4. OpenProcess "Zugriff Verweigert"

OpenProcess "Zugriff Verweigert"

  • V

    Hi,
    Ich möchte von einem anderen Process ein handel bekommen, mit dem ich eine DLL injekten kann (via CreateRemoteThread)
    Das OpenProcess scheitert aber bei einigen Processen mit "Zugriff Verweigert" (GetLastError), dummerweise auch bei dem, in den ich injecten will.

    Was muss ich tun, um den Process öffnen zu können?

    0
  • F

    sowas wie "Diese benötigt mehr Rechte" als MB ausgeben

    0
  • *

    ich würd einfach mal versuchen den process via createprocess zu starten. dort kannst du im auch gleich zugriffsrechte mitgeben, wenn ich mich nict irre!?

    0
  • ?
     

    void SetDebugPrivileges()
{
	void* tokenHandle;
	OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &tokenHandle);
	TOKEN_PRIVILEGES privilegeToken;
	LookupPrivilegeValue(0, SE_DEBUG_NAME, &privilegeToken.Privileges[0].Luid);
	privilegeToken.PrivilegeCount = 1;
	privilegeToken.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
	AdjustTokenPrivileges(tokenHandle, 0, &privilegeToken, sizeof(TOKEN_PRIVILEGES), 0, 0);
	CloseHandle(tokenHandle);
}
    0
  • V

    Ich hab bei codeproject auch was gefunden:

    There is an important thing we should consider, if implanting through CreateRemoteThread() API. Every time before the injector application operate on the virtual memory of the targeted process and makes a call to CreateRemoteThread(), it first opens the process using OpenProcess() API and passes PROCESS_ALL_ACCESS flag as parameter. This flag is used when we want to get maximum access rights to this process. In this scenario OpenProcess() will return NULL for some of the processes with low ID number. This error (although we use a valid process ID) is caused by not running under security context that has enough permissions. If you think for a moment about it, you will realize that it makes perfect sense. All those restricted processes are part of the operating system and a normal application shouldn't be allowed to operate on them. What would happen if some application has a bug and accidentally attempts to terminate an operating system's process? To prevent the operating system from that kind of eventual crashes, it is required that a given application must have sufficient privileges to execute APIs that might alter operating system behavior. To get access to the system resources (e.g. smss.exe, winlogon.exe, services.exe, etc) through OpenProcess() invocation, you must be granted the debug privilege. This ability is extremely powerful and offers a way to access the system resources, that are normally restricted. Adjusting the process privileges is a trivial task and can be described with the following logical operations:

    * Open the process token with permissions needed to adjust privileges
    * Given a privilege's name "SeDebugPrivilege", we should locate its local LUID mapping. The privileges are specified by name and can be found in Platform SDK file winnt.h
    * Adjust the token in order to enable the "SeDebugPrivilege" privilege by calling AdjustTokenPrivileges() API
    * Close obtained by OpenProcessToken() process token handle

    Da habe ich jetzt auch alles gemacht. das funktioniert funktioniert auch soweit, nur das OpenProcess will immer noch nicht.

    Der zu öffnende Prozess ist aber eigendlich gar kein Ssytemprozess (starcraft).

    Edit:

    Ahh, ich Idiot, ich hab dem starcraft-Prozess versucht debuggerrechte zu geben, anstatt meinem.
    Jetzt scheints zu gehen, Danke.

    0
Anmelden zum Antworten