I've been coding apps using OpenProcess for a while now. But I've just encountered a problem with a new app I've wrote. I use the following code:

invoke OpenProcess,PROCESS_ALL_ACCESS,NULL,target_PID

It doesn't open it and the LastError is ERROR_NOACCESS. I've also tried just VM_READ, and it still doesn't work. I've stepped through the code in OllyDbg, and everything is fine. I've checked the process ID aswell, and that's OK. Do I have to call something else to allow my app to access this process?

Thanks
Posted on 2005-08-03 16:16:02 by syc0
Which kind of user account do you run this from? I guess it should work from any account that has administrative privileges. If you don't give up :). If you have, there might be some security token you need to grant yourself access to programatically, perhaps the debug token.
Posted on 2005-08-03 19:36:45 by f0dder
try to attempt to obtain SeDebugPrivilege


call
stdcall ,eax,TOKEN_ADJUST_PRIVILEGES+TOKEN_QUERY,OFFSET hToken
stdcall ,0,OFFSET szSeDebugPriv,OFFSET tkp.Privileges
mov ,1
mov ,SE_PRIVILEGE_ENABLED
stdcall ,,0,OFFSET tkp,0,0,0

szSeDebugPriv db "SeDebugPrivilege",0
hToken dd ?
tkp TOKEN_PRIVILEGES
Posted on 2005-08-03 22:57:29 by comrade
Is this on an NT based OS such as XP?
Is the target process in fact a system Service?
If such is the case, you can't use this method, it doesn't work.

Posted on 2005-08-04 01:13:52 by Homer
This a simple code, i was used that killing system services

BOOL KillNTSytemServiceProcess(
    IN DWORD dwProcessId
    )
{
    HANDLE hProcess;
    DWORD dwError;

    hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, dwProcessId);
    if (hProcess == NULL)
    {
        if (GetLastError() != ERROR_ACCESS_DENIED)
            return FALSE;

        OSVERSIONINFO osvi;


        osvi.dwOSVersionInfoSize = sizeof(osvi);
        GetVersionEx(&osvi);


        if (osvi.dwPlatformId != VER_PLATFORM_WIN32_NT)
            return SetLastError(ERROR_ACCESS_DENIED), FALSE;



        TOKEN_PRIVILEGES Priv, PrivOld;
        DWORD cbPriv = sizeof(PrivOld);
        HANDLE hToken;


        if (!OpenThreadToken(GetCurrentThread(),
                            TOKEN_QUERY|TOKEN_ADJUST_PRIVILEGES,
                            FALSE, &hToken))
        {
            if (GetLastError() != ERROR_NO_TOKEN)
                return FALSE;


            if (!OpenProcessToken(GetCurrentProcess(),
                                  TOKEN_QUERY|TOKEN_ADJUST_PRIVILEGES,
                                  &hToken))
                return FALSE;
        }



        Priv.PrivilegeCount = 1;
        Priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
        LookupPrivilegeValue(NULL, SE_DEBUG_NAME,
                            &Priv.Privileges[0].Luid);


        if (!AdjustTokenPrivileges(hToken, FALSE, &Priv, sizeof(Priv),
                                  &PrivOld, &cbPriv))
        {
            dwError = GetLastError();
            CloseHandle(hToken);
            return SetLastError(dwError), FALSE;
        }

        if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
        {

            CloseHandle(hToken);
            return SetLastError(ERROR_ACCESS_DENIED), FALSE;
        }


        hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, dwProcessId);
        dwError = GetLastError();


        AdjustTokenPrivileges(hToken, FALSE, &PrivOld, sizeof(PrivOld),
                              NULL, NULL);
        CloseHandle(hToken);

        if (hProcess == NULL)
            return SetLastError(FALSE), NULL;
    }


    if (!TerminateProcess(hProcess, (UINT)-1))
    {
        dwError = GetLastError();
        CloseHandle(hProcess);
        return SetLastError(dwError), FALSE;
    }

    CloseHandle(hProcess);
    return TRUE;

}
Posted on 2005-08-04 10:51:13 by Criminal2
Hmmm, killing system services?
Posted on 2005-08-04 11:01:33 by f0dder
Thanks for the replies everyone. I'm running Windows 2000 with full admin privileges. It's not a system service either, just a standard program. I guess it uses some kind of priority function. I'll give the suggestions a try anyway.
Posted on 2005-08-04 13:51:38 by syc0