AssignProcessToJobObject fails with "Access Denied" error when running under the debugger

Question

You do AssignProcessToJobObject and it fails with "access denied" but only when you are running in the debugger. Why is this?

Answer 1

This one puzzled me for for about 30 minutes.

First off, you probably need a UAC manifest embedded in your app (as suggested here). Something like this:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
    <!-- Identify the application security requirements. -->
    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
      <security>
        <requestedPrivileges>
          <requestedExecutionLevel
            level="asInvoker"
            uiAccess="false"/>
        </requestedPrivileges>
      </security>
    </trustInfo>
  </assembly>

Secondly (and this is the bit I got stuck on), when you are running your app under the debugger, it creates your process in a job object. Which your child process needs to be able to breakaway from before you can assign it to your job. So (duh), you need to specify CREATE_BREAKAWAY_FROM_JOB in the flags for CreateProcess).

If you weren't running under the debugger, or your parent process were in the job, this wouldn't have happened.

Answer 2

Shouldn't elevated apps be invoked with manifest set to requireadministrator?