I'm trying to get a process name from its pid. User is running as Administrator, UAC enabled, not elevated.

Some system processes, like services.exe, have their security set up in such way that OpenProcess(PROCESS_QUERY_INFORMATION ... fails with ERROR_ACCESS_DENIED. Same result with PROCESS_QUERY_LIMITED_INFORMATION access right. However, I can see that Process Explorer can at least list all these processes, along with their pid and file name (when running as non-elevated Administrator).

My question is, how can I do the same (get file name from pid), given that non-elevated administrator cannot follow the usual route of OpenProcess() + GetProcessImageFileName()?

Have you tried Process32First() and Process32Next() with a handle retrieved by CreateToolhelp32Snapshot()? It doesn't give you the full path but should at least let you get the file name.

You can't open system processes (more precisely, processes running under another account - in this case user SYSTEM) without SE_DEBUG privilege enabled for your process. If you are running as admin, you can easily set the privilege: http://support.microsoft.com/kb/131065/en-us

Have you tried PROCESS_QUERY_LIMITED_INFORMATION instead? It requests a lower level of access that can provide at least the name of the executable. It allows you to call QueryFullProcessImageName which provides the information you're looking for

• http://msdn.microsoft.com/en-us/library/windows/desktop/ms684919(v=vs.85).aspx