Process access rights required for restart manager to qualify process as RmMainWindow or RmOther
It seems that unless target process has PROCESS_TERMINATE and PROCESS_VM_READ access rights enabled for user's account under which some process (like RMTool.exe) calls Restart Manager APIs, target process is qualified as RmCritical (member of RM_APP_TYPE enumeration) and Restart Manager refuses to send WM_QUERYENDSESSION and WM_ENDSESSION messages to the target process (tested with RMTool.exe). I tested with small custom test application that just sends those messages to the target process - works fine - process shuts down.
I suspect this could prevent my application from passing Logo certification. Does anyone knows what is the reason for such behavior? Any workarounds (besides enabling PROCESS_TERMINATE and PROCESS_VM_READ)?
Here is a simple test:
1. Start Notepad.
2. Start some program that allows to modify access token of running process (I used AccessMaster from Jeffrey Richter's book).
3. Modify token - remove PROCESS_TERMINATE or PROCESS_VM_READ from logon session SID and user's sid.
4 Verify that RMTool reports Notepad's process as critical - RmCritical.
I tested this under both administrator and regular user accounts - same behavior.
Any ideas?
Here is full output of RMTool.exe
C:\Program Files\Microsoft Corporation\Logo Testing Tools for Windows\Restart Ma
nager\x86>rmtool -p 1756 -S
Starting Session
StartSession() returned 0
SUCCESS: StartSession()
Session Key: a0303f92da1734408b550eb1a5901483M
Registering file
RegisterResources() returned 0
SUCCESS: RegisterResources()
Getting affected apps.
RmGetList() needs 1 structs, reboot reasons 0x1, returned 0xea
SUCCESS: Allocating RM_PROCESS_INFO array
SUCCESS: GetAffectedApps()
My PID: 2380, Affected Apps: 1, needed 1, reboot reasons 0x1
PID(1:1756, type 1000, stat 1) - myapplication.exe ()
Shuting down applications
*** FAILURE ***: RmShutdown()
Ending Session
EndSession() returned 0
SUCCESS: EndSession()
