OpenEvent() fails on Vista for some processes while trying toopen global event
in [Win32 Kernel]
|
Prev: Finding lost file handle
Next: OpenEvent() fails on Vista for some processes while trying to open global event
From: Grzegorz Wróbel on 16 Dec 2009 10:58 Pavel A. wrote: > Something related to the integrity classes? I don't think so. I have excluded such possibility since setting explicitly access rights to Everyone includes also untrusted level, so integrity control shouldn't get in the way. Now after getting two replies suggesting it I have checked it to be sure and it turns out that the process who fails to open the event has system integrity level. So it's certainly not it. The process must have been crippled in some other way. The only limitation for this process I have found so far is that it has only one privilege left but that is not the problem as OpenEvent() does not require any special privileges. Other than that I have found nothing. Process access token do not have a list of restricting SIDs and the group accounts associated with a token do not contain any SID with deny-only attribute: Token Groups: Sid: S-1-16-16384 (name: System Mandatory Level) Attributes: 0x00000060 Sid: S-1-1-0 (name: Everyone) Attributes: 0x00000007 Sid: S-1-5-32-545 (name: Users) Attributes: 0x00000007 Sid: S-1-5-6 (name: SERVICE) Attributes: 0x00000007 Sid: S-1-5-11 (name: Authenticated Users) Attributes: 0x00000007 Sid: S-1-5-15 (name: This Organization) Attributes: 0x00000007 Sid: S-1-2-0 (name: LOCAL) Attributes: 0x00000007 Sid: S-1-5-5-0-411953 (name: ) Attributes: 0xc0000007 Why the OpenEvent() is failing with ERROR_ACCESS_DENIED I still don't know. This process can communicate with the service using interprocess communication but cannot use an event for synchronization. -- Grzegorz Wr�bel 677265676F727940346E6575726F6E732E636F6D
From: Grzegorz Wróbel on 16 Dec 2009 21:16
Remy Lebeau wrote: > > Rather then creating a DACL with read/write permissions, try assigning a NULL DACL instead. That will allow unrestricted access to everyone. For example: > Among many things I have tried that as well, but to no avail. That's not surprising really - if granting read/write permission was enough for other processes (I granted for Everyone) then it is clearly something must be wrong with the process that tries to open the event, not with the event itself. I think there must be some very unusual restrictions added to that particular process by the service that spawns it. -- Grzegorz Wr�bel 677265676F727940346E6575726F6E732E636F6D |