I want to get executable path of csrss process. I enabled privileges, but GetLastError() function returns error 5 in OpenProcess. I'm running Visual Studio as administrator and compiling program in 64bit mode, also I'm using Windows 8. Thanks to all.
HANDLE hcurrentProcess=GetCurrentProcess();
HANDLE hToken;
size_t error;
if (!OpenProcessToken(hcurrentProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
return nullptr;
if (CheckTokenPrivilege(hcurrentProcess, SE_DEBUG_NAME)) {
LUID luid;
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid))
return nullptr;
TOKEN_PRIVILEGES newState,prvsState;
DWORD length;
newState.PrivilegeCount = 1;
newState.Privileges[0].Luid = luid;
newState.Privileges[0].Attributes = 2;
AdjustTokenPrivileges(hToken, FALSE, &newState, 28, &prvsState, &length);
error = GetLastError(); //error = 0
if (error == ERROR_NOT_ALL_ASSIGNED)
return nullptr;
//OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, 876); also error 5
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, 876);
error = GetLastError(); } // error 5 Access is denied
csrss.exe is a Protected Processes Light process, this protection was introduced in Windows 8.1. You can no longer access it even with a low permission like PROCESS_VM_READ as a local System user, even with SeDebugPrivelage
Rather than what you're doing, just use GetSystemDirectory() and then append "csrss.exe" on the end of it's result to get the path of the file.