Jump to content
Tuts 4 You

ReadProcessMemory reports an Error

yanes

By yanes
in Programming and Coding

Recommended Posts

yanes

yanes

Posted
Posted

hi all

when using the "ReadProcessMemory" to make a dump an image

from memory ,this API reports the Error 'Error_No_Access' , Note

that it succeeds with a litte part of victim's memory but it fails to read the entire image (Number of bytes = SizeOfImage) ,Note

that the VirtualProtectEx API reports also the same Error code

How can I do it ?

_

atom0s

atom0s

Posted
Posted

hi all

when using the "ReadProcessMemory" to make a dump an image

from memory ,this API reports the Error 'Error_No_Access' , Note

that it succeeds with a litte part of victim's memory but it fails to read the entire image (Number of bytes = SizeOfImage) ,Note

that the VirtualProtectEx API reports also the same Error code

How can I do it ?

_

Make sure that the handle you are using with ReadProcessMemory has valid rights to do the operations you wish.

yanes

yanes

Posted
  • Author
Posted

Thanx for reply

I said it succeed with a little

Part from victim's memory

I'm sure , handle is valid

Thanks

atom0s

atom0s

Posted
Posted

The access rights of the handle you are using must have proper permissions for memory operations, thread operations, etc.

For example, a basic handle to alter a processes memory would use:

HANDLE hHandle = OpenProcess( PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, FALSE, dwProcId );

If you are using PROCESS_ALL_ACCESS, you are probably running into issues due to XP/Vista changes in how the API handles this value. It is better practice to specify the rights yourself rather then using that flag.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...