From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 17303 invoked by alias); 19 May 2004 09:16:25 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 17294 invoked from network); 19 May 2004 09:16:24 -0000 Received: from unknown (HELO NUTMEG.CAM.ARTIMI.COM) (217.40.111.177) by sourceware.org with SMTP; 19 May 2004 09:16:24 -0000 Received: from mace ([192.168.1.25]) by NUTMEG.CAM.ARTIMI.COM with Microsoft SMTPSVC(6.0.3790.0); Wed, 19 May 2004 10:16:07 +0100 From: "Dave Korn" To: Subject: [OT] RE: Problems listing tasks under cygwin. Date: Wed, 19 May 2004 09:23:00 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit In-Reply-To: <40AA571A.C2ACDB24@dessent.net> Message-ID: X-OriginalArrivalTime: 19 May 2004 09:16:07.0788 (UTC) FILETIME=[EB1DA2C0:01C43D81] X-SW-Source: 2004-05/txt/msg00670.txt.bz2 > -----Original Message----- > From: cygwin-owner On Behalf Of Brian Dessent > Sent: 18 May 2004 19:34 > Dave Korn wrote: > > > Actually, SYSTEM has higher privileges in general than > root. It may well > > be impossible to kill some tasks belonging to system > because they may not > > allow full access even to users with admin rights. The > error message may be > > misleading, and maybe it should be saying "Access denied". > > FYI, you can kill SYSTEM processes as a regular user administrator > account using Process Explorer from sysinternals.com. I > haven't checked > but I believe the program installs a helper driver that runs as SYSTEM > to perform these actions as proxy for the user. A lot of the > sysinternals tools do something like that it seems. Yep. A quick check with PEView shows that procexp.exe contains two binary resources, RCDRIVERNT and RCDRIVER9X; the ..NT one clearly contains a .sys driver file that creates a device. Interesting functions it links against include ZwOpenProcess, KeDetachProcess and KeAttachProcess, and ZwOpenProcessToken. Looks like it attaches a thread into the process to be killed and I'd guess it then gives access rights to the token allowing the gui process to get at it. [ObCygwin] Sysinternals' tools are invaluable for diagnosing cygwin problems just as much as windoze problems. Trouble with access perms for your cron daemon service? See what's going on with tokenmon. Trouble with file access? Filemon will show you what files are involved. Need lofs functionality? Use HandleEx or ProcExp. And so on! cheers, DaveK -- Can't think of a witty .sigline today.... -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/