Forum: SuRun English speaking RSS
SuRun doesn't preserve process parent
xarx #1
Member since Mar 2018 · 10 posts
Group memberships: Mitglieder
Show profile · Link to this post
Subject: SuRun doesn't preserve process parent
This problem is related to the problem that SuRun interferes elevation of all windows processes, not only those started with SuRun. (I pointed this out in a previous thread in this forum.)

I use a file-manager (FarManager, https://www.farmanager.com/) that allows elevation of its own rights when copying files to a folder that needs it (e.g. to "Program Files"). It does that by creating a sub-process with elevated rights. The sub-process is invisible (it does not have its own window), and its parent process is normally the file-manager process.

After installing SuRun, it doesn't work this way anymore. When the file-manager wants to elevate itself, the secure desktop occurs as usual, but now with the SuRun dialog instead of the standard Windows one. The result is that the elevated file-manager process is now visible and its parent is not the original file-manager process.

Windows 7 Pro x64, SuRun 1.2.1.2.
xarx #2
Member since Mar 2018 · 10 posts
Group memberships: Mitglieder
Show profile · Link to this post
Subject: Solution
The solution is the same as http://forum.kay-bruns.de/post/4085. Turning off the feature solves both problems.
Kay (Administrator) #3
User title: Weltverbesserer
Member since Nov 2007 · 1507 posts · Location: Magdeburg
Group memberships: Administratoren, Mitglieder
Show profile · Link to this post
Sorry for the late answer.

If SuRun needs to create an elevated process it cannot set the parent process for the new child.
A helper surun.exe will start the child process and then terminate.
So the parent child relationship between the two processes is never set.
The helper Process is needed because the elevated token should not go to the non elevated calling process to not make it readable to malware.
You can tell SuRun to not set a hook into programs via the setup.
The UAC pops in and preserves the processes relationship.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Not logged in. · Lost password · Register
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Page created in 77.9 ms (33 ms) · 53 database queries in 15 ms
Current time: 2019-05-25, 03:38:54 (UTC +02:00)