vojtechvarga
asked on
WriteProcessMemory access error in sp2
Hi,
I am trying to write into allocated memory of another process but WriteProcessMemory() failes with error code 5 (access error). The code example works fine on NT and XP SP1. I tired to change my own process privilege SE_DEBUG_NAME but it still fails. The process I am writting to runs on the same PC and was started by me. Any idea which part of XP SP2 security is blocking me and how to get around it?
//********************* Change my own process privilege ************************** **
t1 = GetTokenInformation(TokenH andleOwn, TokenPrivileges, NULL, 0, &dwSize);
PTOKEN_PRIVILEGES pPriv = NULL;
char buf[526];
CString privbuffer;
if(dwSize > 0)
{
pPriv = (PTOKEN_PRIVILEGES )malloc(dwSize);
t1 = GetTokenInformation(TokenH andleOwn, TokenPrivileges, pPriv, dwSize, &dwSize);
tt = GetLastError();
LUID mluid;
for (int i = 0; i < pPriv->PrivilegeCount; i++)
{
mluid.HighPart = pPriv->Privileges[i].Luid. HighPart;
mluid.LowPart = pPriv->Privileges[i].Luid. LowPart;
t1 = LookupPrivilegeName(NULL,& mluid,buf, &dwSize);
if(t1)
{
privbuffer.Format("Priv: Val %d-'%s'; Att: %d",mluid.LowPart,buf,pPri v->Privile ges[i].Att ributes);
//AfxMessageBox(privbuffer );
}
else
;// AfxMessageBox("Error");
}
privbuffer.Format("# of priv: %d",pPriv->PrivilegeCount) ;
AfxMessageBox(privbuffer);
TOKEN_PRIVILEGES tp; /* token provileges */
TOKEN_PRIVILEGES oldtp; /* old token privileges */
DWORD dwSize1 = sizeof (TOKEN_PRIVILEGES);
LUID luid;
for (i = 0; i < pPriv->PrivilegeCount; i++)
{
pPriv->Privileges[i].Attri butes = SE_PRIVILEGE_ENABLED;
}
t1 = AdjustTokenPrivileges (TokenHandleOwn, FALSE, pPriv, NULL,NULL, NULL);
}
//**************** Write to process ************************** ********** ********** *
m_hProcess = OpenProcess(PROCESS_ALL_AC CESS, FALSE, m_PID);
if (m_hProcess == NULL)
{
message.Format("OpenProces s ID(%d) failed: %d\n",m_PID, GetLastError());
AfxMessageBox(message,MB_O K|MB_ICONE XCLAMATION );
return;
}
else
{
pLibRemote = (PDWORD)VirtualAllocEx(m_h Process, NULL, 1024,MEM_COMMIT,PAGE_READW RITE );
if (pLibRemote != NULL)
{
p = WriteString( m_hProcess, pLibRemote, "12345",5, NULL );
p = WriteProcessMemory( m_hProcess, pLibRemote, "12345",5, NULL );
if(!p)
{
privbuffer.Format("Could not write, error: %d",GetLastError());
AfxMessageBox(privbuffer);
}
else
{
privbuffer.Format("Memory written to: 0x%x",(DWORD)pLibRemote);
AfxMessageBox(privbuffer);
}
}
}
Regard VV
I am trying to write into allocated memory of another process but WriteProcessMemory() failes with error code 5 (access error). The code example works fine on NT and XP SP1. I tired to change my own process privilege SE_DEBUG_NAME but it still fails. The process I am writting to runs on the same PC and was started by me. Any idea which part of XP SP2 security is blocking me and how to get around it?
//********************* Change my own process privilege **************************
t1 = GetTokenInformation(TokenH
PTOKEN_PRIVILEGES pPriv = NULL;
char buf[526];
CString privbuffer;
if(dwSize > 0)
{
pPriv = (PTOKEN_PRIVILEGES )malloc(dwSize);
t1 = GetTokenInformation(TokenH
tt = GetLastError();
LUID mluid;
for (int i = 0; i < pPriv->PrivilegeCount; i++)
{
mluid.HighPart = pPriv->Privileges[i].Luid.
mluid.LowPart = pPriv->Privileges[i].Luid.
t1 = LookupPrivilegeName(NULL,&
if(t1)
{
privbuffer.Format("Priv: Val %d-'%s'; Att: %d",mluid.LowPart,buf,pPri
//AfxMessageBox(privbuffer
}
else
;// AfxMessageBox("Error");
}
privbuffer.Format("# of priv: %d",pPriv->PrivilegeCount)
AfxMessageBox(privbuffer);
TOKEN_PRIVILEGES tp; /* token provileges */
TOKEN_PRIVILEGES oldtp; /* old token privileges */
DWORD dwSize1 = sizeof (TOKEN_PRIVILEGES);
LUID luid;
for (i = 0; i < pPriv->PrivilegeCount; i++)
{
pPriv->Privileges[i].Attri
}
t1 = AdjustTokenPrivileges (TokenHandleOwn, FALSE, pPriv, NULL,NULL, NULL);
}
//**************** Write to process **************************
m_hProcess = OpenProcess(PROCESS_ALL_AC
if (m_hProcess == NULL)
{
message.Format("OpenProces
AfxMessageBox(message,MB_O
return;
}
else
{
pLibRemote = (PDWORD)VirtualAllocEx(m_h
if (pLibRemote != NULL)
{
p = WriteString( m_hProcess, pLibRemote, "12345",5, NULL );
p = WriteProcessMemory( m_hProcess, pLibRemote, "12345",5, NULL );
if(!p)
{
privbuffer.Format("Could not write, error: %d",GetLastError());
AfxMessageBox(privbuffer);
}
else
{
privbuffer.Format("Memory written to: 0x%x",(DWORD)pLibRemote);
AfxMessageBox(privbuffer);
}
}
}
Regard VV
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
Thanks for helping. I did the same think and it still did not work on my PC. I then tried a different PC with SP2 where I know I have full Administrator rights and it worked fine. So it lies somewhere on rights. I will try to find out what I am missing on my first PC as soon as I get some time.
Thanks for helping. I did the same think and it still did not work on my PC. I then tried a different PC with SP2 where I know I have full Administrator rights and it worked fine. So it lies somewhere on rights. I will try to find out what I am missing on my first PC as soon as I get some time.
You might look to any anti-virus settings on that problem box. IMO, Norton Antivirus (just an an example) will make sweeping changes to policy settings *by default* and think that it is doing you a favor.
I believe that my forst comment helped to narrow down the possibilities and my second is a PAQworthy suggestion.
WriteString( ... );
?
One thing to try is ratchet-down the requested access rights in the OpenProcess() call. It's possible that SP2 allows you to open for PROCESS_ALL_ACCESS without complaint, but then catches naughty processes only when they try the WriteProcessMemeory call.
I'll see if I can reproduce the problem...
-- Dan