yanes Posted August 7, 2009 Share Posted August 7, 2009 hi all when using the "ReadProcessMemory" to make a dump an image from memory ,this API reports the Error 'Error_No_Access' , Note that it succeeds with a litte part of victim's memory but it fails to read the entire image (Number of bytes = SizeOfImage) ,Note that the VirtualProtectEx API reports also the same Error codeHow can I do it ? _ Link to comment
atom0s Posted August 8, 2009 Share Posted August 8, 2009 hi all when using the "ReadProcessMemory" to make a dump an image from memory ,this API reports the Error 'Error_No_Access' , Note that it succeeds with a litte part of victim's memory but it fails to read the entire image (Number of bytes = SizeOfImage) ,Note that the VirtualProtectEx API reports also the same Error codeHow can I do it ? _Make sure that the handle you are using with ReadProcessMemory has valid rights to do the operations you wish. Link to comment
yanes Posted August 8, 2009 Author Share Posted August 8, 2009 Thanx for reply I said it succeed with a littlePart from victim's memoryI'm sure , handle is valid Thanks Link to comment
atom0s Posted August 8, 2009 Share Posted August 8, 2009 The access rights of the handle you are using must have proper permissions for memory operations, thread operations, etc.For example, a basic handle to alter a processes memory would use:HANDLE hHandle = OpenProcess( PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, FALSE, dwProcId );If you are using PROCESS_ALL_ACCESS, you are probably running into issues due to XP/Vista changes in how the API handles this value. It is better practice to specify the rights yourself rather then using that flag. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now