C++

Forum

 
WPM, RPM Error Code: 299

stuted (33)
Hi, let me get straight to the point. I have posted this to numerous forums, i hope you guys can help me.
I am trying to modify a program with write process memory. Here is the code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
#include <iostream>
#include <windows.h>
#include <tlhelp32.h>
#include <stdio.h>

using namespace std;

void enableDebugPrivileges(void) {
    HANDLE hcurrent=GetCurrentProcess();
    HANDLE hToken;
    BOOL bret=OpenProcessToken(hcurrent,40,&hToken);
    LUID luid;
    bret=LookupPrivilegeValue(NULL,"SeDebugPrivilege",&luid);
    TOKEN_PRIVILEGES NewState,PreviousState;
    DWORD ReturnLength;
    NewState.PrivilegeCount =1;
    NewState.Privileges[0].Luid =luid;
    NewState.Privileges[0].Attributes=2;
    AdjustTokenPrivileges(hToken,FALSE,&NewState,28,&PreviousState,&ReturnLength);
}

int main()
{
    enableDebugPrivileges();
    DWORD oldProtection = 0;

    HANDLE snapshot = CreateToolhelp32Snapshot ( TH32CS_SNAPPROCESS, NULL );

    PROCESSENTRY32 entry;
    entry.dwSize = sizeof(PROCESSENTRY32);

    while ( Process32Next ( snapshot, &entry ) == TRUE )
    {
        if ( stricmp ( entry.szExeFile, "cf.exe" ) == 0 )
        {
            HANDLE hProcess = OpenProcess ( PROCESS_VM_OPERATION | PROCESS_VM_READ  | PROCESS_VM_WRITE, FALSE, entry.th32ProcessID );

            DWORD baseAddress = 0x001AF45C;
            DWORD address = 0;

            ReadProcessMemory ( hProcess, (LPVOID)baseAddress, &address, sizeof(address), NULL );
            cout << "Error code: " << GetLastError() << endl;

            DWORD off1 = address + 0x98;
            ReadProcessMemory ( hProcess, (LPVOID)off1, &address, sizeof(address), NULL);

            cout << "Error code: " << GetLastError() << endl;

            cout << hProcess;

            VirtualProtectEx ( hProcess, (LPVOID)address, sizeof(address), PAGE_READWRITE, &oldProtection );
            BYTE amount = 123;
            WriteProcessMemory ( hProcess, (LPVOID)address, &amount, sizeof(amount), NULL );

            VirtualProtectEx ( hProcess, (LPVOID)address, sizeof(address), oldProtection, NULL );
        }
    }
    cin.get();
    return 0;
}


The error i get is error code 299 partial copy. Can you help me how to fix it?
Last edited on
webJose (2948)
The code is incorrect. You must obtain the first process entry using Process32First(), and then use Process32Next() for the rest. See example here: http://msdn.microsoft.com/en-us/library/windows/desktop/ms686701(v=vs.85).aspx
stuted (33)
Thanks, i have altered the code, the first getlasterror is now gone, the second one, is still 299. Can it be some mess with the address?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
#include <iostream>
#include <windows.h>
#include <tlhelp32.h>
//#include <stdio.h>

using namespace std;

void enableDebugPrivileges(void) {
    HANDLE hcurrent=GetCurrentProcess();
    HANDLE hToken;
    BOOL bret=OpenProcessToken(hcurrent,40,&hToken);
    LUID luid;
    bret=LookupPrivilegeValue(NULL,"SeDebugPrivilege",&luid);
    TOKEN_PRIVILEGES NewState,PreviousState;
    DWORD ReturnLength;
    NewState.PrivilegeCount =1;
    NewState.Privileges[0].Luid =luid;
    NewState.Privileges[0].Attributes=2;
    AdjustTokenPrivileges(hToken,FALSE,&NewState,28,&PreviousState,&ReturnLength);
}

int main()
{
    enableDebugPrivileges();
    DWORD oldProtection = 0;

    HANDLE snapshot = CreateToolhelp32Snapshot ( TH32CS_SNAPPROCESS, NULL );

    PROCESSENTRY32 entry;
    entry.dwSize = sizeof(PROCESSENTRY32);

    if(!Process32First(snapshot, &entry))
    {
        cout << endl << "Error in P32F\n";
    }

    while ( Process32Next ( snapshot, &entry ) == TRUE )
    {
        if ( stricmp ( entry.szExeFile, "cf.exe" ) == 0 )
        {
            HANDLE hProcess = OpenProcess ( PROCESS_VM_OPERATION | PROCESS_VM_READ  | PROCESS_VM_WRITE, FALSE, entry.th32ProcessID );

            DWORD baseAddress = 0x001AF45C;
            DWORD address = 0;

            ReadProcessMemory ( hProcess, (LPVOID)baseAddress, &address, sizeof(address), NULL );

            cout << "Error code: " << GetLastError() << endl;

            DWORD off1 = address + 0x98;
            ReadProcessMemory ( hProcess, (LPVOID)off1, &address, sizeof(address), NULL);
            cout << "Error code: " << GetLastError() << endl;

            cout << hProcess;

            VirtualProtectEx ( hProcess, (LPVOID)address, sizeof(address), PAGE_READWRITE, &oldProtection );
            BYTE amount = 123;
            WriteProcessMemory ( hProcess, (LPVOID)address, &amount, sizeof(amount), NULL );

            VirtualProtectEx ( hProcess, (LPVOID)address, sizeof(address), oldProtection, NULL );
        }
    }
    cin.get();
    return 0;
}
Last edited on
webJose (2948)
What line number?
stuted (33)
Line 48's getlasterror is gone, if that was what you were asking.
webJose (2948)
My guess would be that the resulting address is not readable. the code itself looks good, so unsure if this could be cf.exe's particular implementation.
stuted (33)
Hmm, i guess you are right. Aren't there any custom sanctified by time to obtain that address?
webJose (2948)
No idea on my part. Reading other process' memory is always tricky and arcane.
stuted (33)
haha, i like your phrasing. I should get into assembly then to fix this.
Topic archived. No new replies allowed.