hi all

when using the "ReadProcessMemory" to make a dump an image

from memory ,this API reports the Error 'Error_No_Access' , Note

that it succeeds with a litte part of victim's memory but it fails to read the entire image (Number of bytes = SizeOfImage) ,Note

that the VirtualProtectEx API reports also the same Error code

How can I do it ?

_

hi all

when using the "ReadProcessMemory" to make a dump an image

from memory ,this API reports the Error 'Error_No_Access' , Note

that it succeeds with a litte part of victim's memory but it fails to read the entire image (Number of bytes = SizeOfImage) ,Note

that the VirtualProtectEx API reports also the same Error code

How can I do it ?

_

Make sure that the handle you are using with ReadProcessMemory has valid rights to do the operations you wish.

Thanx for reply

I said it succeed with a little

Part from victim's memory

I'm sure , handle is valid

Thanks

The access rights of the handle you are using must have proper permissions for memory operations, thread operations, etc.

For example, a basic handle to alter a processes memory would use:

HANDLE hHandle = OpenProcess( PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, FALSE, dwProcId );

If you are using PROCESS_ALL_ACCESS, you are probably running into issues due to XP/Vista changes in how the API handles this value. It is better practice to specify the rights yourself rather then using that flag.