I’ve got a routine where I process-walk to obtain the HANDLE of each process as I ‘walk’ down the list (which works fine), but my issue lies when I do:
HANDLE h = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID) where PROCESS_ALL_ACCESS is the access token, handle inheritance is set to FALSE, and pe32 is a PROCESSENTRY32
GetLastError() returns error code 5, and all the handles that are made are addresses which do not correspond to any appropriate process in Spy++32/64 (I’ve tried building the application under both platform targets, but as you’d expect, the result is the same).
The code for setting SeDebugPrivilege for the host process which I’m using is:
BOOL EnableDebugPrivilege(BOOL bEnable)
{
HANDLE hToken = nullptr;
LUID luid;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken)) return FALSE;
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) return FALSE;
TOKEN_PRIVILEGES tokenPriv;
tokenPriv.PrivilegeCount = 1;
tokenPriv.Privileges[0].Luid = luid;
tokenPriv.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
if (!AdjustTokenPrivileges(hToken, FALSE, &tokenPriv, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) return FALSE;
return TRUE;
}
Some questions that would be helpful to you:
- I’m running Windows 7 x64 Professional.
- Yes, devenv.exe is started with «Run as Administrator» privileges, which means that the debugger and the application itself are started under the same affinity.
- I have tried toggling UAC or running the application with UAC off altogether. Still error code 5.
- I just attempted doing it with
PROCESS_QUERY_LIMITED_INFORMATIONand I receive error code 6, orERROR_INVALID_HANDLE. Also attempted withPROCESS_QUERY_INFORMATION | PROCESS_VM_READ, result is error 5 again. SeDebugPrivilegeis enabled, verified with SysInternals’ Process Explorer. Additionally, all processes that spawn from devenv/whatever the debugger is called inherit SeDebugPrivilege so…this is weird.
Thank you all very much for your time, I’m reaching wits end with this issue :S
Hi All,
I am using «OpenProcess» API for finding the User Name, and the API success with Admin users. But it failed with non-admin users with error code 5. My OS is Windows 10 Enterprise, 32 bit and doing the project in VC++. The function I am
using is as follows:
—————————————————————
CString GetUserName(DWORD dwPID) // input is process id of local user
{
DWORD dwSize = 0, dwResult = 0;
HANDLE hToken;
PTOKEN_USER pUserInfo;
SID_NAME_USE SidType;
char lpName[256], lpDomain[256];
CString rUserName = «»;
SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY;
/////////////////////////////////////////////////////////
try
{
// Open a handle to the access token for the calling process.
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |PROCESS_VM_READ, FALSE, dwPID); // failed with error code 5 in non-admin users
if(hProcess != NULL)
{
if(!OpenProcessToken(hProcess,TOKEN_QUERY,&hToken))
{
CloseHandle(hProcess);
return rUserName;
}
// Call GetTokenInformation to get the buffer size.
if(!GetTokenInformation(hToken, TokenUser, NULL, dwSize, &dwSize))
{
dwResult = GetLastError();
if(dwResult != ERROR_INSUFFICIENT_BUFFER )
{
CloseHandle(hProcess);
return rUserName;
}
}
// Allocate the buffer.
pUserInfo=(PTOKEN_USER)GlobalAlloc(GPTR,dwSize);
// Call GetTokenInformation again to get the group information.
if(!GetTokenInformation(hToken, TokenUser, pUserInfo, dwSize, &dwSize))
{
CloseHandle(hProcess);
return rUserName;
}
// Lookup the account name and print it.
dwSize = 256;
if(!LookupAccountSid( NULL,pUserInfo->User.Sid , lpName, &dwSize, lpDomain, &dwSize, &SidType ) )
{
dwResult = GetLastError();
if( dwResult == ERROR_NONE_MAPPED )
strcpy_s (lpName, 256, «NONE_MAPPED» );
else
{
CloseHandle(hProcess);
return rUserName;
}
}
rUserName = CString(lpName);
if(pUserInfo)
GlobalFree(pUserInfo);
}
CloseHandle(hProcess);
hProcess = NULL;
}
catch(…)
{
return rUserName;
}
return rUserName;
}
—————————————————————
Thanks,
R-VR
-
Edited by
Wednesday, September 16, 2015 1:35 PM
Содержание
- Thread: OpenProcess failed, error: 5
- OpenProcess failed, error: 5
- Устранение ошибки «Отказано в доступе» на компьютере под управлением Windows 10
- Устраняем ошибку 5 при доступе к данным
- Способ 1: Запуск с привилегиями администратора
- Способ 2: Открытие доступа к каталогам
- Способ 3: «Командная строка»
- Способ 4: Устранение проблем с Виндовс
- Заключение
- Openprocess Error 5
- Post your reply
- Similar topics
- Open process failed with error 5
- Answered by:
- Question
Thread: OpenProcess failed, error: 5
Thread Tools
Rate This Thread
Display
OpenProcess failed, error: 5
Error 5 is «access denied».
if you are getting OpenProcess failed, error: 5 that means that you are running on win2k, nt, or xp and you do not have permission to read the memory segment needed to get the key.
there are many, many different variations of the keysniffer code posted on this board, each handling the open porcess a bit differently.
What to do about it:
If you are running a version that runs once, finds one key, and then exits: you need to have sufficient privledges to open the process for reading every time.
some people suggest using the process scheduler to start your keysniffer with system privledges. at the command prompt, type:
at (now+1) c:pathtokeyscanner.exe
substituting the current time plus one minute for (now+1).
(however this didn’t work for me on XP-pro with and administrator account UPDATE: this method only works on win2k)
another option is to run one of the versions of the keyscanner that specifically modifies the access control list.
If you run a version of the keyscanner that opens the process once (keeps the process handle open) and loops through reading memory:
you must make SURE to start the keyscanner at or before character select screen, and leave it running while you play. you cannot start this type of keyscanner after you have zoned at all.
you will need to close down EQ all the way to the desktop, start your keyscanner, then start up EQ again. It can be pretty tricky to get the timing right with something that does not loop in the «searching for eqgame» portion of the code that finds the pid and opens the process handle.
yet another option is to run a version of the keyscanner that injects itself into eqgame memory space via rundll32. see the many threads by maggotboy for information on this type of system.
and, of course you can avoid this problem all together by running EQ on windows98 where NT security isn’t an issue.
hope this helps someone.
EDIT: i thought it was pretty clear to begin with, but people complained so i expanded it a bit.
UPDATE: as of the 11/19 patch, you must use a version of the keyscanner that sets debug privlidges (on xp anyway). see code posted by uncleben. (this code is also part of keyring.)
Last edited by baelang; 11-20-2002 at 06:33 PM .
Источник
Устранение ошибки «Отказано в доступе» на компьютере под управлением Windows 10
Устраняем ошибку 5 при доступе к данным
В большинстве случаев источником ошибки являются проблемы с правами на чтение и запись данных в текущей пользовательской «учётке». Также подобное сообщение появляется при сбоях в ОС, повреждении её компонентов или записей реестра.
Способ 1: Запуск с привилегиями администратора
Если открытие исполняемого файла программы, игры либо инсталлятора приложения приводит к появлению рассматриваемой ошибки, следует попробовать запустить его от имени администратора.
- Убедитесь, что у текущей учётной записи нужные права есть. Если это не так, предоставьте или получите их.
Урок: Получение прав администратора на Windows 10
Далее приложение или инсталлятор должны запуститься нормально.
Способ 2: Открытие доступа к каталогам
Вторая причина проблемы, которую мы сегодня рассматриваем – неполадки с правами доступа к отдельному каталогу или диску. Предоставление нужных прав покажем на примере системного диска.
Внимание! Процедура может нарушить работу компьютера, поэтому рекомендуем создать точку восстановления!
- Откройте «Этот компьютер», найдите в нём системный накопитель и кликните по нему ПКМ, затем выберите в меню пункт «Свойства».
- Откройте вкладку «Безопасность». Нажмите на кнопку «Изменить» под блоком «Группы и пользователи».
Далее кликните «Добавить». 
В следующем окне обратитесь к блоку «Введите имена…». Наберите на клавиатуре слово Все , после чего щёлкните «Проверить имена». 
Если появилось окошко «Имя не найдено», попробуйте в графе «Введите имя объекта» вписать слово All либо имя текущей учётной записи, после чего воспользуйтесь кнопкой «ОК». 
Вернувшись к утилите разрешений, убедитесь, что выделена добавленная на предыдущем шаге группа. Далее в разделе «Разрешения для группы…» отметьте все пункты в столбце «Разрешить». 
Предоставление прав на чтение и запись системного носителя одновременно устраняет ошибку 5 как для исполняемых файлов, так и для служб, однако данная процедура небезопасна для работоспособности системы.
Способ 3: «Командная строка»
Рассматриваемая проблема может касаться только той или иной службы Виндовс. В этом случае можно воспользоваться средством «Командная строка».
- Откройте «Поиск», в котором начните вводить запрос командная строка . Выделите найденное приложение и нажмите на ссылку «Запуск от имени администратора» в правой части окна.
- Последовательно введите в интерфейсе следующие команды:
net localgroup Администраторы /add networkservice
net localgroup Администраторы /add localservice
Обратите внимание! Пользователям Windows 10 с английской локализацией системы необходимо вводить Administrators вместо Администраторы!
Данный метод безопаснее предыдущего, но и применим только при отказе в доступе для служб.
Способ 4: Устранение проблем с Виндовс
Если применение всех вышеприведённых методов не принесло результата, скорее всего источником проблемы являются неполадки в самой ОС.
- Первым делом проверьте обновления – возможно, в одном из недавно установленных присутствуют баги. Если же, напротив, вы давно не обновляли систему, попробуйте загрузить актуальные апдейты.
Урок: Как установить и как удалить обновления Windows 10
Проверьте параметры антивируса – возможно, в нём активен строгий режим контроля, который не разрешает манипуляции с данными. Также стоит попробовать временно отключить защитное ПО. 
Если же вы по каким-то причинам вообще не пользуетесь защитой от вирусов, рекомендуем ознакомиться со статьей по борьбе с ними — возможно, ваш компьютер стал жертвой заражения.
Подробнее: Борьба с компьютерными вирусами
Дополнительно следует проверить работоспособность системных составляющих в целом и реестра в частности.
Описанные выше рекомендации должны помочь в устранении проблемы.
Заключение
Мы рассмотрели варианты решения проблемы, при которой в Виндовс 10 появляется ошибка с кодом 5 и текстом «Отказано в доступе». Как видим, возникает она по разным причинам, из-за чего нет универсального метода устранения.
Источник
Openprocess Error 5
Here is my code.
- #include
- #include
- int main()
- <
- DWORD pId; HWND hWnd; HANDLE hMine;
- do <
- hWnd = FindWindow(0, «Minesweeper»);
- Sleep(10);
- > while(hWnd == NULL);
- std::cout Expand | Select | Wrap | Line Numbers
- //main.h: AdjustTokenToDebug function
- BOOL AdjustTokenToDebug()
- <
- //Define variables.
- LUID tLUID; HANDLE hToken; TOKEN_PRIVILEGES tTP, tTPOld;
- DWORD lengthReturned; BOOL ret = TRUE;
- //Fill the tLUID struct with our privilage info.
- if(LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&tLUID)) <
- //Open the token up.
- if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken)) <
- //Modify it so we become teh debuggzors.
- tTP.PrivilegeCount=1;
- tTP.Privileges->Attributes=SE_PRIVILEGE_ENABLED;
- tTP.Privileges->Luid.HighPart=tLUID.HighPart;
- tTP.Privileges->Luid.LowPart=tLUID.LowPart;
- //Make the changes and check for errors.
- if(!AdjustTokenPrivileges(hToken,0,&tTP,sizeof(tTP),&tTPOld,&lengthReturned))
- ret = FALSE; //Bad
- CloseHandle(hToken);
- > else ret = FALSE; //Bad
- > else ret = FALSE; //Bad
- return ret;
- >
I compiled your main() and ran it on my machine. It waited until I start Minesweeper, then displayed: Opened the process.
I did this both with and without the TCHAR mappings (which you arent using and that’s not good).
I used XP SP2 and Visual Studio.NET 2005.
I guess I don’t see your problem.
Is this maybe a limitation of Visual Studio Express??
I might ask Microsoft about this. I can’t imagine that the Express will do all the real version will.
Post your reply
Sign in to post your reply or Sign up for a free account.
Similar topics
By using Bytes.com and it’s services, you agree to our Privacy Policy and Terms of Use.
To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.
Источник
Open process failed with error 5
This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.
Answered by:
Question
I am using «OpenProcess» API for finding the User Name, and the API success with Admin users. But it failed with non-admin users with error code 5. My OS is Windows 10 Enterprise, 32 bit and doing the project in VC++. The function I am using is as follows:
CString GetUserName(DWORD dwPID) // input is process id of local user
<
DWORD dwSize = 0, dwResult = 0;
HANDLE hToken;
PTOKEN_USER pUserInfo;
SID_NAME_USE SidType;
char lpName[256], lpDomain[256];
CString rUserName = «»;
SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY;
/////////////////////////////////////////////////////////
try
<
// Open a handle to the access token for the calling process.
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |PROCESS_VM_READ, FALSE, dwPID); // failed with error code 5 in non-admin users
if(hProcess != NULL)
<
if(!OpenProcessToken(hProcess,TOKEN_QUERY,&hToken))
<
CloseHandle(hProcess);
return rUserName;
>
// Call GetTokenInformation to get the buffer size.
if(!GetTokenInformation(hToken, TokenUser, NULL, dwSize, &dwSize))
<
dwResult = GetLastError();
if(dwResult != ERROR_INSUFFICIENT_BUFFER )
<
CloseHandle(hProcess);
return rUserName;
>
>
// Allocate the buffer.
pUserInfo=(PTOKEN_USER)GlobalAlloc(GPTR,dwSize);
// Call GetTokenInformation again to get the group information.
if(!GetTokenInformation(hToken, TokenUser, pUserInfo, dwSize, &dwSize))
<
CloseHandle(hProcess);
return rUserName;
>
// Lookup the account name and print it.
dwSize = 256;
if(!LookupAccountSid( NULL,pUserInfo->User.Sid , lpName, &dwSize, lpDomain, &dwSize, &SidType ) )
<
dwResult = GetLastError();
if( dwResult == ERROR_NONE_MAPPED )
strcpy_s (lpName, 256, «NONE_MAPPED» );
else
<
CloseHandle(hProcess);
return rUserName;
>
>
rUserName = CString(lpName);
if(pUserInfo)
GlobalFree(pUserInfo);
>
CloseHandle(hProcess);
hProcess = NULL;
>
catch(. )
<
return rUserName;
>
return rUserName;
>
Источник
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
Authenticator Code |
| Thread Tools |
| Access Denied (Error 5) when using OpenProcess() |
|
|
#1 |
|
synestra n00bie
Join Date: Oct 2015
Reputation: 10 |
Access Denied (Error 5) when using OpenProcess() «System.ComponentModel.Win32Exception: Access is denied», this error is appearing while I am attempting to do two things: while attempting this (Code block 1): Code: _class = new Proc(Process.GetProcessesByName("procname")[0]);
then in the class Proc whats happening is Code: public Proc(Process _SelectedProcess)
{
Process = _SelectedProcess;
}
public Process Process
{
get
{
return SelectedProcess;
}
set
{
SelectedProcess = value;
if (SelectedProcess != null)
{
Process.EnterDebugMode();
_Reader = new Win32_Memory(value.Handle, value.MainModule.BaseAddress.ToInt32(), value.Id);
}
}
}
sometimes this passes without any exception for no apparent reason as far as I see. Note: it never passes in windows 7, I’m using windows 10 and sometimes it happens that the function works but if it does pass, the next time I need to use OpenProcess() outside of the Process class, I almost always get the exception, and if i do, then afterwards it fails executing code block 1 if I try to do so again. this (code block 2) also gets the same access denied error, and sometimes doesnt… Code: if (_Reader.ReadInt(_addr) == 1) _Reader.Write(_addr, 0);
public bool Write(int address, long value)
{
hProc = OpenProcess(ProcessAccessFlags.VMWrite, false, ID);
byte[] val = BitConverter.GetBytes(value);
bool worked = WriteProcessMemory(hProc, new IntPtr(address), val, (uint)val.LongLength, 0);
CloseHandle(hProc);
return worked;
}
the access flags: Code: [Flags]
public enum ProcessAccessFlags : uint
{
All = 0x001F0FFF,
Terminate = 0x00000001,
CreateThread = 0x00000002,
VMOperation = 0x00000008,
VMRead = 0x00000010,
VMWrite = 0x00000020,
DupHandle = 0x00000040,
SetInformation = 0x00000200,
QueryInformation = 0x00000400,
Synchronize = 0x00100000
}
the imports: Code: [DllImport("kernel32.dll")]
private static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, int unused);
also worth noting that sometimes all of this code gets executed without ANY error and will work for as long as I do not reopen this application or if i do not restart the targeted application. this happens only on windows 10 (sometimes it works, sometimes it doesn’t) on windows 7 ive also tested and it never worked, everytime I opened it I always got error code 5 access is denied besides my own program, I’ve also tried cheat engine on this process and it also got access denied, as well as artmoney pro and olydbg — all of them got access denied when using the OpenProcess() function |
|
synestra is offline |
|
|
|
#2 |
|||||||||||
|
evolution536 Hacked the universe
Join Date: Dec 2012 Location: The Netherlands
Reputation: 61216 Recognitions (2)
(3) Points: 99,141, Level: 45
Level up: 68%, 1,859 Points needed
Activity: 6.1%
Last Achievements |
Code: Process.EnterDebugMode(); Are you sure you need this? To write to an arbitrary user process running on your system, you should not. If you write to a protected process you do. I’d leave it out if I were you, but if you so desire to use it, you need to run your application as Administrator for it to work. As for your OpenProcess line on code block 2, line 4, I am quoting an error on MSDN. WriteProcessMemory also needs operation access, because it calls the memory block protection routine before writing. Quote:
hProcess [in] |
|||||||||||
|
evolution536 is offline |
|
|
|
#3 |
|
synestra n00bie
Join Date: Oct 2015
Reputation: 10 |
Quote:
Originally Posted by evolution536 Code: Process.EnterDebugMode(); Are you sure you need this? To write to an arbitrary user process running on your system, you should not. If you write to a protected process you do. I’d leave it out if I were you, but if you so desire to use it, you need to run your application as Administrator for it to work. As for your OpenProcess line on code block 2, line 4, I am quoting an error on MSDN. WriteProcessMemory also needs operation access, because it calls the memory block protection routine before writing. Yeah I removed that line, nothing changed. I tried it now by combining Operation and Write, but I still got the same error. Also worth mentioning that this game has GG on it, probably should have said this earlier, my bad. |
|
synestra is offline |
|
|
|
#4 |
|||||||||||
|
voidptr God-Like
Join Date: Jun 2015
Reputation: 3490 Recognitions Points: 8,191, Level: 10
Level up: 54%, 509 Points needed
Activity: 0%
|
Quote:
Originally Posted by synestra Yeah I removed that line, nothing changed. I tried it now by combining Operation and Write, but I still got the same error. Also worth mentioning that this game has GG on it, probably should have said this earlier, my bad. GameGuard with prevent you from getting on open handle to the game if I recall correctly. You’re likely going to attack it from a different angle. I believe Fyyre has quite a bit of information posted around the web on attacking GG. EDIT: As I suspected it does indeed operate in ring0, https://www.unknowncheats.me/wiki/GameGuard. |
|||||||||||
|
voidptr is offline |
|
|
|
#5 |
|
synestra n00bie
Join Date: Oct 2015
Reputation: 10 |
Quote:
Originally Posted by voidptr GameGuard with prevent you from getting on open handle to the game if I recall correctly. You’re likely going to attack it from a different angle. I believe Fyyre has quite a bit of information posted around the web on attacking GG. EDIT: As I suspected it does indeed operate in ring0, https://www.unknowncheats.me/wiki/GameGuard. Thanks, I suppose this will be a lot harder than I anticipated. |
|
synestra is offline |
|
 Similar Threads |
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| [Help] DebugActiveProcess fails with «Access denied» | Jabberw0ck | C and C++ | 15 | 23rd December 2013 07:26 AM |
| [Help] CreateRemoteThread: access denied (w. debug privileges+PROCESS_ALL_ACCESS) | -=Freekee=- | Programming for Beginners | 5 | 5th March 2012 06:52 PM |
| Any ideas what to do if OpenProcess fails? | rain | General Programming and Reversing | 10 | 28th June 2010 02:31 AM |
| Saves folder: access denied | DOTHEHOKEYPOKEY | America’s Army Operations 2.x | 15 | 19th November 2005 04:40 AM |
| [Help] PB Access Denied | Mr.AIMBOT | Battlefield 1942 | 0 | 10th June 2004 10:21 PM |
|
Tags |
| access, denied, error |
«
Previous Thread
|
Next Thread
»
|
Forum Jump |
All times are GMT. The time now is 10:39 PM.
Contact Us —
Toggle Dark Theme
Terms of Use Information Privacy Policy Information
Copyright ©2000-2023, Unknowncheats� UKCS #312436
 |
 |
no new posts
OpenProcess failed, error: 5
What it is:
Error 5 is «access denied».
What it means:
if you are getting OpenProcess failed, error: 5 that means that you are running on win2k, nt, or xp and you do not have permission to read the memory segment needed to get the key.
there are many, many different variations of the keysniffer code posted on this board, each handling the open porcess a bit differently.
What to do about it:
If you are running a version that runs once, finds one key, and then exits: you need to have sufficient privledges to open the process for reading every time.
some people suggest using the process scheduler to start your keysniffer with system privledges. at the command prompt, type:
at (now+1) c:pathtokeyscanner.exe
substituting the current time plus one minute for (now+1).
(however this didn’t work for me on XP-pro with and administrator account UPDATE: this method only works on win2k)another option is to run one of the versions of the keyscanner that specifically modifies the access control list.
If you run a version of the keyscanner that opens the process once (keeps the process handle open) and loops through reading memory:
you must make SURE to start the keyscanner at or before character select screen, and leave it running while you play. you cannot start this type of keyscanner after you have zoned at all.
you will need to close down EQ all the way to the desktop, start your keyscanner, then start up EQ again. It can be pretty tricky to get the timing right with something that does not loop in the «searching for eqgame» portion of the code that finds the pid and opens the process handle.
yet another option is to run a version of the keyscanner that injects itself into eqgame memory space via rundll32. see the many threads by maggotboy for information on this type of system.
and, of course you can avoid this problem all together by running EQ on windows98 where NT security isn’t an issue.
hope this helps someone.
EDIT: i thought it was pretty clear to begin with, but people complained so i expanded it a bit.
UPDATE: as of the 11/19 patch, you must use a version of the keyscanner that sets debug privlidges (on xp anyway). see code posted by uncleben. (this code is also part of keyring.)
Last edited by baelang; 11-20-2002 at 06:33 PM.
BaeLang
—
«seek and ye shall find.» <— god’s way of saying use the damn search button. (or grep)
У меня есть рутина, где я обрабатываю, чтобы получить HANDLE каждого процесса, когда я «иду» по списку (который работает нормально), но моя проблема заключается в следующем:
HANDLE h = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID) где PROCESS_ALL_ACCESS является токеном доступа, дескриптор наследования установлен в FALSEи pe32 является PROCESSENTRY32
GetLastError() возвращает код ошибки 5, и все сделанные дескрипторы являются адресами, которые не соответствуют ни одному подходящему процессу в Spy ++ 32/64 (я пытался создать приложение под обеими целями платформы, но, как и следовало ожидать, результат тот же).
Код для настройки SeDebugPrivilege для хост-процесса, который я использую:
BOOL EnableDebugPrivilege(BOOL bEnable)
{
HANDLE hToken = nullptr;
LUID luid;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken)) return FALSE;
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) return FALSE;
TOKEN_PRIVILEGES tokenPriv;
tokenPriv.PrivilegeCount = 1;
tokenPriv.Privileges[0].Luid = luid;
tokenPriv.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
if (!AdjustTokenPrivileges(hToken, FALSE, &tokenPriv, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) return FALSE;
return TRUE;
}
Некоторые вопросы, которые будут вам полезны:
- Я использую Windows 7 x64 Professional.
- Да, devenv.exe запускается с правами «Запуск от имени администратора», что означает, что отладчик и само приложение запускаются с одинаковой привязкой.
- Я попытался отключить UAC или запустить приложение с отключенным UAC. Все еще код ошибки 5.
- Я просто попытался сделать это с
PROCESS_QUERY_LIMITED_INFORMATIONи я получаю код ошибки 6 илиERROR_INVALID_HANDLE, Также пытался сPROCESS_QUERY_INFORMATION | PROCESS_VM_READ, результат снова ошибка 5. SeDebugPrivilegeвключен, проверяется с помощью SysInternals Process Explorer. Кроме того, все процессы, которые происходят из devenv / независимо от того, что называется отладчиком, наследуют SeDebugPrivilege, так что … это странно.
Спасибо всем большое за ваше время, я дошел до конца с этим вопросом: S
1
Решение
Вы уверены, что не передаете 0 в качестве значения идентификатора процесса? Процесс простоя системы с идентификатором 0 включен в снимок под именем [Системный процесс], но вы не можете открыть дескриптор для него, так как в документации для OpenProcess конкретно сказано, что он потерпит неудачу. Ну, это говорит немного больше:
Если указанный процесс является системным процессом (0x00000000),
Сбой функции и последний код ошибки ERROR_INVALID_PARAMETER. Если
указанный процесс является процессом Idle или одним из CSRSS
процессы, эта функция не выполняется и последний код ошибки
ERROR_ACCESS_DENIED, потому что их ограничения доступа препятствуют
код уровня пользователя от их открытия.
Ну, это не совсем верно, так как я смог открыть дескриптор CSRSS (конечно, у него нет запрошенных прав). Но это может не сработать для некоторых защищенных процессов (audiodg), поэтому вы не должны этого делать. Вместо этого проверьте название процесса, если это тот, который вы хотите.
1
Другие решения
Других решений пока нет …
OpenProcess | Access Denied
Topic is solved
-
KuroiLight
- Posts: 327
- Joined: 12 Apr 2015, 20:24
- GitHub: KuroiLight
OpenProcess | Access Denied
I have the following adapted code to enum and look at processes without using the built-in methods:
Code: Select all
SetWorkingDir, %ScriptDir%
strList := ""
pList := EnumerateProcesses()
for pid, name in pList {
strList .= pid . " -> " . name . "`n"
}
MsgBox, %strList%
ExitApp, 0
return
ProcessExist(processIdName) {
if(!processIdName)
return ""
PROCESSES := EnumerateProcesses()
if(!PROCESSES)
Throw, "Failed to enumerate processes."
if(processIdName ~= "iS)^d+$")
return PROCESSES[processIdName]
for id, name in PROCESSES
if(name == processIdName)
return id
}
EnumerateProcesses() {
global _IsSeDebug
if(!_IsSeDebug) {
EnableDebugPrivileges()
_IsSeDebug := true
}
global _psapi
if(!_psapi) {
_psapi := DllCall("Kernel32.dllLoadLibrary", "Str", "Psapi.dll", "Ptr")
if(ErrorLevel or !_psapi)
Throw, % "Failed to load Psapi.dll`n" . A_LastError . "`n" . ErrorLevel
}
pid_list := "", list_size := 4 * 1024
VarSetCapacity(pid_list, list_size)
status := DllCall("Psapi.dllEnumProcesses", "UInt", &pid_list, "UInt", list_size, "UInt*", raw_pid_list)
if(ErrorLevel or !status)
Throw, % "DLLCall to EnumProcess failed`n" . A_LastError . "`n" . ErrorLevel
p_count := raw_pid_list//4
address := &pid_list
ResolvedArray := {}
Loop %p_count% {
c_pid := ( *( address )+( *( address+1 ) << 8 )+( *( address+2 ) << 16 )+( *( address+3 ) << 24 ) )
address += 4
if(c_pid)
ResolvedArray[c_pid] := ProcessGetName(c_pid)
}
return ResolvedArray
}
ProcessGetName(PID) {
global _IsSeDebug
if(!_IsSeDebug) {
EnableDebugPrivileges()
_IsSeDebug := true
}
global _psapi
if(!_psapi) {
_psapi := DllCall("Kernel32.dllLoadLibrary", "Str", "Psapi.dll", "Ptr")
if(ErrorLevel or !_psapi)
Throw, % "Failed to load Psapi.dll`n" . A_LastError . "`n" . ErrorLevel
}
pHandle := DllCall("Kernel32.dllOpenProcess", "UInt", 0x10 | 0x400, "Int", 0, "UInt", PID)
if(ErrorLevel or pHandle == 0)
Throw, % "Failed to open process handle " . PID . ".`n" . A_LastError . "`n" . ErrorLevel
size_name := 255
VarSetCapacity(name, size_name)
result := DllCall("Psapi.dllGetModuleFileNameExA", "UInt", pHandle, "UInt", 0, "Str", name, "UInt", size_name)
if(ErrorLevel or !result)
Throw, % "Failed to GetModuleFileNameExA.`n" . A_LastError . "`n" . ErrorLevel
DllCall("Kernel32.dllCloseHandle", "UInt", pHandle)
return name
}
EnableDebugPrivileges() {
global _advapi
if(!_advapi) {
_advapi := DllCall("Kernel32.dllLoadLibrary", "Str", "Advapi32.dll", "Ptr")
if(ErrorLevel or !_advapi)
Throw, % "Failed to load Advapi32.dll`n" . A_LastError . "`n" . ErrorLevel
}
PROCESS_ALL_ACCESS := 0x001F0FFF
PROCESS_VM_READ := 0x10
PROCESS_QUERY_INFORMATION := 0x400
TOKEN_ALL_ACCESS := 0xF01FF
TOKEN_QUERY := 0x8
TOKEN_ADJUST_PRIVILEGES := 0x20
SE_PRIVILEGE_ENABLED := 2
ThisPID := DllCall("GetCurrentProcessId")
h := DllCall("OpenProcess", "UInt", PROCESS_QUERY_INFORMATION, "Int", false, "UInt", ThisPID, "Ptr")
if(ErrorLevel or !h)
Throw, % "Failed to OpenProcess.`n" . A_LastError . "`n" . ErrorLevel
OpenProcessToken_r := DllCall("Advapi32.dllOpenProcessToken", "Ptr", h, "UInt", TOKEN_ADJUST_PRIVILEGES, "PtrP", t)
if(ErrorLevel or !OpenProcessToken_r)
Throw, % "Failed to OpenProcessToken.`n" . A_LastError . "`n" . ErrorLevel
VarSetCapacity(ti, 16, 0)
NumPut(1, ti, 0, "UInt")
LookupPrivilegeValue_r := DllCall("Advapi32.dllLookupPrivilegeValue", "Ptr", 0, "Str", "SeDebugPrivilege", "Int64P", luid)
if(ErrorLevel or !LookupPrivilegeValue_r)
Throw, % "Failed to LookupPrivilegeValue.`n" . A_LastError . "`n" . ErrorLevel
NumPut(luid, ti, 4, "Int64")
NumPut(SE_PRIVILEGE_ENABLED, ti, 12, "UInt")
r := DllCall("Advapi32.dllAdjustTokenPrivileges", "Ptr", t, "Int", false, "Ptr", &ti, "UInt", 0, "Ptr", 0, "Ptr", 0)
if(ErrorLevel or !r)
Throw, % "Failed to AdjustTokenPrivileges.`n" . A_LastError . "`n" . ErrorLevel
DllCall("CloseHandle", "Ptr", t)
DllCall("CloseHandle", "Ptr", h)
}
No errors occur except in ProcessGetName the call to OpenProcess fails with error 5 [Access is Denied], even though EnableDebugPrivileges is successful. Also tried running as Admin doesn’t seem to make a difference.
Any help? It’s probably something obvious I missed, never been a fan of window’s privilege token nonsense.
-
KuroiLight
- Posts: 327
- Joined: 12 Apr 2015, 20:24
- GitHub: KuroiLight
Re: OpenProcess | Access Denied Topic is solved
20 Dec 2017, 01:03
Oh turns out this code actually works, I assumed failure when I couldn’t access the system idle process not realizing I never would have been able to anyways.
here are the functions incase anyone wants to use them:
Code: Select all
ProcessExist(processIdName) {
if(!processIdName)
return ""
PROCESSES := EnumerateProcesses()
if(!PROCESSES)
Throw, "Failed to enumerate processes."
if(processIdName ~= "iS)^d+$")
return PROCESSES[processIdName]
for id, name in PROCESSES
if(name == processIdName)
return id
}
EnumerateProcesses() {
global _IsSeDebug
if(!_IsSeDebug) {
EnableDebugPrivileges()
_IsSeDebug := true
}
global _psapi
if(!_psapi) {
_psapi := DllCall("Kernel32.dllLoadLibrary", "Str", "Psapi.dll", "Ptr")
if(ErrorLevel or !_psapi)
Throw, % "Failed to load Psapi.dll`n" . A_LastError . "`n" . ErrorLevel
}
pid_list := "", list_size := 4 * 1024
VarSetCapacity(pid_list, list_size)
status := DllCall("Psapi.dllEnumProcesses", "UInt", &pid_list, "UInt", list_size, "UInt*", raw_pid_list)
if(ErrorLevel or !status)
Throw, % "DLLCall to EnumProcess failed`n" . A_LastError . "`n" . ErrorLevel
p_count := raw_pid_list//4
address := &pid_list
ResolvedArray := {}
Loop %p_count% {
c_pid := ( *( address )+( *( address+1 ) << 8 )+( *( address+2 ) << 16 )+( *( address+3 ) << 24 ) )
address += 4
if(c_pid and pName := ProcessGetName(c_pid))
ResolvedArray[c_pid] := pName
else
ResolvedArray.Delete(c_pid)
}
return ResolvedArray
}
ProcessGetName(PID) {
global _IsSeDebug
if(!_IsSeDebug) {
EnableDebugPrivileges()
_IsSeDebug := true
}
global _psapi
if(!_psapi) {
_psapi := DllCall("Kernel32.dllLoadLibrary", "Str", "Psapi.dll", "Ptr")
if(ErrorLevel or !_psapi)
Throw, % "Failed to load Psapi.dll`n" . A_LastError . "`n" . ErrorLevel
}
pHandle := DllCall("Kernel32.dllOpenProcess", "UInt", 0x10 | 0x400, "Int", 0, "UInt", PID)
if(ErrorLevel or pHandle == 0)
return 0
;Throw, % "Failed to open process handle " . PID . ".`n" . A_LastError . "`n" . ErrorLevel
size_name := 255
VarSetCapacity(name, size_name)
result := DllCall("Psapi.dllGetModuleFileNameExW", "UInt", pHandle, "UInt", 0, "Str", name, "UInt", size_name)
if(ErrorLevel or !result)
Throw, % "Failed to GetModuleFileNameExW.`n" . A_LastError . "`n" . ErrorLevel
DllCall("Kernel32.dllCloseHandle", "UInt", pHandle)
return name
}
EnableDebugPrivileges() {
global _advapi
if(!_advapi) {
_advapi := DllCall("Kernel32.dllLoadLibrary", "Str", "Advapi32.dll", "Ptr")
if(ErrorLevel or !_advapi)
Throw, % "Failed to load Advapi32.dll`n" . A_LastError . "`n" . ErrorLevel
}
PROCESS_ALL_ACCESS := 0x001F0FFF
PROCESS_VM_READ := 0x10
PROCESS_QUERY_INFORMATION := 0x400
TOKEN_ALL_ACCESS := 0xF01FF
TOKEN_QUERY := 0x8
TOKEN_ADJUST_PRIVILEGES := 0x20
SE_PRIVILEGE_ENABLED := 2
ThisPID := DllCall("GetCurrentProcessId")
h := DllCall("OpenProcess", "UInt", PROCESS_QUERY_INFORMATION, "Int", false, "UInt", ThisPID, "Ptr")
if(ErrorLevel or !h)
Throw, % "Failed to OpenProcess.`n" . A_LastError . "`n" . ErrorLevel
OpenProcessToken_r := DllCall("Advapi32.dllOpenProcessToken", "Ptr", h, "UInt", TOKEN_ADJUST_PRIVILEGES, "PtrP", t)
if(ErrorLevel or !OpenProcessToken_r)
Throw, % "Failed to OpenProcessToken.`n" . A_LastError . "`n" . ErrorLevel
VarSetCapacity(ti, 16, 0)
NumPut(1, ti, 0, "UInt")
LookupPrivilegeValue_r := DllCall("Advapi32.dllLookupPrivilegeValue", "Ptr", 0, "Str", "SeDebugPrivilege", "Int64P", luid)
if(ErrorLevel or !LookupPrivilegeValue_r)
Throw, % "Failed to LookupPrivilegeValue.`n" . A_LastError . "`n" . ErrorLevel
NumPut(luid, ti, 4, "Int64")
NumPut(SE_PRIVILEGE_ENABLED, ti, 12, "UInt")
r := DllCall("Advapi32.dllAdjustTokenPrivileges", "Ptr", t, "Int", false, "Ptr", &ti, "UInt", 0, "Ptr", 0, "Ptr", 0)
if(ErrorLevel or !r)
Throw, % "Failed to AdjustTokenPrivileges.`n" . A_LastError . "`n" . ErrorLevel
DllCall("CloseHandle", "Ptr", t)
DllCall("CloseHandle", "Ptr", h)
}
Return to “Ask for Help”
Tags for this Thread
|
|
OpenProcess returns DLL error 5