Can't read process name (and many other prop) on Windows 2012

[abravetti]

I'm not able tu read the process name of a Windows Service running psutil with an unprivileged user.

Windows XP:

>>> p = psutil.Process(12345)
>>> p.name()
u'pythonservice.exe'

Windows 2012:

>>> import psutil
>>> p = psutil.Process(12345)
>>> p.name()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "E:\python\lib\site-packages\psutil\__init__.py", line 490, in name
    name = self._proc.name()
  File "E:\python\lib\site-packages\psutil\_pswindows.py", line 206, in wrapper
    return fun(self, *args, **kwargs)
  File "E:\python\lib\site-packages\psutil\_pswindows.py", line 241, in name
    return os.path.basename(self.exe())
  File "E:\python\lib\site-packages\psutil\_pswindows.py", line 213, in wrapper
    raise AccessDenied(self.pid, self._name)
psutil.AccessDenied: (pid=12345)

[mrjefftang]

This isn't a bug. This is just Windows 2012 having better permissions.

Run your python script at the same level of permissions or the same user. Sysinternal's PsExec may help.

[abravetti]

I'm not sure: I have lot of tools I can run with unprivileged user to see almost any information on any process, nothing to do with Windows 2012 security.

What I except is to do same things with psutil too.

[mrjefftang]

What other tools are you using and are you sure they aren't elevating themselves?

[abravetti]

You can use Process Explorer or anything else, also Task Manager, with an unprivileged user.

I think the bug is in _psutil_windows.pyd

[mrjefftang]

Task Manager doesn't show the other processes until you select "Show Processes from All users" which has a UAC elevation icon next to it.

[abravetti]

No, I'm not an Administrator, just member of Users group and I'm almost sure I can use even old program without UAC support.

I think in some function, as psutil_proc_exe, PROCESS_QUERY_LIMITED_INFORMATION should be used instead of PROCESS_QUERY_INFORMATION.

I'm going to rebuild _psutil_windows.pyd with this patch just to give it a try.

[giampaolo]

Process Explorer is able to do that because it is installed as a system driver whereas psutil is not. Since this is a question which comes up very often I think we better add a new section in the doc describing the privileges limitations of psutil on Windows. I like your suggestion about PROCESS_QUERY_LIMITED_INFORMATION though so I'm looking forward to see what you'll find out.

[mrjefftang]

You would still need elevated privileges for Process Explorer to install the driver.

[abravetti]

procex.exe was just unzipped on the desktop and it was never installed or executed by an administrator

Unfortunately PROCESS_QUERY_LIMITED_INFORMATION can't help with OpenProcess() and AccessDenied... I have the same error.

There is a solution on MSDN thet may help, at least to read the process name and some other info and it may be implemented as a fallback:

https://msdn.microsoft.com/en-us/library/windows/desktop/ms686701.aspx

Again, Process Explorer work with unprivileged user, not installed as a driver, not elevated, never executed as Administrator, and can show ANY process on the server, like any 'ps' do.

[giampaolo]

@abravetti: thanks for the insight. I committed 29defce. With this we can get the name() of all running processes, no matter what your privileges are. It seems we might do the same for exe(). I will look into that later.

[giampaolo]

It seems we can't determine the exe() after all, only the name().

[abravetti]

great! thank you!