Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

OpenProcess Problem...

Featured Replies

Posted

Hi guys,

I need some little help again.So I need to build a processlist to get shwon all running processes & to choose any process to read infos / change infos inside etc.Now the problem is that I dont get access to all running process from my system using OpenProcess API with PROCESS_ALL_ACCESS flag.So for almost the half processes I dont get access and get access denied back in eax.How to get access to all processes?OpenProcess API with that flag seems to be not enough in that case.

greetz

Don't use PROCESS_ALL_ACCESS, on newer Windows versions (Vista and up) it requires more privileges to be enabled (SeDebugToken mainly) to be able to use it. Instead, just specify the needed requirements of the handle you wish to open. 

If you want to use it, you can get privileges like this:

int privileges(){
    HANDLE Token;
    TOKEN_PRIVILEGES tp;
    if(OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&Token))
    {
        LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
        tp.PrivilegeCount = 1;
        tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
        if (AdjustTokenPrivileges(Token, 0, &tp, sizeof(tp), NULL, NULL)==0){
            return 1; //FAIL
        }
        else {
            return 0; //SUCCESS
        }
    }
    return 1;
}

 

  • Author

Hi again and thanks for your answer so far.Hhm good ok.So I tried also PROCESS_VM_READ & PROCESS_QUERY_INFORMATION but they also failed.I debuged a other file what can show processes and there I see it only sets some privileges for the own process only...something like that if I did translate it right...

		invoke GetCurrentProcess
		mov ecx,eax
		invoke OpenProcessToken,ecx,TOKEN_QUERY or TOKEN_ADJUST_PRIVILEGES,addr TOKENHANDLE
		.if eax != 0h
		    invoke LookupPrivilegeValue,NULL,addr szSeDebugPrivilege,addr lpLuid
		    .if eax != 0h
		        
		        xor edx,edx
		        lea eax, TP
		        m2m TP.TOKEN_PRIVILEGES.Privileges,SECURITY_DESCRIPTOR_MIN_LENGTH
		        m2m TP.TOKEN_PRIVILEGES.PrivilegeCount,1
		        invoke AdjustTokenPrivileges,TOKENHANDLE,edx,eax,edx,edx,edx
		        .if eax != 0h
		            invoke CloseHandle,TOKENHANDLE
		        .else
		        invoke CloseHandle,TOKENHANDLE
		        .endif
		    .else
		    invoke CloseHandle,TOKENHANDLE
		    .endif
		.else
		.endif
		nop
		nop
		invoke GetCurrentProcess
		mov ecx,eax
		invoke OpenProcessToken,ecx,TOKEN_QUERY or TOKEN_ADJUST_PRIVILEGES,addr TOKENHANDLE
		.if eax != 0h
		    invoke LookupPrivilegeValue,NULL,addr szSeSecurityPrivilege,addr lpLuid
		    .if eax != 0h
		        
		        xor edx,edx
		        lea eax, TP
		        m2m TP.TOKEN_PRIVILEGES.Privileges,SECURITY_DESCRIPTOR_MIN_LENGTH
		        m2m TP.TOKEN_PRIVILEGES.PrivilegeCount,1
		        invoke AdjustTokenPrivileges,TOKENHANDLE,edx,eax,edx,edx,edx
		        .if eax != 0h
		            invoke CloseHandle,TOKENHANDLE
		        .else
		        invoke CloseHandle,TOKENHANDLE
		        .endif
		    .else
		    invoke CloseHandle,TOKENHANDLE
		    .endif
		.else
		.endif

...so if I use this and later OpenProcess API for all processes then it still dont work (same as before and only get access to half processlist).Or have I do this above with all processes?

greetz

OpenProcess API needs an processid, you need to use GetCurrentProcessId instead of GetCurrentProcess (which retrieves an pseudo handle to the process).

Here is an example I am using:

invoke GetCurrentProcessId                   
mov [ProcessID], eax                    
invoke OpenProcess, PROCESS_QUERY_INFORMATION| PROCESS_VM_OPERATION| PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_CREATE_THREAD | PROCESS_TERMINATE, NULL, [ProcessID]
mov [ProcessHandle], eax                         
 

  • Author

Hi again,

ok after much testing I got it working now.So I see there was any problem with the struct which include another struct with Luid.Any array thing where I just used a free address.Now the code below works. :)

		invoke GetCurrentProcess
		mov ecx,eax
		invoke OpenProcessToken,ecx,TOKEN_QUERY or TOKEN_ADJUST_PRIVILEGES,addr TOKENHANDLE
		.if eax != 0h
		    
		    invoke LookupPrivilegeValue,NULL,addr szSeDebugPrivilege,addr TP.TOKEN_PRIVILEGES.Privileges[0].Luid
		    .if eax != 0h
		        
		        xor edx,edx
		        lea esi, TP
		        m2m TP.TOKEN_PRIVILEGES.Privileges[0].Attributes,SE_PRIVILEGE_ENABLED
		        m2m TP.TOKEN_PRIVILEGES.PrivilegeCount,1
		        invoke AdjustTokenPrivileges,TOKENHANDLE,edx,esi,sizeof TP,0,0  
		        .if eax != 0h
		            invoke CloseHandle,TOKENHANDLE
		        .else
		        invoke CloseHandle,TOKENHANDLE
		        .endif
		    .else
		    invoke CloseHandle,TOKENHANDLE
		    .endif
		.else
		.endif
		ret

Thanks again.

PS: So this code I have to use only for all system higher than dwMajorVersion 5 right?

greetz

Windows Vista or higher, yes. No idea what the major id would be considered for that off-hand though.

Windows XP should not require the token adjustment as the flag value was changed during the upgrade to Vista.

6.0 is vista

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.