I'm making a program that needs to access the memory, etc.. of target programs. Virii and spyware often have a lot of read/write/terminate protection, and that's where I need help. My program gives itself debug rights, but some programs still don't allow PROCESS_VM_WRITE or PROCESS_TERMINATE.
How do these programs keep me from writing or terminating, even though I've given myself access? And how can I overcome this?
Here are my active functions:
In main():
Code:
HANDLE hToken;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken)) {
EnablePrivilege(hToken, SE_DEBUG_NAME, TRUE) ;
CloseHandle(hToken);
}
EnablePrivilege():
Code:
BOOL EnablePrivilege(HANDLE hToken, LPCTSTR szPrivName,
BOOL fEnable) {
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
LookupPrivilegeValue(NULL, szPrivName, &tp.Privileges[0].Luid);
tp.Privileges[0].Attributes = fEnable ? SE_PRIVILEGE_ENABLED : 0;
AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
return((GetLastError() == ERROR_SUCCESS));
}
When set to PROCESS_VM_WRITE or PROCESS_TERMINATE, m_hProcess goes unchanged [NULL]. PROCESS_VM_READ is allowed on all programs, even those that deny access when I don't set permissions. It sets m_hProcess to a handle, like it should.
Code:
m_hProcess = ::OpenProcess(PROCESS_VM_READ, false, _PID)