Preventing OpenProcess() from Guest ID

[bbach17]

I run Windows 2000 Professional and I need to prevent the guest ID from
scanning another process memory using OpenProcess().

The reason for this is that there is a process that runs under
administrator. It is a security process. I have to allow others under
the guest ID to run executables for which I don't have the code while
the security process is running.

I have to prevent them from scanning the security process memory and
learning it's private key.

I ran ntrights.exe to disable SeDebugPrivilege.

Will the guest ID fail when he tries to call OpenProcess() on the
security process?

I am not a very capable programmer and I can't test this. I am hoping
perhaps someone here knows.

Are there any other Win32 SDK calls available to the guest ID so he can
scan the security process?

Thanks in advance.

 

[Skywing]

Adjust the DACL appropriately - disallow access to principals that aren't
self, administrators, or local system.

Guests should never have SeDebugPrivilege, btw.

 

[bbach17]

Adjust the DACL appropriately - disallow access to principals that aren't
self, administrators, or local system.

Guests should never have SeDebugPrivilege, btw.

Ok, I'll do it. Thanks.

Once this is done, have you tried calling OpenProcess() with
SeDebugPrivilege and actually seen it fail?

Thanks.

 

[Skywing]

OpenProcess will fail unless the DACL gives you the requested access or you
have SeDebugPrivilege.

 

[Alexander Grigoriev]

Default DACL allows intrusive access for the process creator and
LOCAL_SYSTEM only. If a process is created under admin account, another
account cannot open it. And even vice versa, unless the admin process
enables the debug privilege.