSetData($tTOKENPRIV, "Count", 1) DllStructSetData($tTOKENPRIV, "LUID", $iLUID, 1) DllStructSetData($tTOKENPRIV, "Attributes", $SE_PRIVILEGE_ENABLED, 1) ; Now adjust the token privilege to enable the DEBUG privilege. Local $fAdjust = _Security__AdjustTokenPrivileges($hToken, False, DllStructGetPtr($tTOKENPRIV), DllStructGetSize($tTOKENPRIV)) ; If the function failed, return False. If Not $fAdjust Then Return False ; Release the resources used by the structure. $tTOKENPRIV = 0 ; Do whatever with privileges here. Local $aPmi = _WinAPI_GetProcessMemoryInfo(ProcessExists("winlogon.exe")) _ArrayDisplay($aPmi) ; Close the token handle. _WinAPI_CloseHandle($hToken) EndFunc ;==>Example Br, FireFox. Link to comment Share on other sites More sharing options...
lsakizada Posted March 9, 2014 Author Share Posted March 9, 2014 Hi FireFox, Thank you very much. I just see in other examples (_Security__DuplicateTokenEx and _Security__CreateProcessWithToken ) of the document how its done. Have a good one! Be Green Now or Never (BGNN)! Link to comment Share on other sites More sharing options...
lsakizada Posted March 9, 2014 Author Share Posted March 9, 2014 (edited) FireFox The example you posted still not working for me in my system. Any suggestion?  What did you mean: For this you will need to adjust the privileges of your process in order to be granted for this request  Edited March 9, 2014 by lsakizada Be Green Now or Never (BGNN)! Link to comment Share on other sites More sharing options...
FireFox Posted March 9, 2014 Share Posted March 9, 2014 Did you paste the #RequireAdmin ? It's needed for the code to work. All I meant is that even the process is running under admin privileges, you have to add some privileges to its token for what you want to do. Link to comment Share on other sites More sharing options...
lsakizada Posted March 9, 2014 Author Share Posted March 9, 2014 Now its working. Thanks! Be Green Now or Never (BGNN)! Link to comment Share on other sites More sharing options...
FireFox Posted March 9, 2014 Share Posted March 9, 2014 Alright You can mark the thread as solved Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now