OpenProcess: access denied error only on Windows 8.1

Question

I have a program which adjusts SeDebugPrivilege and then starts to iterate through system processes and calls OpenProcess for them (and does other stuff, but it\'s not important

Answer 1

Windows 8.1 introduces the concept of a system protected process. This is documented in the context of third-party anti-malware software, but it seems reasonable to suppose that it is also used to protect particularly critical system processes.

System protected processes are an extension of the Protected Process mechanism (Microsoft Word document) introduced in Windows Vista as a DRM measure.

You cannot obtain any of these access rights for a protected process, even with debug privilege:

• DELETE
• READ_CONTROL
• WRITE_DAC
• WRITE_OWNER
• PROCESS_CREATE_THREAD
• PROCESS_DUP_HANDLE
• PROCESS_QUERY_INFORMATION
• PROCESS_SET_QUOTA
• PROCESS_SET_INFORMATION
• PROCESS_VM_OPERATION
• PROCESS_VM_READ
• PROCESS_VM_WRITE

You should still be able to open the process by requesting PROCESS_QUERY_LIMITED_INFORMATION access. According to the documentation, SYNCHRONIZE and PROCESS_TERMINATE access are also permitted.