Friday, September 9, 2011
I recently ran into a situation where I was using the SysInternals tool ProcDump to write a dump file to be examined for a memory leak.
The problem started when trying to run ProcDump against the process oracle.exe. The error message was “Access denied.”
I was am administrator on the server so how could I become more powerful than an administrator?
The answer comes in the form of opening a command prompt as NT AUTHORITY\SYSTEM, which will then grant us the authority to access the oracle.exe process to create a dump file.
The first step is to download the Sysinternals tool PsExec from the below URL:
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
Extract PsTools.zip to a folder on your hard disk.
Launch a command prompt as administrator (right-click the command prompt shortcut):
In the command prompt navigate to the folder containing the PsTools.zip extracted data.
We will now launch PsExec.exe with the -i and -s switches to launch the program interactively using Local System.
psexec.exe -i -s %SystemRoot%\system32\cmd.exe
Type whoami at the newly opened command prompt and you will see that you are now running as NT AUTHORITY\SYSTEM:
You can now execute ProcDump against the process that you were previously denied access to and complete your work.
Note: If your system does not have whoami.exe, you can typically find this program as a separate download via the resource kit or support tools appropriate to your Microsoft operating system.
