Access denied on EnumProcessModules - C++
I am trying to list all modules on a specific process, but I am getting "Access denied", even when I set token privileges. Here is the code:
#include <cstdlib>
#include <iostream>
#include <windows.h>
#include <psapi.h>
#include <Tlhelp32.h>
using namespace std;
#pragma comment(lib, "cmcfg32.lib")
BOOL SetPrivilege(HANDLE hToken, LPCTSTR lpszPrivilege, BOOL bEnablePrivilege)
{
TOKEN_PRIVILEGES tp;
LUID luid;
if (!LookupPrivilegeValue(NULL, lpszPrivilege, &luid))
{
char buf[256];
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), buf, 255, NULL);
cout << "LookupPrivilegeValue error: " << buf;
return FALSE;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if (bEnablePrivilege) { tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; }
else { tp.Privileges[0].Attributes = 0; }
if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL, (PDWORD)NULL))
{
char buf[256];
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), buf, 255, NULL);
cout << "AdjustTokenPrivileges error: " << buf;
return FALSE;
}
if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
{
printf("The token does not have the specified privilege. \n");
return FALSE;
}
return TRUE;
}
int GetPID(char pname[])
{
PROCESSENTRY32 pEntry;
HANDLE hSnapshot = NULL;
pEntry.dwSize = sizeof(PROCESSENTRY32);
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
Process32First(hSnapshot,&pEntry);
do { if(strcmp(pEntry.szExeFile, pname) == 0) { return pEntry.th32ProcessID; } } while(Process32Next(hSnapshot,&pEntry));
return 0;
}
int main()
{
HANDLE currentToken;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, ¤tToken);
if (!SetPrivilege(currentToken, SE_DEBUG_NAME, TRUE))
{
MessageBox(0, "Unable to adjust privileges", "Error", MB_ICONERROR);
}
DWORD ID = GetPID("test.exe");
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, ID);
if(!hProcess)
{
MessageBox(0, "Process not found", 开发者_StackOverflow"Error", MB_ICONERROR);
}
else
{
HMODULE hMods[2048];
DWORD cbNeeded;
if(EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
{
for (unsigned int i = 0; i < (cbNeeded/sizeof(HMODULE)); i++)
{
TCHAR szModName[MAX_PATH];
if (GetModuleFileNameEx(hProcess, hMods[i], szModName, sizeof(szModName)/sizeof(TCHAR)))
{
cout << "DLL: " << szModName << " Handle: " << hMods[i] << endl;
}
}
}
else
{
char buf[256];
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), buf, 255, NULL);
cout << "Error: " << buf;
}
system("pause");
}
CloseHandle(hProcess);
return 0;
}
Note that I can list process modules of any other process, but I can't with a specific one. Both process are running with the same user credentials.
Can you tell me if I am doing something wrong?
Use Process Explorer to see the Security of kernel objects you are interested in. May be the target process has set its owner/DACL information such that it disallows READ for other processes. AntiVirus programs, services, file-system/kernel-driver are such kind of processes denying such actions.
And more importantly: it depends on the elevation/admin/ring-level of your own process.
ADDED:
Privileges doesn't directly apply to objects, but to the system as a whole. Try opening with TOKEN_ALL_ACCESS
and see if it succeeds.
精彩评论