[OT] RE: Problems listing tasks under cygwin.

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: "Dave Korn" <dk@artimi.com>
To: <cygwin@cygwin.com>
Subject: [OT] RE: Problems listing tasks under cygwin.
Date: Wed, 19 May 2004 09:23:00 -0000	[thread overview]
Message-ID: <NUTMEGJMXehYSoOZzHZ0000017f@NUTMEG.CAM.ARTIMI.COM> (raw)
In-Reply-To: <40AA571A.C2ACDB24@dessent.net>

> -----Original Message-----
> From: cygwin-owner On Behalf Of Brian Dessent
> Sent: 18 May 2004 19:34

> Dave Korn wrote:
> 
> >   Actually, SYSTEM has higher privileges in general than 
> root.  It may well
> > be impossible to kill some tasks belonging to system 
> because they may not
> > allow full access even to users with admin rights.  The 
> error message may be
> > misleading, and maybe it should be saying "Access denied".
> 
> FYI, you can kill SYSTEM processes as a regular user administrator
> account using Process Explorer from sysinternals.com.  I 
> haven't checked
> but I believe the program installs a helper driver that runs as SYSTEM
> to perform these actions as proxy for the user.  A lot of the
> sysinternals tools do something like that it seems.

  Yep.  A quick check with PEView shows that procexp.exe contains two binary
resources, RCDRIVERNT and RCDRIVER9X; the ..NT one clearly contains a .sys
driver file that creates a device.  Interesting functions it links against
include  ZwOpenProcess, KeDetachProcess and KeAttachProcess, and
ZwOpenProcessToken.  Looks like it attaches a thread into the process to be
killed and I'd guess it then gives access rights to the token allowing the
gui process to get at it.

[ObCygwin]  Sysinternals' tools are invaluable for diagnosing cygwin
problems just as much as windoze problems.  Trouble with access perms for
your cron daemon service?  See what's going on with tokenmon.  Trouble with
file access?  Filemon will show you what files are involved.  Need lofs
functionality?  Use HandleEx or ProcExp.  And so on!

    cheers, 
      DaveK
-- 
Can't think of a witty .sigline today....

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

next prev parent reply	other threads:[~2004-05-19  9:16 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-05-18  8:07 alejandro.sanchez
2004-05-18 16:58 ` Larry Hall
2004-05-18 17:03 ` Dave Korn
2004-05-18 18:40   ` Brian Dessent
2004-05-18 18:49     ` Igor Pechtchanski
2004-05-19  9:23     ` Dave Korn [this message]
2004-05-19  9:29       ` [OT] " Brian Dessent
2004-05-19 14:03         ` Brian Ford
2004-05-20 13:22           ` Dave Korn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=NUTMEGJMXehYSoOZzHZ0000017f@NUTMEG.CAM.ARTIMI.COM \
    --to=dk@artimi.com \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).