您的位置: 首页  >  IT文章  >  关于OpenProcess有时候返回0,该怎么处理

关于OpenProcess有时候返回0,该怎么处理

分类: IT文章 2022-06-03 18:13:56
关于OpenProcess有时候返回0
我想尝试做远程线程注入、但是一上来就出问题、
OpenProcess打开某些进程返回0比如有道、酷狗、csrss之类、
打开某些进程如QQ以及我自己的测试写的小程序、就能成功、代码如下,其中bTemp三次都是为true的:
C# code
        private void btnStart_Click(object sender, EventArgs e)
        {
            if (_processId == 0 || _fileNameOfDll == null) return;
            bool bTemp;
            //一:1
            IntPtr phToken = IntPtr.Zero;
            bTemp = Function.OpenProcessToken(Process.GetCurrentProcess().Handle, DesiredAccessRights.TOKEN_ADJUST_PRIVILEGES | DesiredAccessRights.TOKEN_QUERY, ref phToken);
            //2
            TokenPrivilegeLuid token;
            token.PrivilegesLuid = 0;
            token.PrivilegesCount = 1;
            token.PrivilegesAttributes = PrivilegesAttributes.SE_PRIVILEGE_ENABLED;
            bTemp = Function.LookupPrivilegeValue(null, WinNtPrivilegeName.SE_DEBUG_NAME, ref token.PrivilegesLuid);
            //3
            bTemp = Function.AdjustTokenPrivileges(phToken, false, ref token, 0, IntPtr.Zero, IntPtr.Zero);

            //二
            IntPtr hProcess = Function.OpenProcess(ProcessAccessRights.PROCESS_VM_OPERATION, false, _processId);

            //三
            IntPtr allocBaseAddress = Function.VirualAllocEx(hProcess, IntPtr.Zero, _fileNameOfDll.Length + 1,
                AllocationType.MEM_COMMIT | AllocationType.MEM_RESERVE, ProtectionType.PAGE_EXECUTE_READWRITE);
        }


在什么情况下openprocess会失败呢、应该怎么解决呢?

------解决方案--------------------
If the function fails, the return value is NULL. To get extended error information, call GetLastError.


------解决方案--------------------
Code Description Name 
0 The operation completed successfully. ERROR_SUCCESS 

------解决方案--------------------
C/C++ code
bool AdjustPrivileges() {
    HANDLE hToken;
    TOKEN_PRIVILEGES tp;
    TOKEN_PRIVILEGES oldtp;
    DWORD dwSize=sizeof(TOKEN_PRIVILEGES);
    LUID luid;

    if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
        if (GetLastError()==ERROR_CALL_NOT_IMPLEMENTED) return true;
        else return false;
    }
    if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) {
        CloseHandle(hToken);
        return false;
    }
    ZeroMemory(&tp, sizeof(tp));
    tp.PrivilegeCount=1;
    tp.Privileges[0].Luid=luid;
    tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
    /* Adjust Token Privileges */
    if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), &oldtp, &dwSize)) {
        CloseHandle(hToken);
        return false;
    }
    // close handles
    CloseHandle(hToken);
    return true;
}

------解决方案--------------------
探讨

引用:

C/C++ code
bool AdjustPrivileges() {
HANDLE hToken;
TOKEN_PRIVILEGES tp;
TOKEN_PRIVILEGES oldtp;
DWORD dwSize=sizeof(TOKEN_PRIVILEGES);
LUID luid;

if (!OpenProcess……

相关推荐