C++

Forum

 
 
Process ID help.

KyleMiles (97)
Hello, I'm trying to get the process ID of a process... I know how to get the ID of a window, but is it not possible to get it of a process? This is for the function ReadProcessMemory() and WriteProcessMemory()... Thank you for any help that you can give!

- Kyle
fdxuwei (6)
First, you call EnumPrecesses() to get all pids of running process.
Second , for each pid use OpenProcess to get the handle to the process.
Last, call GetModuleFileNameEx() to get the name of the process by the handle, if it matchs the name of your process, return the related pid。
Clearner1 (40)
declare like this:
1
2
 
PROCESS_INFORMATION M; //M is an object
M.hProcess=GetModuleHandle(L"place here the name of process you want to read")

use it in the function like this:
1
2
3
 
if(!ReadProcessMemory(M.hProcess,lpBaseAddress,lpBuffer,nsize,*lpNumberOfBytesRead))    //define the rest of parameters by yourself
{//TODO: error code
return 0;}

try this
Last edited on
Clearner1 (40)
complete example:
1
2
3
4
5
6
7
8
9
10
11
12
 
#include <Windows.h>
PROCESS_INFORMATION pci;STARTUPINFO sinfo;LPVOID r="403465";LPCVOID f=L"0X78";//DATA TO WRITE
int WINAPI wWinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPWSTR lpCmdLine,int nShowCmd)
{
if(CreateProcess(L"C:\\simple dos calculator.exe",//this is a program name
0,0,0,0,CREATE_SUSPENDED,0,0,&sinfo,&pci)!=0){
	if (!WriteProcessMemory(pci.hProcess,r,f,3,0))
		MessageBoxA(0,"no",0,0);}
else 
	MessageBoxA(0,"not working",0,0);
TerminateProcess(pci.hProcess,0);
ResumeThread(pci.hThread);return 0;}

this is better
Last edited on
KyleMiles (97)
Thank you for your time, however, I've gotten around that: tasklist in the CMD is good enough for what I'm doing... I'll remember this though. I'm now having a different problem I need help with. It's in the access rights to read/write the data... I have read up on access tokens, and they make sense to me. However, how do you get permission to edit the tokens? I know I can launch the program as administrator and do anything I want, but I need to be able to get around this... I get system error 5 (access denied) when I OpenProcessToken() with TOKEN_ADJUST_ACCESS, but I get system error 1300 when I OpenProcessToken() with TOKEN_ALL_ACCESS... Which doesn't make sense to me! Does TOKEN_ALL_ACCESS not have COMPLETE permission to do whatever it wants to a token? Or is 1300 a more serious error message? Whatever the case, it causes system error 299 (Only part of ReadProcessMemory() or WriteProcessMemory() request was complete). So my final question is can I incrementally give myself more and more permission until I have all process?

Here is my code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
#include <windows.h>
#include <stdlib.h>
#include <iostream>
using namespace std;

//TOKEN_ALL_ACCESS
//TOKEN_ADJUST_PRIVILEGES
DWORD Reset = 0;

void enableDebugPrivileges()
{
	HANDLE cHandle = GetCurrentProcess();
	
	HANDLE tHandle;
	SetLastError(Reset);
	BOOL bret = OpenProcessToken(cHandle, TOKEN_ALL_ACCESS, &tHandle);
	cout<<"In OpenProcessToken, Error: "<<GetLastError()<<endl;
	
	LUID luid;
	SetLastError(Reset);
	bret = LookupPrivilegeValue(NULL, "SeDebugPrivilege", &luid);
	cout<<"In LookupPrivilegeValue, Error: "<<GetLastError()<<endl;
	
	TOKEN_PRIVILEGES NewState;
	TOKEN_PRIVILEGES PreviousState;
	DWORD ReturnLength;
	
	NewState.PrivilegeCount = 1;
	NewState.Privileges[0].Luid = luid;
	NewState.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
	
	SetLastError(Reset);
	AdjustTokenPrivileges(tHandle, false, &NewState, 28, &PreviousState, &ReturnLength);
	cout<<"In AdjustTokenPrivileges, Error: "<<GetLastError()<<endl;
	return;
}

int main()
{
	enableDebugPrivileges();
	DWORD pid;
	HANDLE hProcess;
	LONG address = 0x1F0579C; //Only made for Minesweeper, for now...
	int output = 0;
	
	do
	{
		cout<<"PID: ";
		cin>>pid;
		
		SetLastError(Reset);
		hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, pid);
		cout<<"In OpenProcess, Error: "<<GetLastError()<<endl;
	} while (!hProcess);
	
	SetLastError(Reset);
	ReadProcessMemory(hProcess, (LPVOID)address, (LPVOID)&output, sizeof(output), NULL);
	cout<<"In ReadProcessMemory, Error: "<<GetLastError()<<endl;
	
	cout<<output<<endl;
	
	system("PAUSE");
	return 0;
}


- Kyle
Last edited on
modoran (2077)
The only way is to run your application elevated or disable UAC.

There are tricks like using a windows service to do the job for you, but that requires administrator privileges to install it for the first time.

You then communicate with the service using some sort of IPC, like named pipes or shared memory.
KyleMiles (97)
And what would those tricks at installation be?

- Kyle
modoran (2077)
To install a windows service ? There is no trick - just do it from your application unstaller - it requires administrator privileges anyway and the user must accept it.

It is just after that you will not nned any UAC prompts to do administrative tasks like ReadProcessMemory.

Btw, it is this a malware application ? It looks that way .........
KyleMiles (97)
Oh god... I haven't looked at this in a while... No. Its intent is not to be a malware application.... I was just learning about memory and got carried away. I was going to use it on a few of my OWN programs to see if it might be a more efficient way for a localhost kind of thing.... I don't know... I was going to just fool around with it. Sorry for any worries there.

- Kyle
Topic archived. No new replies allowed.