I've been coding apps using OpenProcess for a while now. But I've just encountered a problem with a new app I've wrote. I use the following code:
invoke OpenProcess,PROCESS_ALL_ACCESS,NULL,target_PID
It doesn't open it and the LastError is ERROR_NOACCESS. I've also tried just VM_READ, and it still doesn't work. I've stepped through the code in OllyDbg, and everything is fine. I've checked the process ID aswell, and that's OK. Do I have to call something else to allow my app to access this process?
Thanks
invoke OpenProcess,PROCESS_ALL_ACCESS,NULL,target_PID
It doesn't open it and the LastError is ERROR_NOACCESS. I've also tried just VM_READ, and it still doesn't work. I've stepped through the code in OllyDbg, and everything is fine. I've checked the process ID aswell, and that's OK. Do I have to call something else to allow my app to access this process?
Thanks
Which kind of user account do you run this from? I guess it should work from any account that has administrative privileges. If you don't give up :). If you have, there might be some security token you need to grant yourself access to programatically, perhaps the debug token.
try to attempt to obtain SeDebugPrivilege
call
stdcall ,eax,TOKEN_ADJUST_PRIVILEGES+TOKEN_QUERY,OFFSET hToken
stdcall ,0,OFFSET szSeDebugPriv,OFFSET tkp.Privileges
mov ,1
mov ,SE_PRIVILEGE_ENABLED
stdcall ,,0,OFFSET tkp,0,0,0
szSeDebugPriv db "SeDebugPrivilege",0
hToken dd ?
tkp TOKEN_PRIVILEGES
Is this on an NT based OS such as XP?
Is the target process in fact a system Service?
If such is the case, you can't use this method, it doesn't work.
Is the target process in fact a system Service?
If such is the case, you can't use this method, it doesn't work.
This a simple code, i was used that killing system services
BOOL KillNTSytemServiceProcess(
IN DWORD dwProcessId
)
{
HANDLE hProcess;
DWORD dwError;
hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, dwProcessId);
if (hProcess == NULL)
{
if (GetLastError() != ERROR_ACCESS_DENIED)
return FALSE;
OSVERSIONINFO osvi;
osvi.dwOSVersionInfoSize = sizeof(osvi);
GetVersionEx(&osvi);
if (osvi.dwPlatformId != VER_PLATFORM_WIN32_NT)
return SetLastError(ERROR_ACCESS_DENIED), FALSE;
TOKEN_PRIVILEGES Priv, PrivOld;
DWORD cbPriv = sizeof(PrivOld);
HANDLE hToken;
if (!OpenThreadToken(GetCurrentThread(),
TOKEN_QUERY|TOKEN_ADJUST_PRIVILEGES,
FALSE, &hToken))
{
if (GetLastError() != ERROR_NO_TOKEN)
return FALSE;
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_QUERY|TOKEN_ADJUST_PRIVILEGES,
&hToken))
return FALSE;
}
Priv.PrivilegeCount = 1;
Priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
LookupPrivilegeValue(NULL, SE_DEBUG_NAME,
&Priv.Privileges[0].Luid);
if (!AdjustTokenPrivileges(hToken, FALSE, &Priv, sizeof(Priv),
&PrivOld, &cbPriv))
{
dwError = GetLastError();
CloseHandle(hToken);
return SetLastError(dwError), FALSE;
}
if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
{
CloseHandle(hToken);
return SetLastError(ERROR_ACCESS_DENIED), FALSE;
}
hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, dwProcessId);
dwError = GetLastError();
AdjustTokenPrivileges(hToken, FALSE, &PrivOld, sizeof(PrivOld),
NULL, NULL);
CloseHandle(hToken);
if (hProcess == NULL)
return SetLastError(FALSE), NULL;
}
if (!TerminateProcess(hProcess, (UINT)-1))
{
dwError = GetLastError();
CloseHandle(hProcess);
return SetLastError(dwError), FALSE;
}
CloseHandle(hProcess);
return TRUE;
}
Hmmm, killing system services?
Thanks for the replies everyone. I'm running Windows 2000 with full admin privileges. It's not a system service either, just a standard program. I guess it uses some kind of priority function. I'll give the suggestions a try anyway.