views:

682

answers:

2

You do AssignProcessToJobObject and it fails with "access denied" but only when you are running in the debugger. Why is this?

+5  A: 

This one puzzled me for for about 30 minutes.

First off, you probably need a UAC manifest embedded in your app (as suggested here). Something like this:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
    <!-- Identify the application security requirements. -->
    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
      <security>
        <requestedPrivileges>
          <requestedExecutionLevel
            level="asInvoker"
            uiAccess="false"/>
        </requestedPrivileges>
      </security>
    </trustInfo>
  </assembly>

Secondly (and this is the bit I got stuck on), when you are running your app under the debugger, it creates your process in a job object. Which your child process needs to be able to breakaway from before you can assign it to your job. So (duh), you need to specify CREATE_BREAKAWAY_FROM_JOB in the flags for CreateProcess).

If you weren't running under the debugger, or your parent process were in the job, this wouldn't have happened.

1800 INFORMATION
A: 

Shouldn't elevated apps be invoked with manifest set to requireadministrator?