PI-Defender
Removing access rights leads CreateProcess returns access denied
Running a non-signed program which call CreateProcess returns error
PROCESS_INFORMATION pi = { 0 };
STARTUPINFOW si = { 0 };
WCHAR cmd[] = L"cmd.exe";
if (!CreateProcessW(NULL, cmd, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi))
wprintf(L"error %d\n", GetLastError());
// error 5
Hi @EddieIvan01,
Thank you for the submitted issue.
We are currently working on it.
NT functions used to create processes work as expected (same for Zw)
- [x]
NtCreateProcessEx - [x]
NtCreateProcess
Unfortunately, as you mentionned earlier, this does not yet work for CreateProcess.
In the Microsoft documentation, we know that by default the handle returned from this function got PROCESS_ALL_ACCESS.
The handle returned by the CreateProcess function has PROCESS_ALL_ACCESS access to the process object"
Maybe, CreateProcess has an undocumented internal verification checking the full rights of the returned handle ?
If someone has a proposal or hint to solve the problem it is welcome.
NT functions used to create processes work as expected (same for Zw)
- [x]
NtCreateProcessEx- [x]
NtCreateProcessUnfortunately, as you mentionned earlier, this does not yet work for
CreateProcess. In the Microsoft documentation, we know that by default the handle returned from this function got PROCESS_ALL_ACCESS.The handle returned by the CreateProcess function has PROCESS_ALL_ACCESS access to the process object"
Maybe,
CreateProcesshas an undocumented internal verification checking the full rights of the returned handle ? If someone has a proposal or hint to solve the problem it is welcome.
Just test with my repo CreateProcessInternalW-Full
