WPM, RPM Error Code: 299

Apr 2, 2012 at 4:57pm
Hi, let me get straight to the point. I have posted this to numerous forums, i hope you guys can help me.
I am trying to modify a program with write process memory. Here is the code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#include <iostream>
#include <windows.h>
#include <tlhelp32.h>
#include <stdio.h>

using namespace std;

void enableDebugPrivileges(void) {
    HANDLE hcurrent=GetCurrentProcess();
    HANDLE hToken;
    BOOL bret=OpenProcessToken(hcurrent,40,&hToken);
    LUID luid;
    bret=LookupPrivilegeValue(NULL,"SeDebugPrivilege",&luid);
    TOKEN_PRIVILEGES NewState,PreviousState;
    DWORD ReturnLength;
    NewState.PrivilegeCount =1;
    NewState.Privileges[0].Luid =luid;
    NewState.Privileges[0].Attributes=2;
    AdjustTokenPrivileges(hToken,FALSE,&NewState,28,&PreviousState,&ReturnLength);
}

int main()
{
    enableDebugPrivileges();
    DWORD oldProtection = 0;

    HANDLE snapshot = CreateToolhelp32Snapshot ( TH32CS_SNAPPROCESS, NULL );

    PROCESSENTRY32 entry;
    entry.dwSize = sizeof(PROCESSENTRY32);

    while ( Process32Next ( snapshot, &entry ) == TRUE )
    {
        if ( stricmp ( entry.szExeFile, "cf.exe" ) == 0 )
        {
            HANDLE hProcess = OpenProcess ( PROCESS_VM_OPERATION | PROCESS_VM_READ  | PROCESS_VM_WRITE, FALSE, entry.th32ProcessID );

            DWORD baseAddress = 0x001AF45C;
            DWORD address = 0;

            ReadProcessMemory ( hProcess, (LPVOID)baseAddress, &address, sizeof(address), NULL );
            cout << "Error code: " << GetLastError() << endl;

            DWORD off1 = address + 0x98;
            ReadProcessMemory ( hProcess, (LPVOID)off1, &address, sizeof(address), NULL);

            cout << "Error code: " << GetLastError() << endl;

            cout << hProcess;

            VirtualProtectEx ( hProcess, (LPVOID)address, sizeof(address), PAGE_READWRITE, &oldProtection );
            BYTE amount = 123;
            WriteProcessMemory ( hProcess, (LPVOID)address, &amount, sizeof(amount), NULL );

            VirtualProtectEx ( hProcess, (LPVOID)address, sizeof(address), oldProtection, NULL );
        }
    }
    cin.get();
    return 0;
}


The error i get is error code 299 partial copy. Can you help me how to fix it?
Last edited on Apr 2, 2012 at 4:58pm
Apr 2, 2012 at 5:12pm
The code is incorrect. You must obtain the first process entry using Process32First(), and then use Process32Next() for the rest. See example here: http://msdn.microsoft.com/en-us/library/windows/desktop/ms686701(v=vs.85).aspx
Apr 2, 2012 at 5:33pm
Thanks, i have altered the code, the first getlasterror is now gone, the second one, is still 299. Can it be some mess with the address?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#include <iostream>
#include <windows.h>
#include <tlhelp32.h>
//#include <stdio.h>

using namespace std;

void enableDebugPrivileges(void) {
    HANDLE hcurrent=GetCurrentProcess();
    HANDLE hToken;
    BOOL bret=OpenProcessToken(hcurrent,40,&hToken);
    LUID luid;
    bret=LookupPrivilegeValue(NULL,"SeDebugPrivilege",&luid);
    TOKEN_PRIVILEGES NewState,PreviousState;
    DWORD ReturnLength;
    NewState.PrivilegeCount =1;
    NewState.Privileges[0].Luid =luid;
    NewState.Privileges[0].Attributes=2;
    AdjustTokenPrivileges(hToken,FALSE,&NewState,28,&PreviousState,&ReturnLength);
}

int main()
{
    enableDebugPrivileges();
    DWORD oldProtection = 0;

    HANDLE snapshot = CreateToolhelp32Snapshot ( TH32CS_SNAPPROCESS, NULL );

    PROCESSENTRY32 entry;
    entry.dwSize = sizeof(PROCESSENTRY32);

    if(!Process32First(snapshot, &entry))
    {
        cout << endl << "Error in P32F\n";
    }

    while ( Process32Next ( snapshot, &entry ) == TRUE )
    {
        if ( stricmp ( entry.szExeFile, "cf.exe" ) == 0 )
        {
            HANDLE hProcess = OpenProcess ( PROCESS_VM_OPERATION | PROCESS_VM_READ  | PROCESS_VM_WRITE, FALSE, entry.th32ProcessID );

            DWORD baseAddress = 0x001AF45C;
            DWORD address = 0;

            ReadProcessMemory ( hProcess, (LPVOID)baseAddress, &address, sizeof(address), NULL );

            cout << "Error code: " << GetLastError() << endl;

            DWORD off1 = address + 0x98;
            ReadProcessMemory ( hProcess, (LPVOID)off1, &address, sizeof(address), NULL);
            cout << "Error code: " << GetLastError() << endl;

            cout << hProcess;

            VirtualProtectEx ( hProcess, (LPVOID)address, sizeof(address), PAGE_READWRITE, &oldProtection );
            BYTE amount = 123;
            WriteProcessMemory ( hProcess, (LPVOID)address, &amount, sizeof(amount), NULL );

            VirtualProtectEx ( hProcess, (LPVOID)address, sizeof(address), oldProtection, NULL );
        }
    }
    cin.get();
    return 0;
}
Last edited on Apr 2, 2012 at 5:35pm
Apr 2, 2012 at 5:55pm
What line number?
Apr 2, 2012 at 6:06pm
Line 48's getlasterror is gone, if that was what you were asking.
Apr 2, 2012 at 7:38pm
My guess would be that the resulting address is not readable. the code itself looks good, so unsure if this could be cf.exe's particular implementation.
Apr 2, 2012 at 7:45pm
Hmm, i guess you are right. Aren't there any custom sanctified by time to obtain that address?
Apr 2, 2012 at 7:49pm
No idea on my part. Reading other process' memory is always tricky and arcane.
Apr 2, 2012 at 7:54pm
haha, i like your phrasing. I should get into assembly then to fix this.
Topic archived. No new replies allowed.